SSH

SSH endpoints let you create and manage SSH access credentials for a sandbox. Generate credentials, validate them, regenerate them, or revoke access entirely.

One key per sandbox

Each sandbox supports a single set of SSH credentials at a time. Creating access when credentials already exist returns 409 Conflict. Use the regenerate endpoint to rotate credentials without revoking first.

Create SSH access

Generate SSH credentials for a sandbox. Returns an id to use as the SSH username, a password, and the SSH command to connect.

Python

from leap0 import Leap0Client

client = Leap0Client()
sandbox = client.sandboxes.create()
access = sandbox.ssh.create_access()

print("SSH username:", access.id)
print(access.ssh_command)
print("Password:", access.password)

JavaScript & TypeScript

const apiUrl = "https://api.leap0.dev"
const apiKey = "<your-api-key>"
const sandboxId = "<sandbox_id>"

const res = await fetch(`${apiUrl}/v1/sandbox/${sandboxId}/ssh/access`, {
method: "POST",
headers: { authorization: apiKey },
})

const data = await res.json()
console.log("SSH username:", data.id)
console.log(data.ssh_command)
console.log("Password:", data.password)

Response

{
  "id": "ssh-bb961077616ff86f",
  "sandbox_id": "sbx-abc123",
  "password": "a1b2c3d4e5f6...",
  "expires_at": "2025-03-06T17:00:00Z",
  "created_at": "2025-03-06T16:00:00Z",
  "updated_at": "2025-03-06T16:00:00Z",
  "ssh_command": "ssh -o StrictHostKeyChecking=accept-new ssh-bb961077616ff86f@sbx-abc123.${env.LEAP0_SANDBOX_DOMAIN}"
}

Validate SSH access

Check whether an SSH access credential is still valid and not expired.

Python

from leap0 import Leap0Client

client = Leap0Client()
sandbox = client.sandboxes.create()
validation = sandbox.ssh.validate_access(
  access_id="<ssh-id>",
  password="<ssh-password>",
)

print("Valid:", validation.valid)
print("Sandbox:", validation.sandbox_id)

JavaScript & TypeScript

const res = await fetch(
`${apiUrl}/v1/sandbox/${sandboxId}/ssh/validate`,
{
  method: "POST",
  headers: {
    authorization: apiKey,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ id: "<ssh-id>", password: "<ssh-password>" }),
}
)

const { valid, sandbox_id: sid } = await res.json()
console.log("Valid:", valid, "Sandbox:", sid)

Regenerate SSH access

Invalidate the current credential and generate a new one. The expiry is also reset.

Python

from leap0 import Leap0Client

client = Leap0Client()
sandbox = client.sandboxes.create()
access = sandbox.ssh.regenerate_access()

print("New password:", access.password)

JavaScript & TypeScript

const res = await fetch(`${apiUrl}/v1/sandbox/${sandboxId}/ssh/regen`, {
method: "POST",
headers: { authorization: apiKey },
})

const { password } = await res.json()
console.log("New password:", password)

Delete SSH access

Revoke SSH access for a sandbox. The credential is invalidated immediately.

Python

from leap0 import Leap0Client

client = Leap0Client()
sandbox = client.sandboxes.create()
sandbox.ssh.delete_access()

JavaScript & TypeScript

await fetch(`${apiUrl}/v1/sandbox/${sandboxId}/ssh/access`, {
method: "DELETE",
headers: { authorization: apiKey },
})