> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tensorlake.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Enable SSH
> Enable the sandbox's internal SSH daemon for sandbox-proxy backend connections.
Enable the sandbox's internal SSH server for authenticated sandbox-proxy connections.
This endpoint is normally called by Tensorlake's SSH proxy. Most users should use [SSH and PTY Sessions](/sandboxes/pty-sessions) or `tl sbx ssh` instead of calling this endpoint directly.
The public sandbox proxy authenticates your API key and injects the internal forwarded-auth headers required by the daemon.
## Endpoint
```http theme={null}
POST /api/v1/ssh/enable
```
Use this endpoint on the sandbox proxy host:
```text theme={null}
https://.sandbox.tensorlake.ai/api/v1/ssh/enable
```
## Example Request
```bash theme={null}
curl -X POST https://.sandbox.tensorlake.ai/api/v1/ssh/enable \
-H "Authorization: Bearer $TENSORLAKE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"proxy_pubkey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA...",
"backend_user": "tl-user"
}'
```
## Request Body
```json theme={null}
{
"proxy_pubkey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA...",
"backend_user": "tl-user"
}
```
* `proxy_pubkey` is required. It is the sandbox proxy's backend public key.
* `backend_user` is optional and defaults to `tl-user`.
## Response
Tensorlake returns `200 OK` with SSH daemon status:
```json theme={null}
{
"enabled": true,
"pid": 123,
"host_key_fingerprint": "SHA256:..."
}
```
## OpenAPI
````yaml post /api/v1/ssh/enable
openapi: 3.1.0
info:
title: Tensorlake API
description: >-
Tensorlake Cloud APIs for Sandboxes, Document Ingestion, and Serverless
Workflows
license:
name: ''
version: 0.1.0
servers:
- url: https://api.tensorlake.ai/
security:
- bearerAuth: []
tags:
- name: Tensorlake Cloud API
description: >-
Tensorlake Cloud APIs for Sandboxes, Document Ingestion, and Serverless
Workflows
paths:
/api/v1/ssh/enable:
servers:
- url: https://{identifier}.sandbox.tensorlake.ai
description: >-
Example sandbox proxy host for a specific running sandbox. For
programmatic access, use the sandbox's `ingress_endpoint`.
variables:
identifier:
default: example-sandbox
description: The sandbox ID or sandbox name.
post:
tags:
- sandbox-ssh
summary: Enable SSH
description: >-
Enable the sandbox's internal SSH daemon for sandbox-proxy backend
connections.
operationId: sandbox_ssh_enable
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SandboxSshEnableRequest'
responses:
'200':
description: SSH daemon status
content:
application/json:
schema:
$ref: '#/components/schemas/SandboxSshStatus'
'401':
description: Authenticated sandbox-proxy forwarding is required
content:
application/json:
schema:
$ref: '#/components/schemas/SandboxProxyError'
'500':
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/SandboxProxyError'
components:
schemas:
SandboxSshEnableRequest:
type: object
required:
- proxy_pubkey
properties:
proxy_pubkey:
type: string
description: >-
OpenSSH-format public key line for the sandbox proxy backend
identity.
backend_user:
type: string
description: >-
Local POSIX user that the proxy authenticates as. Defaults to
tl-user.
SandboxSshStatus:
type: object
required:
- enabled
properties:
enabled:
type: boolean
pid:
type:
- integer
- 'null'
format: int32
host_key_fingerprint:
type:
- string
- 'null'
SandboxProxyError:
type: object
required:
- error
properties:
error:
type: string
code:
type: string
securitySchemes:
bearerAuth:
type: http
scheme: bearer
````