GET SSH Service Accounts Key ID

The GET /SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption./ServiceAccounts/Key/{id} method is used to retrieve the key information for an SSH service account from Keyfactor Command. This method returns HTTP 200 OK on a success with details for the requested SSH service account key, including optional private keyClosed Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure..

Tip:  The following permissions (see Security Overview) are required to use this feature:

SSH: ServerAdmin OR
SSH: EnterpriseAdmin

SSH actions are affected by ownership on the server group with which the key is associated and limited for users with only the ServerAdmin role. For more information, see SSH Permissions in the Keyfactor Command Reference Guide.

Table 544: GET SSH Service Accounts Key {id} Input Parameters

Name In Description
id Path Required. The Keyfactor Command reference ID for the SSH service account key for which to retrieve key information.

Use the GET /SSH/ServiceAccounts method (see GET SSH Service Accounts) to retrieve a list of all the SSH service accounts to determine the service account's key ID.

Tip:  Be sure to use the ID of the service account's key and not the ID of the service account itself or the service account user. For example, notice the following record returned from a GET /SSH/ServiceAccounts:
{
  "Id": 2,
  "ClientHostname": "appsrvr80.keyexample.com",
  "ServerGroup": {
    "Id": "603d3d4c-89dd-4ab8-92e1-8e83db3d5546",
    "GroupName": "Server Group Two",
    "UnderManagement": false
  },
  "User": {
    "Id": 7,
    "Key": {
      "Id": 36,
      "Fingerprint": "kwuo2k3Ej7wFVMLhI3g+rxt2qXwGp7qcvzdBjVTDHNg=",
      "PublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCAln+t [truncated for display]",
      "KeyType": "RSA",
      "KeyLength": 2048,
      "CreationDate": "2020-11-17T17:53:55.68",
      "Email": "pkiadmins@keyexample.com",
      "Comments": [
        "Access App Two"
      ],
      "LogonCount": 3
    },
    "Username": "svc_access2@appsrvr80.keyexample.com"
  }
}

It contains three IDs:

  • ID 2: The service account's ID.

  • ID 7: The service account user's ID.

  • ID 36: The ID of the service account user's key. Use this one to request the key.
IncludePrivateKey Query A Boolean that sets whether to include the private key of the SSH key pairClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. in the response (True) or not (False). The default is False. If set to True, the X-Keyfactor-Key-Passphrase header must be supplied.

Table 545: GET SSH Service Accounts Key {id} Response Data

Name Description
ID The Keyfactor Command reference ID for the SSH service account. This ID is automatically set by Keyfactor Command.

Fingerprint

A string indicating the fingerprint of the public keyClosed In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key.. Each SSH public key has a single cryptographic fingerprint that can be used to uniquely identify the key.
PublicKey A string indicating the public key of the key pair for the SSH service account.
PrivateKey A string indicating the private key of the key pair for the SSH service account.
KeyType

A string indicating the cryptographic algorithm used to generate the SSH key. Possible values are:

  • RSA

  • ECDSA

  • Ed25519
KeyLength An integer indicating the key lengthClosed The key size or key length is the number of bits in a key used by a cryptographic algorithm. for the SSH key. The key length supported depends on the key typeClosed The key type identifies the type of key to create when creating a symmetric or asymmetric key. It references the signing algorithm and often key size (e.g. AES-256, RSA-2048, Ed25519). selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA.
CreationDate The date, in UTC, on which the SSH key pair was created.
StaleDate The date, in UTC, after which the SSH key pair is considered to be out of date based on the key lifetime defined by the Key Lifetime (days) application setting. See Application Settings: SSH Tab in the Keyfactor Command Reference Guide for more information.
Email A string containing the email address of the administrator or group of administrators responsible for managing the key. This email address is used to alert the administrator or group of administrators when the key pair is approaching the end of its lifetime.
Comments An array containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Keys created through the Keyfactor Command Management Portal or with the POST /SSH/ServiceAccounts method will contain only one string in the array.
LogonCount An integer indicating the number of Linux logons associated with the SSH key pair.
Tip:  For code examples, see the Keyfactor API Endpoint Utility. To find the embedded web copy of this utility, click the help icon () at the top of the Keyfactor Command Management Portal page next to the Log Out button.