Searching for SSH devices

Problem

You want to find a device.

Solution

You can use a search pattern to find SSH devices and then get the policy details.

Time Estimate

About 30 mins

To search for SSH devices

  1. Reuse or create a bearer token that includes the scope ssh:manage. The bearer token grants your client access to Trust Protection Platform.

    To get a bearer token, see Getting a token. For each subsequent API call, be sure to include the token in the request header.
  2. Call POST SSH/Devices and a search pattern of device_name. The response is one or more Device objects that describe a computer or other hardware. For example:

    Copy
    JSON
    POST https://tpp.venafi.example/vedauth/authorize/oauth
    {
        "client_id": "MyClient",
        "username": "local:admin",
        "password": "MyPassword!",
        "scope": "ssh;configuration"
    }

    And

    POST https://tpp.venafi.example/vedsdk/SSH/Devices
    Authorization:Bearer 4MyGeneratedBearerTknz==
    {
       "PageSize":20,
       "Offset":0,
       "SshDeviceFilter":{
          "DeviceName":[
             "device_name"
          ]
       }
    }            
    Copy
    Powershell
    $RestAPIServer = "https://tpp.venafi.example"
    $RestAPIURI = '/vedsdk/certificates/request'
    $RestRequest = $RestAPIServer + $RestAPIURI
    Write-Output $RestRequest

    #$creds = @{"Authorization" = "Basic "+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("Administrator@venqa.venafi.com"+":"+"passw0rd"));}
    $body = @{client_id="TPP.Auto";username="admin";password="newPassw0rd!";scope="ssh;configuration"}
    $json = ConvertTo-Json $body

    $result=Invoke-RestMethod -UseDefaultCredentials -UseBasicParsing -Uri $RestRequest -Method POST -Body $json -ContentType 'application/json'
    Write-Output $result 

    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy 
    $RestAPIServer = "https://192.168.4.131"

    #Get a token. Token scope applies to all API calls in this section 
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Content-Type", "application/json")
    $RestAPIURI = '/vedauth/authorize/oauth'
    $RestRequest = $RestAPIServer + $RestAPIURI

    $payloadToken = @{
        client_id = "TPP.Auto";
        username =  "local:admin";
        password =  "newPassw0rd!";
        scope =  "ssh;configuration"
    }

    $json = ConvertTo-Json $payloadToken
    $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $json -ContentType 'application/json' 
    $result | ConvertTo-Json
    $headers.Add("Authorization", "Bearer " + $result.access_token)

    #SSH/Devices Search for a device name    
    $RestAPIURI = '/vedsdk/SSH/Devices'
    $RestRequest = $RestAPIServer + $RestAPIURI
    $payload = "{`n  `"PageSize`": 20,`n  `"Offset`": 0,`n  `"SshDeviceFilter`": {`n `"DeviceName`": [`n            `"Agentless Device`"`n        ]`n    }`n}"

    $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $payload -ContentType 'application/json' 
    $result | ConvertTo-Json
    Write-Output $result 
     
    Copy
    Python
    import requests
    requests.packages.urllib3.disable_warnings()

    # Globals
    uri = "https://tpp.venafi.example"

    headerswToken = {
        "Content-Type": "application/json",
        "Authorization": "empty"
    }
    # End of Globals
    def searchdevice():
        headers = {
          'Content-Type': 'application/json'
        }
    # End of Globals
    # Get a token. Token scope applies to all API calls in this section
        url = uri + "/vedauth/authorize/oauth"
        payloadToken = {
            "client_id": "TPP.Auto",
            "username": "local:admin",
            "password": "newPassw0rd!",
            "scope": "ssh;configuration"
        }
        r = requests.post(url, headers = headers, json = payloadToken, verify = False)
        jsonResponse = r.json()
        Token = (jsonResponse["access_token"])
        global headerswToken
        headerswToken.update({"Authorization": "Bearer " + Token})

        # Search for a device name
        url = uri + "/vedsdk/SSH/Devices"

        device_name = [{"DeviceName": 'device_name'}]
        payload = {
            "PageSize": 20,
            "Offset": 0,
                #tuple([1,2,3])
            "SshDeviceFilter": device_name
        }

        r = requests.post(url, headers = headerswToken, json = payload, verify = False)
        print(r.status_code, "was the response")
        data_dict = r.json()['Data']
  3. (Optional) To show policy and other information, iterate through the response from the previous step. Use the DN response value as the ObjectDN for POST Config/ReadEffectivePolicy. For example:

    Copy
    JSON
                                
    POST https://tpp.venafi.example/vedsdk/Config/ReadEffectivePolicy
    {
       "ObjectDN":"\\VED\\Policy\\Certificates\\device_name",
       "AttributeName":"Host",
       "Class":"Device"
       }
    }
    Copy
    Powershell

    #Config ReadEffectivePolicy
    foreach ($key in $result.Data) { 

    $Device = $key
    $DeviceLocation = $Device.DN
    }

    $RestAPIURI = '/vedsdk/Config/ReadEffectivePolicy'
    $RestRequest = $RestAPIServer + $RestAPIURI

    $payloadToken = @{
        ObjectDN = $DeviceLocation;
        AttributeName =  "Host";
        Class =  "Device"}

    $json = ConvertTo-Json $payloadToken
    $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $json -ContentType 'application/json' 
    $result | ConvertTo-Json

    # Revoke token 
    $RestAPIURI = '/vedauth/Revoke/Token'
    $RestRequest = $RestAPIServer + $RestAPIURI
    $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Get -ContentType 'application/json' 
    Copy
    Python
    #Config/ReadEffectivePolicy
        #use the response to get policy information
        for dn in data_dict:
            if dn['DN'] != "":
                print(dn['DN'], "policy was found")
                dn2 = dn['DN']
                payloadPolicy = {
                    "ObjectDN": dn2,
                    "AttributeName": "Host",
                    "Class": "Device"
                }
                url = uri + "/vedsdk/Config/ReadEffectivePolicy"
                r = requests.post(url, headers=headerswToken, json=payloadPolicy, verify=False)
                print(r.status_code, "was the response")
    searchdevice()

Clean up and go home

  1. The token grants access until it expires. When your client application finishes, you can delete the token.
    Copy
    JSON
    POST https://tpp.venafi.example/vedauth/Revoke/Token
    Authorization:Bearer 4MyGeneratedBearerTknz==
    {
       "PageSize":20,
       "Offset":0,
       "SshDeviceFilter":{
          "DeviceName":[
             "device_name"
          ]
       }
    }
    Copy
    Powershell
    #Cleanup and go home
        $RestAPIURI = '/vedauth/Revoke/Token'
        $RestRequest = $RestAPIServer + $RestAPIURI
        $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Get
    Copy
    Python
    def revoketoken():
        # Clean up. Go home
        url = uri + "/vedauth/Revoke/token"
        r = requests.get(url, headers=headerswToken,  verify=False)
        print(r.status_code)

    revoketoken()