The POST /SSH
The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption./Keys/MyKey method is used to generate a new SSH key pair In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for the current user in Keyfactor Command. The user needs to download the private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. as an encrypted file and store it locally and an administrator needs to use Keyfactor Command to associate the user's Keyfactor user account with his or her Linux logon account(s) on the target server(s) that the user wishes to access via SSH (see POST SSH Logons Access, POST SSH Server Groups Access, and POST SSH Servers Access). This method returns HTTP 200 OK on a success with the key's details.
Table 649: POST SSH Keys My Key Input Parameters
| Name | In | Description |
|---|---|---|
| KeyType | Body |
Required. A string indicating the cryptographic algorithm to use to generate the SSH key. The KeyType may be specified using either the numeric value or text value. |
| PrivateKeyFormat | Body |
Required. A string indicating the format to use for the downloadable private key. The PrivateKeyFormat may be specified using either the numeric value or text value. |
| KeyLength | Body | Required*. An integer indicating the key length for the SSH key. The key length supported depends on the key type selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA. This field is optional if the KeyType is set to ECDSA or Ed25519 and required if the KeyType is set to RSA. |
| Body | Required. A string containing the email address of the user who requested the key. This email address is used to alert the user when the key pair is approaching the end of its lifetime. | |
| Password | Body |
Required. A string that sets a password used to secure the private key of the SSH key pair for download. Tip: This password is used to secure the private key in the downloaded copy of the SSH key pair. You may later download the SSH key pair with private key (see GET SSH Keys My Key) and encrypt it with a different password, if desired.
|
| Comment | Body | An array of strings containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Note: Although this field is actually an array, entry of only a single comment string is supported. The field is defined as an array to support multiple comments on existing SSH keys found on servers during inventory and discovery. |
Table 650: POST SSH Keys My Key Response Data
| Name | Description |
|---|---|
| ID | An integer indicating the Keyfactor Command reference ID for the user's SSH key pair. |
| Fingerprint |
A string indicating the fingerprint of the public key. Each SSH public key has a single cryptographic fingerprint that can be used to uniquely identify the key. |
| PublicKey | A string indicating the public key of the key pair. |
| PrivateKey | A string indicating the private key of the key pair. |
| KeyType |
A string indicating the cryptographic algorithm used to generate the SSH key pair. Possible values are:
|
| KeyLength | An integer indicating the key length for the SSH key. The key length supported depends on the key type selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA. |
| CreationDate | A string indicating the date, in UTC, on which the SSH key pair was created. |
| StaleDate |
A string indicating the date, in UTC, on which the SSH key pair will be considered to have reached the end of its lifetime. By default, the lifetime of an SSH key pair is 365 days. The SSH lifetime is defined by the Key Lifetime (days) application setting. See in the Keyfactor Command Reference Guide for more information. |
| A string containing the email address of the user who requested the key. This email address is used to alert the user when the key pair is approaching the end of its lifetime. | |
| Comments | An array of strings containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Keys created through the Keyfactor Command My SSH Key portal or with the POST /SSH/Keys/MyKey method will contain only one string in the array. |
| LogonCount | An integer indicating the number of Linux logons associated with the SSH key pair. |
A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (
) at the top of the Management Portal page next to the Log Out button.