POST SSH Users Access

Documentation Suite v10.1

The POST /SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption./Users/Access method is used to create a mapping of one or more Linux logons to a Keyfactor Command user or service account. This method returns HTTP 200 OK on a success with the details of the user to logon mapping, if any.

Tip: The following permissions (see Security Overview) are required to use this feature:

SSH: ServerAdmin OR

SSH: EnterpriseAdmin

SSH actions are affected by ownership on the server group with which user to logon mappings are associated and limited for users with only the ServerAdmin role. For more information, see SSH Permissions in the Keyfactor Command Reference Guide.

Tip: Before creating a logon to user mapping, be sure that you have switched the server to which you will add your mapping (or its server group) to inventory and publish policy mode so that the key for the user will be published to the server. If the server is in inventory only mode and you add a mapping for it in Keyfactor Command, the mapping will appear in Keyfactor Command only and the key for the user will not be published out to the server.

Table 567: POST SSH Users Access Input Parameters

Name	In	Description
ID	Body	Required. An integer indicating the Keyfactor Command reference ID of the SSH user. Use the GET /SSH/Users method (see GET SSH Users) to retrieve a list of all the SSH users to determine the user's ID.
LogonIds	Body	An array of Keyfactor Command reference IDs for the Linux logons to map to the user to cause the user's SSH public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. to be published out to the Linux servers on which those logons reside. These are provided in the following format: [12,27,39] Use the GET /SSH/Logons method (see GET SSH Logons) to retrieve a list of all the SSH logons to determine the logon's ID(s). Important: Logon IDs you provide here replace any existing logon IDs associated with the user. To avoid accidentally removing access for users, check existing logons for the user (see GET SSH Users) before updating and provide both existing and new logon IDs.

Name

Description

Body

Required. An integer indicating the Keyfactor Command reference ID of the SSH user.

Use the GET /SSH/Users method (see GET SSH Users) to retrieve a list of all the SSH users to determine the user's ID.

LogonIds

Body

An array of Keyfactor Command reference IDs for the Linux logons to map to the user to cause the user's SSH public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. to be published out to the Linux servers on which those logons reside.

These are provided in the following format:

[12,27,39]

Use the GET /SSH/Logons method (see GET SSH Logons) to retrieve a list of all the SSH logons to determine the logon's ID(s).

Important: Logon IDs you provide here replace any existing logon IDs associated with the user. To avoid accidentally removing access for users, check existing logons for the user (see GET SSH Users) before updating and provide both existing and new logon IDs.

Table 568: POST SSH Users Access Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID of the SSH user.

Key

An array containing information about the key for the user. Show key details.

Name	Description
Id	An integer indicating the Keyfactor Command reference ID of the SSH user's key.
Fingerprint	A string indicating the fingerprint of the public key. Each SSH public key has a single cryptographic fingerprint that can be used to uniquely identify the key.
PublicKey	A string indicating the public key of the key pair In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for the SSH user.
KeyType	A string indicating the cryptographic algorithm used to generate the SSH key. Possible values are: RSA ECDSA Ed25519
KeyLength	An integer indicating the key length The key size or key length is the number of bits in a key used by a cryptographic algorithm. for the SSH key. The key length supported depends on the key type The key type identifies the type of key to create when creating a symmetric or asymmetric key. It references the signing algorithm and often key size (e.g. AES-256, RSA-2048, Ed25519). selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA.
CreationDate	The date, in UTC, on which the SSH key pair was created.
StaleDate	The date, in UTC, after which the SSH key pair is considered to be out of date based on the key lifetime defined by the Key Lifetime (days) application setting. See Application Settings: SSH Tab in the Keyfactor Command Reference Guide for more information.
Email	A string containing the email address of the user, for user accounts, or administrator or group of administrators responsible for managing the key, for service accounts. This email address is used to alert the user or administrator when the key pair is approaching the end of its lifetime.
Comments	An array containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Keys created through the Keyfactor Command Management Portal or with the POST /SSH/Keys/MyKey or POST /SSH/ServiceAccounts method will contain only one string in the array.
LogonCount	An integer indicating the number of Linux logons associated with the SSH key pair.

Username

A string indicating the full username of the user or service account. For a user account, the username appears in DOMAIN\\username format (e.g. KEYEXAMPLE\\jsmith). For a service account, the username is made up of the user name and ClientHostname entered when the service account is created (e.g. myapp@appsrvr75).

Access

An array containing information about the Linux logons mapped to the user.

Show Linux logon mapping details.

IsGroup

A Boolean indicating whether the user is an Active Directory group (true) or not (false).

POST SSH Users Access

Products

Solutions

Resources

Company