diff --git a/api/lagoon/client/_lgraphql/environments/sshEndpointByEnvironment.graphql b/api/lagoon/client/_lgraphql/environments/sshEndpointByEnvironment.graphql
new file mode 100644
index 0000000..39568a4
--- /dev/null
+++ b/api/lagoon/client/_lgraphql/environments/sshEndpointByEnvironment.graphql
@@ -0,0 +1,16 @@
+query (
+    $namespace: String!
+){
+    environmentByNamespace:environmentByKubernetesNamespaceName(
+        kubernetesNamespaceName: $namespace
+    ){
+        id
+        name
+        openshiftProjectName
+        openshift {
+            id
+            sshHost
+            sshPort
+        }
+    }
+}
diff --git a/api/lagoon/client/_lgraphql/usergroups/userBySSHFingerprint.graphql b/api/lagoon/client/_lgraphql/usergroups/userBySSHFingerprint.graphql
new file mode 100644
index 0000000..d67ce2b
--- /dev/null
+++ b/api/lagoon/client/_lgraphql/usergroups/userBySSHFingerprint.graphql
@@ -0,0 +1,21 @@
+query ($fingerprint: String!) {
+    userBySshFingerprint(fingerprint: $fingerprint) {
+        id
+        email
+        firstName
+        lastName
+        comment
+        sshKeys {
+            id
+            name
+            keyType
+            keyValue
+            keyFingerprint
+            created
+        }
+        groupRoles {
+            name
+            role
+        }
+    }
+}
\ No newline at end of file
diff --git a/api/lagoon/client/_lgraphql/usergroups/userBySSHKey.graphql b/api/lagoon/client/_lgraphql/usergroups/userBySSHKey.graphql
new file mode 100644
index 0000000..0b08724
--- /dev/null
+++ b/api/lagoon/client/_lgraphql/usergroups/userBySSHKey.graphql
@@ -0,0 +1,21 @@
+query ($sshKey: String!) {
+    userBySshKey(sshKey: $sshKey) {
+        id
+        email
+        firstName
+        lastName
+        comment
+        sshKeys {
+            id
+            name
+            keyType
+            keyValue
+            keyFingerprint
+            created
+        }
+        groupRoles {
+            name
+            role
+        }
+    }
+}
\ No newline at end of file
diff --git a/api/lagoon/client/_lgraphql/usergroups/userCanSSHToEnvironment.graphql b/api/lagoon/client/_lgraphql/usergroups/userCanSSHToEnvironment.graphql
new file mode 100644
index 0000000..8e9f860
--- /dev/null
+++ b/api/lagoon/client/_lgraphql/usergroups/userCanSSHToEnvironment.graphql
@@ -0,0 +1,5 @@
+query ($namespace: String!) {
+    userCanSshToEnvironment(kubernetesNamespaceName: $namespace) {
+        kubernetesNamespaceName
+    }
+}
\ No newline at end of file
diff --git a/api/lagoon/client/environments.go b/api/lagoon/client/environments.go
index 7142e0f..ff95474 100644
--- a/api/lagoon/client/environments.go
+++ b/api/lagoon/client/environments.go
@@ -166,3 +166,21 @@ func (c *Client) SetEnvironmentServices(
 		Response: result,
 	})
 }
+
+// SSHEndpointByNamespace queries the Lagoon API for an environment by its namespace
+// and unmarshals the response into environment.
+func (c *Client) SSHEndpointByNamespace(ctx context.Context, namespace string, environment *schema.Environment) error {
+	req, err := c.newRequest("_lgraphql/environments/sshEndpointByEnvironment.graphql",
+		map[string]interface{}{
+			"namespace": namespace,
+		})
+	if err != nil {
+		return err
+	}
+
+	return c.client.Run(ctx, req, &struct {
+		Response *schema.Environment `json:"environmentByNamespace"`
+	}{
+		Response: environment,
+	})
+}
diff --git a/api/lagoon/client/lgraphql/lgraphql.go b/api/lagoon/client/lgraphql/lgraphql.go
index 2973af7..c5a566c 100644
--- a/api/lagoon/client/lgraphql/lgraphql.go
+++ b/api/lagoon/client/lgraphql/lgraphql.go
@@ -43,6 +43,7 @@
 // _lgraphql/environments/environmentByName.graphql
 // _lgraphql/environments/environmentByNamespace.graphql
 // _lgraphql/environments/setEnvironmentServices.graphql
+// _lgraphql/environments/sshEndpointByEnvironment.graphql
 // _lgraphql/environments/updateEnvironment.graphql
 // _lgraphql/tasks/switchActiveStandby.graphql
 // _lgraphql/tasks/updateTask.graphql
@@ -58,6 +59,9 @@
 // _lgraphql/usergroups/removeGroupsFromProject.graphql
 // _lgraphql/usergroups/removeUserFromGroup.graphql
 // _lgraphql/usergroups/userByEmail.graphql
+// _lgraphql/usergroups/userBySSHFingerprint.graphql
+// _lgraphql/usergroups/userBySSHKey.graphql
+// _lgraphql/usergroups/userCanSSHToEnvironment.graphql
 package lgraphql
 
 import (
@@ -414,7 +418,7 @@ func _lgraphqlDeploymentsDeployenvironmentpullrequestGraphql() (*asset, error) {
 	return a, nil
 }
 
-var __lgraphqlDeploymentsDeploymentbynameGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x90\x41\xae\xc2\x20\x10\x86\xf7\x3d\x05\xaf\x79\x8b\xbe\x2b\x74\xf9\x76\x26\x46\x4d\x3c\x01\xa1\xa3\xa2\x65\xc0\x61\x6a\xd2\x34\xdc\xdd\x50\x63\x5b\x68\x67\x35\x7c\x0c\xdf\xfc\xe1\xd9\x01\xf5\xa2\x01\xd7\xda\xde\x00\xf2\x7f\x7f\x90\x06\xaa\x5f\x94\x06\xbc\x93\x0a\x6a\x71\x66\xd2\x78\xfd\xf9\x13\x43\x21\x84\x58\xcd\xd6\x80\x2f\x4d\x16\x3f\xe4\xe8\x00\xfd\x4d\x5f\xf8\x44\xf6\x0e\x8a\x47\x9b\xdd\x80\xb5\x98\x77\x7c\xd5\xb1\x74\x33\xb5\xf1\x7e\x3a\xcc\x6b\x7d\x85\xe3\xfb\x72\x18\x66\x18\x95\x21\x94\x4b\x53\x66\x5b\x19\x63\x79\x96\xdc\xf9\x04\x29\x02\xc9\xd0\xe4\x63\x94\x33\x65\x8d\x6b\x21\xa7\x04\xc6\x32\xec\x52\xd8\xe9\xbd\xc6\x47\x82\x16\x9f\x96\x45\xde\xcc\x19\x8a\xb4\x0b\x45\x78\x07\x00\x00\xff\xff\x45\xbf\xf5\x0a\xba\x01\x00\x00")
+var __lgraphqlDeploymentsDeploymentbynameGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x91\xdd\x4e\x43\x21\x0c\x80\xef\xcf\x53\xe0\xe2\xc5\x7c\x85\x73\xe9\x9d\x89\x99\x26\x7b\x02\x06\x55\xeb\xa0\x60\x29\x26\xe4\x84\x77\x37\xcc\x6c\x67\xb0\xf5\xaa\x7c\xb4\x5f\xf9\xf9\xc9\xc0\x45\x59\x88\x2e\x14\x0f\x24\xcf\x65\xa7\x3d\x6c\x1f\x49\x7b\x48\x51\x1b\x98\xd5\x5e\x18\xe9\xf3\xe1\x49\x2d\x93\x52\xea\xa6\x76\x06\xfa\x45\x0e\xf4\x4f\xde\x22\x50\xfa\xc2\x0f\x79\xe7\xf0\x0d\x46\x4e\xb6\x70\x07\xce\x6a\x9d\x71\x56\xb7\x40\x7b\x49\xdb\xfe\x65\xb1\x8e\x4d\x5b\x3a\xf5\x6f\x96\x65\x85\x4d\x59\xeb\xe6\xda\x34\xd8\x6e\x8c\x2d\x92\x68\xc9\xa9\x43\x86\x41\x0b\xd8\xb1\x8c\x47\x66\x82\x8f\x0e\x46\xca\xe0\x83\xc0\x4b\x0f\x33\xbe\x22\x1d\x3b\x14\x19\x03\xa3\x94\x0e\x1e\xb2\x3b\x0e\xad\x0d\xed\xc6\x53\x1f\x32\x3a\xbb\x17\x88\x1d\xbd\xfa\x87\xe1\x15\xee\x5e\xbd\x4e\x7d\x56\xa7\xfa\x17\x00\x00\xff\xff\x45\x40\x87\x84\x0d\x02\x00\x00")
 
 func _lgraphqlDeploymentsDeploymentbynameGraphqlBytes() ([]byte, error) {
 	return bindataRead(
@@ -434,7 +438,7 @@ func _lgraphqlDeploymentsDeploymentbynameGraphql() (*asset, error) {
 	return a, nil
 }
 
-var __lgraphqlDeploymentsDeploymentbyremoteidGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x2a\x2c\x4d\x2d\xaa\x54\x48\x49\x2d\xc8\xc9\xaf\xcc\x4d\xcd\x2b\x71\xaa\x0c\x4a\xcd\xcd\x2f\x49\xf5\x4c\xd1\x50\x29\x82\xb2\xac\x14\x82\x4b\x8a\x32\xf3\xd2\x15\x35\x15\xaa\xb9\x14\x14\x14\xb0\x2b\xcf\x4c\xb1\x52\x80\x6b\x81\xa9\x04\x81\xcc\x14\x38\x33\x2f\x31\x37\x15\xce\x29\x2e\x49\x2c\x29\x2d\x86\x73\x93\x8b\x52\x13\x4b\x52\x53\x90\xa5\x8b\x90\xf9\xc9\xf9\xb9\x05\x39\xa9\xc8\x22\x30\xcb\xe0\x02\xa5\x99\x3e\x99\x79\xd9\x70\x6e\x6a\x5e\x59\x66\x51\x7e\x1e\xc8\x9d\x48\xce\xc1\x70\x47\x2d\x17\x84\xac\x05\x04\x00\x00\xff\xff\x9f\x95\x0e\x67\x0c\x01\x00\x00")
+var __lgraphqlDeploymentsDeploymentbyremoteidGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x8f\x4d\x0a\xc2\x30\x10\x85\xf7\x3d\xc5\x08\x2e\xf4\x0a\x5d\xba\x13\xc4\x85\x3d\x41\xdb\x0c\x32\x34\x7f\x4e\x27\x42\x90\xde\x5d\x8a\x76\x18\xd0\x2c\xc2\x7c\x5f\x5e\x48\xde\xa3\x20\x57\x70\x98\x7d\xaa\x01\xa3\x9c\xea\x0d\x43\x12\x3c\xbb\xc3\x9e\xbf\x53\x0b\x9d\x30\xc5\xfb\xee\x08\xaf\x06\x00\xfe\xc7\xc9\xb5\xa0\x57\xb6\xe4\xba\xc8\xe9\x18\xfb\x80\x0a\xb3\xf4\x52\x66\xc5\x91\xb1\x17\x74\xf6\x98\x2d\x8f\x29\x64\x8f\xd6\x6c\x8f\xa9\x28\x74\xa1\x38\x29\x66\xa6\xc4\x24\x55\xc5\x50\xfc\x64\xe2\x2b\x5e\xed\x8f\x86\x42\xde\x75\x82\x59\x0d\xc6\x27\x71\x8a\x6b\x55\xd3\xe8\xa7\xca\xd2\x7c\xf6\xe5\x1d\x00\x00\xff\xff\xfe\x8f\x07\x79\x4f\x01\x00\x00")
 
 func _lgraphqlDeploymentsDeploymentbyremoteidGraphqlBytes() ([]byte, error) {
 	return bindataRead(
@@ -454,7 +458,7 @@ func _lgraphqlDeploymentsDeploymentbyremoteidGraphql() (*asset, error) {
 	return a, nil
 }
 
-var __lgraphqlDeploymentsGetdeploymentsbybulkidGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x2a\x2c\x4d\x2d\xaa\x54\xd0\x50\x49\x2a\xcd\xc9\xf6\x4c\xb1\x52\x08\x2e\x29\xca\xcc\x4b\x57\xd4\x54\xa8\xe6\x52\x50\x50\x50\x48\x49\x2d\xc8\xc9\xaf\xcc\x4d\xcd\x2b\x29\x76\xaa\x74\x02\xab\xd1\x80\x29\x85\xea\xd1\x04\x2b\x84\x28\x07\x81\xcc\x14\x38\x33\x2f\x31\x37\x15\xce\x29\x4a\xcd\xcd\x2f\x49\xf5\x44\xc8\x16\x97\x24\x96\x94\x16\xc3\xb9\x49\xa5\x99\x39\x29\x3e\xf9\xe9\x70\x81\xd4\xbc\xb2\xcc\xa2\xfc\x3c\x90\xe5\x08\xd3\xd1\x6c\xc0\xb0\x05\x04\x0a\x8a\xf2\xb3\x52\x93\xd1\x34\x61\xd1\x88\x55\x73\x2d\x17\x2a\xab\x96\xab\x16\x10\x00\x00\xff\xff\x26\x1b\x9b\xfe\x24\x01\x00\x00")
+var __lgraphqlDeploymentsGetdeploymentsbybulkidGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\x8f\x4d\x0e\x82\x30\x10\x85\xf7\x9c\xa2\x26\x2e\xe0\x0a\x2e\xd9\x91\x18\x37\x9c\x00\xe8\xc4\x8c\xf4\xcf\x61\x6a\xd2\x18\xee\x6e\x00\x2d\x05\xe9\x6a\xbe\xd7\xf7\x32\xf3\x9e\x1e\x28\x88\xfc\xdc\x7a\xd5\x57\xf2\x22\x6a\x26\x34\xf7\x53\x21\xde\x99\x10\x42\x48\x70\xca\x06\x0d\x86\x87\x32\x94\xb3\x27\xff\x59\xbf\x99\x62\x36\x2e\xf6\xe9\xa1\x8c\xa3\x69\x34\x44\x18\xb8\x61\x3f\x44\xec\x08\x1a\x06\x99\x7e\x53\xca\x9d\xd5\x4e\x41\xaa\x10\x68\xcb\x50\xad\x82\xc7\x2b\x9a\x3e\xa2\x23\xb4\x84\x1c\xa2\xb0\xdc\xb7\xc1\x5b\x7a\x51\xeb\x51\xc9\x9a\xc1\x45\x05\xcc\x0b\xc9\x9a\xa9\xef\x5a\x68\x57\xea\xaf\xd8\xb2\xdb\x3e\xa0\xdb\x85\x0e\x82\x87\xe1\x31\xdb\x4e\x63\x36\x7e\x02\x00\x00\xff\xff\xfd\xd7\x46\x98\x97\x01\x00\x00")
 
 func _lgraphqlDeploymentsGetdeploymentsbybulkidGraphqlBytes() ([]byte, error) {
 	return bindataRead(
@@ -474,7 +478,7 @@ func _lgraphqlDeploymentsGetdeploymentsbybulkidGraphql() (*asset, error) {
 	return a, nil
 }
 
-var __lgraphqlDeploymentsGetdeploymentsforenvironmentGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\x8c\x41\x0a\x83\x30\x10\x45\xf7\x9e\x62\x04\x17\x16\x7a\x02\x97\xdd\xb9\xe9\xa6\x27\x08\xfa\x29\x16\x33\xb1\x93\xb1\x10\xc4\xbb\x17\x6d\x2d\x4e\xfd\x8b\x40\xde\x4b\xde\x73\x84\x24\x2a\x8b\x41\xc2\x03\x8d\x56\x54\xb3\xe6\x67\x2a\xc0\xaf\x4e\x02\x7b\xb0\x56\x74\x53\xe9\xf8\x9e\x9f\xa6\x8c\x88\x68\xa7\x2e\xe9\xea\x3c\xca\x15\x6f\xfb\x95\xb6\xa6\xb1\xec\x3c\x2a\x93\x5f\xf5\x37\xbd\xac\xc5\xd0\x87\xb4\x98\x38\x1d\xbe\x1a\xd0\xb5\xe6\x2a\xf0\x41\x51\x5b\x18\xd5\xe9\x18\x0d\x6a\x04\x4e\x71\x78\x26\xff\xac\x09\x7e\xe8\xb1\xa7\x73\xf6\x39\xe7\x77\x00\x00\x00\xff\xff\x88\xb9\x03\x28\x36\x01\x00\x00")
+var __lgraphqlDeploymentsGetdeploymentsforenvironmentGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\xcf\x4f\x6a\x85\x30\x10\x06\xf0\xbd\xa7\x18\xc1\x85\x85\x9e\xc0\x65\x77\x42\x71\xe3\x09\xa2\x19\xca\xd4\xfc\xeb\x38\x29\x04\xf1\xee\x45\xfb\x94\x97\xbc\x59\x64\xf1\xfb\x32\x1f\xc9\x4f\x44\x4e\xd0\x36\x81\xfd\x37\xce\xd2\x41\xef\xa4\x7e\x87\x06\xdd\x2f\xb1\x77\x16\x9d\x74\x30\x0a\x93\xfb\xaa\xdf\xb6\x0a\x00\xe0\x29\xfa\x48\x83\xb2\xd8\x9e\x7c\xcd\xdd\x74\x75\x66\xa9\x53\x16\xbb\xac\xfe\x8c\x1f\xd5\xc7\x68\x0c\xc6\xa7\x23\x59\xb7\x6c\x95\xf4\x4b\x53\x06\xab\x28\x89\x6b\x46\x33\xa3\x12\xd4\xe5\x35\x2e\x6d\xf6\x36\x18\x2c\x95\xd1\x7a\xc1\x3e\xc7\x48\x9f\xe4\x96\xe2\xc7\xe4\x99\x24\x65\x38\x45\xb3\x14\xab\x07\x0d\xe5\xab\xa7\x48\x46\x8f\x82\xe1\xd6\xbd\xfa\x3f\xf7\xbf\x00\x00\x00\xff\xff\x94\xe5\x53\xa7\x9c\x01\x00\x00")
 
 func _lgraphqlDeploymentsGetdeploymentsforenvironmentGraphqlBytes() ([]byte, error) {
 	return bindataRead(
@@ -994,6 +998,26 @@ func _lgraphqlEnvironmentsSetenvironmentservicesGraphql() (*asset, error) {
 	return a, nil
 }
 
+var __lgraphqlEnvironmentsSshendpointbyenvironmentGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x2a\x2c\x4d\x2d\xaa\x54\xd0\xe0\x52\x50\x50\x50\x50\xc9\x4b\xcc\x4d\x2d\x2e\x48\x4c\x4e\xb5\x52\x08\x2e\x29\xca\xcc\x4b\x57\xe4\xd2\xac\x06\x4b\xa5\xe6\x95\x65\x16\xe5\xe7\xe5\xa6\xe6\x95\x38\x55\xfa\xc1\x95\xa1\x08\x7b\x97\x26\xa5\x16\xe5\xa5\x96\xa4\x16\xc3\x15\x80\x18\x10\xb3\x41\x20\x1b\xbb\x02\x2b\x24\x8b\xc1\x6a\xa1\x76\x82\x40\x66\x0a\x9c\x09\x52\x03\xe7\xe4\x17\xa4\xe6\x15\x67\x64\xa6\x95\x04\x14\xe5\x67\xa5\x26\x97\xf8\x61\x95\x54\x40\x18\x84\x66\x18\x08\x14\x17\x67\x78\xe4\x17\x97\xa0\x8b\x05\xe4\x17\x21\xc4\x6a\xb9\x20\x64\x2d\x17\x20\x00\x00\xff\xff\x7c\x08\x82\x7b\x29\x01\x00\x00")
+
+func _lgraphqlEnvironmentsSshendpointbyenvironmentGraphqlBytes() ([]byte, error) {
+	return bindataRead(
+		__lgraphqlEnvironmentsSshendpointbyenvironmentGraphql,
+		"_lgraphql/environments/sshEndpointByEnvironment.graphql",
+	)
+}
+
+func _lgraphqlEnvironmentsSshendpointbyenvironmentGraphql() (*asset, error) {
+	bytes, err := _lgraphqlEnvironmentsSshendpointbyenvironmentGraphqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "_lgraphql/environments/sshEndpointByEnvironment.graphql", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
 var __lgraphqlEnvironmentsUpdateenvironmentGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x8f\x41\x6e\x86\x20\x10\x85\xf7\x9e\x62\x4c\xba\xa8\x57\x60\xdf\x85\x9b\xc6\x45\x7b\x00\x02\xd3\x48\xa3\x03\x81\xc1\xc4\x18\xef\xfe\x07\xf9\x03\x22\x2b\xbe\xc7\x1b\xde\xbc\x35\xb2\x64\x63\x09\x3e\x3b\x00\x80\x0f\xa3\x05\x8c\xc4\x7d\x26\x27\x59\xcd\x02\x7e\x9d\x96\x8c\x5f\xb4\x19\x6f\x69\x45\xe2\x29\xe9\x23\xb9\xc8\xfd\x70\x5c\xd6\xf8\xb4\xe4\xff\xd2\x31\xc9\x27\xe0\x28\xc2\x25\x6a\x91\xc2\x1a\xed\x9d\x96\x53\xcb\xcb\x79\xdd\x86\x3a\x7e\x9b\x22\xb9\x62\x01\x6f\x23\x3f\x28\x14\xd4\xe8\x16\xbb\xff\xec\xae\x3a\xb0\x2e\xdb\xe8\xd6\x21\x85\xd9\xfc\xf1\xe4\xed\x3f\x2a\xfe\xbe\x87\xe4\x9e\x75\x03\xe5\xb1\x61\x8d\x0b\xde\x39\xa0\xdf\x8c\xc2\xf0\x6c\xdf\x60\x53\x23\xf7\x3d\xbb\xf3\x15\x00\x00\xff\xff\x5a\xa6\xf7\x47\x9b\x01\x00\x00")
 
 func _lgraphqlEnvironmentsUpdateenvironmentGraphqlBytes() ([]byte, error) {
@@ -1294,6 +1318,66 @@ func _lgraphqlUsergroupsUserbyemailGraphql() (*asset, error) {
 	return a, nil
 }
 
+var __lgraphqlUsergroupsUserbysshfingerprintGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\x8f\xbf\xce\xc2\x30\x0c\xc4\xf7\x3e\x85\x3f\xe9\x1b\xca\x2b\x30\x32\xb0\x20\x31\x50\xc4\x1e\x95\x6b\x1b\x91\x3f\xc5\x49\x86\x08\xf5\xdd\x51\x07\xd2\x34\xb9\xc9\xfe\x25\x77\xb6\xdf\x01\x1c\xa9\xfd\x1f\xa4\x19\xc1\x33\x4b\xe3\x8f\xd4\x79\x96\x66\xfc\x3b\xd0\xa7\x21\x22\x0a\x0e\x7c\x8a\x9d\x9b\xce\xdb\xa7\x76\x67\xc8\xed\x3f\xd7\x2a\xf9\x4c\x25\xb4\x90\x2a\x75\x83\x64\xe7\xaf\x42\x23\x11\x25\x0a\xd0\x5b\xad\x61\x7c\xea\x9d\x9b\x2e\x88\x2e\x4b\x2f\x26\xac\x32\x79\xc2\xaa\x17\xe2\x3d\xce\x15\x7b\x08\x15\x2a\x98\x9d\xb7\x7b\xea\x19\xc2\x63\x1b\xb4\xa4\x6a\x64\x1b\xe6\x9b\x55\x28\xd7\xaa\xf6\x60\xab\x50\x04\x2c\xcd\xf2\x0d\x00\x00\xff\xff\x5e\x93\x94\x37\x7e\x01\x00\x00")
+
+func _lgraphqlUsergroupsUserbysshfingerprintGraphqlBytes() ([]byte, error) {
+	return bindataRead(
+		__lgraphqlUsergroupsUserbysshfingerprintGraphql,
+		"_lgraphql/usergroups/userBySSHFingerprint.graphql",
+	)
+}
+
+func _lgraphqlUsergroupsUserbysshfingerprintGraphql() (*asset, error) {
+	bytes, err := _lgraphqlUsergroupsUserbysshfingerprintGraphqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "_lgraphql/usergroups/userBySSHFingerprint.graphql", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __lgraphqlUsergroupsUserbysshkeyGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\x4e\xbb\x0e\xc2\x30\x10\xdb\xfb\x15\x87\xc4\x50\x7e\x81\x91\x81\x05\x89\x81\x22\xf6\x08\x4c\x39\x91\x47\xb9\x24\x43\x84\xfa\xef\xa8\x85\x86\x2a\xf5\x74\xf6\x59\xb6\x5f\x11\x92\xa8\x5e\x7b\xff\x38\x20\x6d\xa9\x09\xc2\xb6\x5d\x6d\xe8\x5d\x11\x11\x45\x0f\xd9\xa5\x66\x7c\xd6\x93\xe7\x67\x9e\x3c\x03\xf8\x96\x4f\x18\xc5\x3a\xb3\x3b\x8b\x0f\x47\x65\x90\x15\xad\x0a\xe1\xea\x8c\x81\x0d\x99\x7f\xd3\xfd\x2c\xbd\x68\x18\x60\xe7\x09\x03\x9e\x48\xe7\xd4\x2d\xb4\x8b\xd2\x71\x21\xee\xd9\xb6\x90\x4e\x78\xd6\x3a\x2e\x11\xa8\x80\x7f\x51\x9f\xaf\x56\x5c\xec\x4e\x4e\xa3\x9c\xb5\xd8\x21\x4e\xa3\x08\xe8\xab\xfe\x13\x00\x00\xff\xff\xd2\x6c\xcd\xa1\x67\x01\x00\x00")
+
+func _lgraphqlUsergroupsUserbysshkeyGraphqlBytes() ([]byte, error) {
+	return bindataRead(
+		__lgraphqlUsergroupsUserbysshkeyGraphql,
+		"_lgraphql/usergroups/userBySSHKey.graphql",
+	)
+}
+
+func _lgraphqlUsergroupsUserbysshkeyGraphql() (*asset, error) {
+	bytes, err := _lgraphqlUsergroupsUserbysshkeyGraphqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "_lgraphql/usergroups/userBySSHKey.graphql", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __lgraphqlUsergroupsUsercansshtoenvironmentGraphql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x2a\x2c\x4d\x2d\xaa\x54\xd0\x50\xc9\x4b\xcc\x4d\x2d\x2e\x48\x4c\x4e\xb5\x52\x08\x2e\x29\xca\xcc\x4b\x57\xd4\x54\xa8\xe6\x52\x50\x50\x50\x28\x2d\x4e\x2d\x72\x4e\xcc\x0b\x2e\xce\x08\xc9\x77\xcd\x2b\xcb\x2c\xca\xcf\xcb\x4d\xcd\x2b\xd1\xc8\x2e\x4d\x4a\x2d\xca\x4b\x2d\x49\x2d\xf6\x83\xe9\x05\x31\xac\x14\x10\x66\xc1\x8c\x00\x01\x1c\xca\xc1\xf2\xb5\x5c\xb5\x80\x00\x00\x00\xff\xff\xb9\x87\xd6\x3a\x88\x00\x00\x00")
+
+func _lgraphqlUsergroupsUsercansshtoenvironmentGraphqlBytes() ([]byte, error) {
+	return bindataRead(
+		__lgraphqlUsergroupsUsercansshtoenvironmentGraphql,
+		"_lgraphql/usergroups/userCanSSHToEnvironment.graphql",
+	)
+}
+
+func _lgraphqlUsergroupsUsercansshtoenvironmentGraphql() (*asset, error) {
+	bytes, err := _lgraphqlUsergroupsUsercansshtoenvironmentGraphqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "_lgraphql/usergroups/userCanSSHToEnvironment.graphql", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
 // Asset loads and returns the asset for the given name.
 // It returns an error if the asset could not be found or
 // could not be loaded.
@@ -1389,6 +1473,7 @@ var _bindata = map[string]func() (*asset, error){
 	"_lgraphql/environments/environmentByName.graphql":                     _lgraphqlEnvironmentsEnvironmentbynameGraphql,
 	"_lgraphql/environments/environmentByNamespace.graphql":                _lgraphqlEnvironmentsEnvironmentbynamespaceGraphql,
 	"_lgraphql/environments/setEnvironmentServices.graphql":                _lgraphqlEnvironmentsSetenvironmentservicesGraphql,
+	"_lgraphql/environments/sshEndpointByEnvironment.graphql":              _lgraphqlEnvironmentsSshendpointbyenvironmentGraphql,
 	"_lgraphql/environments/updateEnvironment.graphql":                     _lgraphqlEnvironmentsUpdateenvironmentGraphql,
 	"_lgraphql/tasks/switchActiveStandby.graphql":                          _lgraphqlTasksSwitchactivestandbyGraphql,
 	"_lgraphql/tasks/updateTask.graphql":                                   _lgraphqlTasksUpdatetaskGraphql,
@@ -1404,6 +1489,9 @@ var _bindata = map[string]func() (*asset, error){
 	"_lgraphql/usergroups/removeGroupsFromProject.graphql":                 _lgraphqlUsergroupsRemovegroupsfromprojectGraphql,
 	"_lgraphql/usergroups/removeUserFromGroup.graphql":                     _lgraphqlUsergroupsRemoveuserfromgroupGraphql,
 	"_lgraphql/usergroups/userByEmail.graphql":                             _lgraphqlUsergroupsUserbyemailGraphql,
+	"_lgraphql/usergroups/userBySSHFingerprint.graphql":                    _lgraphqlUsergroupsUserbysshfingerprintGraphql,
+	"_lgraphql/usergroups/userBySSHKey.graphql":                            _lgraphqlUsergroupsUserbysshkeyGraphql,
+	"_lgraphql/usergroups/userCanSSHToEnvironment.graphql":                 _lgraphqlUsergroupsUsercansshtoenvironmentGraphql,
 }
 
 // AssetDir returns the file names below a certain
@@ -1486,6 +1574,7 @@ var _bintree = &bintree{nil, map[string]*bintree{
 			"environmentByName.graphql":             &bintree{_lgraphqlEnvironmentsEnvironmentbynameGraphql, map[string]*bintree{}},
 			"environmentByNamespace.graphql":        &bintree{_lgraphqlEnvironmentsEnvironmentbynamespaceGraphql, map[string]*bintree{}},
 			"setEnvironmentServices.graphql":        &bintree{_lgraphqlEnvironmentsSetenvironmentservicesGraphql, map[string]*bintree{}},
+			"sshEndpointByEnvironment.graphql":      &bintree{_lgraphqlEnvironmentsSshendpointbyenvironmentGraphql, map[string]*bintree{}},
 			"updateEnvironment.graphql":             &bintree{_lgraphqlEnvironmentsUpdateenvironmentGraphql, map[string]*bintree{}},
 		}},
 		"lagoonSchema.graphql":  &bintree{_lgraphqlLagoonschemaGraphql, map[string]*bintree{}},
@@ -1519,6 +1608,9 @@ var _bintree = &bintree{nil, map[string]*bintree{
 			"removeGroupsFromProject.graphql": &bintree{_lgraphqlUsergroupsRemovegroupsfromprojectGraphql, map[string]*bintree{}},
 			"removeUserFromGroup.graphql":     &bintree{_lgraphqlUsergroupsRemoveuserfromgroupGraphql, map[string]*bintree{}},
 			"userByEmail.graphql":             &bintree{_lgraphqlUsergroupsUserbyemailGraphql, map[string]*bintree{}},
+			"userBySSHFingerprint.graphql":    &bintree{_lgraphqlUsergroupsUserbysshfingerprintGraphql, map[string]*bintree{}},
+			"userBySSHKey.graphql":            &bintree{_lgraphqlUsergroupsUserbysshkeyGraphql, map[string]*bintree{}},
+			"userCanSSHToEnvironment.graphql": &bintree{_lgraphqlUsergroupsUsercansshtoenvironmentGraphql, map[string]*bintree{}},
 		}},
 	}},
 }}
diff --git a/api/lagoon/client/usergroups.go b/api/lagoon/client/usergroups.go
index 91d3b58..56d762f 100644
--- a/api/lagoon/client/usergroups.go
+++ b/api/lagoon/client/usergroups.go
@@ -176,3 +176,45 @@ func (c *Client) GetUserByEmail(
 		Response: user,
 	})
 }
+
+// UserCanSSHToEnvironment queries the Lagoon API as a user to check if the user has access to the environment, and
+// unmarshals the response.
+func (c *Client) UserCanSSHToEnvironment(
+	ctx context.Context, namespace string, environment *schema.Environment) error {
+
+	req, err := c.newRequest("_lgraphql/usergroups/userCanSSHToEnvironment.graphql",
+		map[string]string{"namespace": namespace})
+	if err != nil {
+		return err
+	}
+
+	return c.client.Run(ctx, req, &environment)
+}
+
+// UserBySSHKey queries the Lagoon API to find user by ssh key, and
+// unmarshals the response.
+func (c *Client) UserBySSHKey(
+	ctx context.Context, sshKey string, user *schema.User) error {
+
+	req, err := c.newRequest("_lgraphql/usergroups/userBySSHKey.graphql",
+		map[string]string{"sshKey": sshKey})
+	if err != nil {
+		return err
+	}
+
+	return c.client.Run(ctx, req, &user)
+}
+
+// UserBySSHFingerprint queries the Lagoon API to find user by ssh key fingerprint, and
+// unmarshals the response.
+func (c *Client) UserBySSHFingerprint(
+	ctx context.Context, fingerprint string, user *schema.User) error {
+
+	req, err := c.newRequest("_lgraphql/usergroups/userBySSHFingerprint.graphql",
+		map[string]string{"fingerprint": fingerprint})
+	if err != nil {
+		return err
+	}
+
+	return c.client.Run(ctx, req, &user)
+}
diff --git a/api/lagoon/environments.go b/api/lagoon/environments.go
index dc26bc0..804ff4b 100644
--- a/api/lagoon/environments.go
+++ b/api/lagoon/environments.go
@@ -18,6 +18,7 @@ type Environments interface {
 	SetEnvironmentServices(ctx context.Context, id uint, services []string, result *[]schema.EnvironmentService) error
 	EnvironmentByName(ctx context.Context, name string, project uint, result *schema.Environment) error
 	EnvironmentByNamespace(ctx context.Context, namespace string, result *schema.Environment) error
+	SSHEndpointByNamespace(ctx context.Context, namespace string, result *schema.Environment) error
 }
 
 // GetBackupsForEnvironmentByName gets backup info in lagoon for specific environment.
@@ -67,3 +68,9 @@ func GetEnvironmentByNamespace(ctx context.Context, namespace string, e Environm
 	environment := schema.Environment{}
 	return &environment, e.EnvironmentByNamespace(ctx, namespace, &environment)
 }
+
+// SSHEndpointByNamespace gets info of projects in lagoon that have matching metadata.
+func SSHEndpointByNamespace(ctx context.Context, namespace string, e Environments) (*schema.Environment, error) {
+	environment := schema.Environment{}
+	return &environment, e.SSHEndpointByNamespace(ctx, namespace, &environment)
+}
diff --git a/api/lagoon/usergroups.go b/api/lagoon/usergroups.go
index 381dfaa..dfa4811 100644
--- a/api/lagoon/usergroups.go
+++ b/api/lagoon/usergroups.go
@@ -21,6 +21,9 @@ type UserGroups interface {
 	Me(ctx context.Context, user *schema.User) error
 	AllUsers(ctx context.Context, filter schema.AllUsersFilter, users *[]schema.User) error
 	GetUserByEmail(ctx context.Context, email string, user *schema.User) error
+	UserCanSSHToEnvironment(context.Context, string, *schema.Environment) error
+	UserBySSHKey(ctx context.Context, sshKey string, user *schema.User) error
+	UserBySSHFingerprint(ctx context.Context, fingerprint string, user *schema.User) error
 }
 
 // Me gets info on the current user of lagoon.
@@ -80,3 +83,18 @@ func GetUserByEmail(ctx context.Context, email string, ug UserGroups) (*schema.U
 	user := schema.User{}
 	return &user, ug.GetUserByEmail(ctx, email, &user)
 }
+
+func UserCanSSHToEnvironment(ctx context.Context, namespace string, ug UserGroups) (*schema.Environment, error) {
+	environment := schema.Environment{}
+	return &environment, ug.UserCanSSHToEnvironment(ctx, namespace, &environment)
+}
+
+func UserBySSHKey(ctx context.Context, sshKey string, ug UserGroups) (*schema.User, error) {
+	user := schema.User{}
+	return &user, ug.UserBySSHKey(ctx, sshKey, &user)
+}
+
+func UserBySSHFingerprint(ctx context.Context, fingerprint string, ug UserGroups) (*schema.User, error) {
+	user := schema.User{}
+	return &user, ug.UserBySSHFingerprint(ctx, fingerprint, &user)
+}