GET SSH Users ID

The GET /SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption./Users/{id} method is used to retrieve an SSH user defined in Keyfactor Command.The method can return either a user or a service account See SSH in the Keyfactor Command Reference Guide for more information on the difference between users and service accounts. This method returns HTTP 200 OK on a success with details for the requested SSH user and its public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key.. To return an SSH private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure., use the GET /SSH/Keys/MyKey method (see GET SSH Keys My Key) for a user account or the GET /SSH/ServiceAccounts/Key/{id} method (see GET SSH Service Accounts Key ID) for a service account.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/ssh/server_admin/

/ssh/enterprise_admin/

SSH actions are affected by ownership on the server group with which user to logon mappings are associated and limited for users with only the Server Admin (/ssh/server_admin/) role. For more information, see SSH Permissions.

This method has two available versions. Keyfactor recommends using the newer method when possible. For more information about versioning, see Versioning.

Version 2

Version 1

Version 2 of the GET /SSH/Users/{id} method redesigns how logon information for the user is returned, providing a greater level of detail in the returned data.

Table 811: GET SSH Users {id} v2 Input Parameters

Name	In	Description
id	Path	Required. An integer indicating the Keyfactor Command reference ID for the SSH user (user or service account) to be retrieved. Use the GET /SSH/Users method (see GET SSH Users) to retrieve a list of all the SSH users to determine the user's ID.

Table 812: GET SSH Users {id} v2 Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID of the SSH user.

Key

An object containing information about the key for the user. Show key details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID of the SSH user's key.
Fingerprint	A string indicating the fingerprint of the public key. Each SSH public key has a single cryptographic fingerprint that can be used to uniquely identify the key.
PublicKey	A string indicating the public key of the key pair for the SSH user.
KeyType	A string indicating the cryptographic algorithm used to generate the SSH key. Possible values are: RSA ECDSA Ed25519
KeyLength	An integer indicating the key length for the SSH key. The key length supported depends on the key type selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA.
CreationDate	A string containing the date, in UTC, on which the SSH key pair was created.
StaleDate	A string containing the date, in UTC, after which the SSH key pair is considered to be out of date based on the key lifetime defined by the Key Lifetime (days) application setting. See Application Settings: SSH Tab in the Keyfactor Command Reference Guide for more information.
Email	A string containing the email address of the user, for user accounts, or administrator or group of administrators responsible for managing the key, for service accounts. This email address is used to alert the user or administrator when the key pair is approaching the end of its lifetime.
Comments	An array of strings containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Keys created through the Keyfactor Command Management Portal or with the POST /SSH/Keys/MyKey or POST /SSH/ServiceAccounts method will contain only one string in the array.
LogonCount	An integer indicating the number of Linux logons associated with the SSH key pair.

Username

A string indicating the full username of the user or service account. For a user account, the username appears in DOMAIN\\username format (e.g. KEYEXAMPLE\\jsmith). For a service account, the username is made up of the user name and ClientHostname entered when the service account is created (e.g. myapp@appsrvr75).

Access

An object containing information about the Linux logons mapped to the user. Show Linux logon mapping details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID of the Linux logon.
KeyCount	An integer indicating the number of SSH keys associated with the Linux logon.
Access	An object containing information about the users mapped to the Linux logon.

IsGroup

A Boolean indicating whether the user is an Active Directory group (true) or not (false).

Version 1 of the GET /SSH/Users/{id} method includes the same capabilities as version 2, but offers more limited information on returned logons for the user.

Table 813: GET SSH Users {id} v1 Input Parameters

Name	In	Description
id	Path	Required. An integer indicating the Keyfactor Command reference ID for the SSH user (user or service account) to be retrieved. Use the GET /SSH/Users method (see GET SSH Users) to retrieve a list of all the SSH users to determine the user's ID.

Table 814: GET SSH Users {id} v1 Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID of the SSH user.

Key

An object containing information about the key for the user. Show key details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID of the SSH user's key.
Fingerprint	A string indicating the fingerprint of the public key. Each SSH public key has a single cryptographic fingerprint that can be used to uniquely identify the key.
PublicKey	A string indicating the public key of the key pair for the SSH user.
KeyType	A string indicating the cryptographic algorithm used to generate the SSH key. Possible values are: RSA ECDSA Ed25519
KeyLength	An integer indicating the key length for the SSH key. The key length supported depends on the key type selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA.
CreationDate	A string containing the date, in UTC, on which the SSH key pair was created.
StaleDate	A string containing the date, in UTC, after which the SSH key pair is considered to be out of date based on the key lifetime defined by the Key Lifetime (days) application setting. See Application Settings: SSH Tab in the Keyfactor Command Reference Guide for more information.
Email	A string containing the email address of the user, for user accounts, or administrator or group of administrators responsible for managing the key, for service accounts. This email address is used to alert the user or administrator when the key pair is approaching the end of its lifetime.
Comments	An array of strings containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Keys created through the Keyfactor Command Management Portal or with the POST /SSH/Keys/MyKey or POST /SSH/ServiceAccounts method will contain only one string in the array.
LogonCount	An integer indicating the number of Linux logons associated with the SSH key pair.

Username

LogonIds

An array of integers indicating the Keyfactor Command reference IDs for the Linux logons mapped to the user to cause the user's SSH public key to be published out to the Linux servers on which those logons reside.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.1.1

On this page: