POST SSH Service Accounts Rotate ID

The POST /SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption./ServiceAccounts/Rotate/{id} method is used to generate a new key pair In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. in Keyfactor Command for an existing SSH service account. This method returns HTTP 200 OK on a success with details for the new key pair of the SSH service account, including the private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure..

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/ssh/server_admin/

/ssh/enterprise_admin/

SSH actions are affected by ownership on the server group with which the key is associated and limited for users with only the Server Admin (/ssh/server_admin/) role. For more information, see SSH Permissions.

Table 721: GET SSH Service Accounts Rotate {id} Input Parameters

Name In Description

Path

Required. The Keyfactor Command reference ID for the SSH service account key for which to retrieve key information.

Use the GET /SSH/ServiceAccounts method (see GET SSH Service Accounts) to retrieve a list of all the SSH service accounts to determine the service account's key ID.

Tip: Be sure to use the ID of the service account itself and not the ID of the service account user or service account's key within the service account. For example, notice the following record returned from a GET /SSH/ServiceAccounts:

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
   "Id": 2,
   "ClientHostname": "appsrvr80.keyexample.com",
   "ServerGroup": {
      "Id": "603d3d4c-89dd-4ab8-92e1-8e83db3d5546",
      "GroupName": "Server Group Two",
      "UnderManagement": false
   },
   "User": {
      "Id": 7,
      "Key": {
         "Id": 36,
         "Fingerprint": "kwuo2k3Ej7wFVMLhI3g+rxt2qXwGp7qcvzdBjVTDHNg=",
         "PublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCAln+t [truncated for display]",
         "KeyType": "RSA",
         "KeyLength": 2048,
         "CreationDate": "2023-11-17T17:53:55.68",
         "Email": "pkiadmins@keyexample.com",
         "Comments": [
            "Access App Two"
         ],
         "LogonCount": 3
      },
      "Username": "svc_access2@appsrvr80.keyexample.com"
   }
}

It contains three IDs:

ID 2 (line 2): The service account's ID. Use this one to rotate the key.
ID 7 (line 10): The service account user's ID.
ID 36 (line 12): The ID of the service account user's key.

KeyType

Body

Required. A string indicating the cryptographic algorithm used to generate the SSH key. Show key type details.

Value	Description
1	ECDSA
2	Ed25519
3	RSA

PrivateKeyFormat

Body

Required. A string indicating the format to use for the downloadable private key. Show private key format details.

KeyLength Body Required^*. An integer indicating the key length for the SSH key. The key length supported depends on the key type selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA. This field is optional if the KeyType is set to ECDSA or Ed25519 and required if the KeyType is set to RSA.

Email Body Required. A string containing the email address of the administrator or group of administrators responsible for managing the key. This email address is used to alert the administrator or group of administrators when the key pair is approaching the end of its lifetime.

Password Body Required. A string that sets a password used to secure the private key of the SSH key pair for download.

Comment Body An string containing the user-defined descriptive comment, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks.

Table 722: GET SSH Service Accounts Rotate {id} Response Data

Name	Description
ID	An integer indicating the Keyfactor Command reference ID for the SSH service account key. This ID is automatically set by Keyfactor Command.
Fingerprint	A string indicating the fingerprint of the public key. Each SSH public key has a single cryptographic fingerprint that can be used to uniquely identify the key.
PublicKey	A string indicating the public key of the key pair for the SSH service account.
PrivateKey	A string indicating the private key of the key pair for the SSH service account.
KeyType	A string indicating the cryptographic algorithm used to generate the SSH key. Possible values are: RSA ECDSA Ed25519
KeyLength	An integer indicating the key length for the SSH key. The key length supported depends on the key type selected. Keyfactor Command supports 256 bits for Ed25519 and ECDSA and 2048 or 4096 bits for RSA.
Comments	An array of strings containing one or more strings with the user-defined descriptive comments, if any, on the key. Although entry of an email address in the comment field of an SSH key is traditional, this is not a required format. The comment may can contain any characters supported for string fields, including spaces and most punctuation marks. Keys created through the Keyfactor Command Management Portal or with the POST /SSH/ServiceAccounts method will contain only one string in the array.
LogonCount	An integer indicating the number of Linux logons associated with the SSH key pair.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Version v11.7

On this page: