POST SSH/AddKnownHostKey

Creates a public key for a host. The SSH/AddKnownHostKey API returns immediately after the key record inserts in the Trust Protection Platform database. It does not wait until the key is actually provisioned on specified device (which can take time depending on configured Agent schedule). To track the progress of key operations, call POST SSH/KeyDetails.

The key algorithm and length are taken from the SSH policy of the device folder. If the Algorithm is empty, the default is RSA. If the Key Size is empty, the Length is 2048.

Requirements

  • Token scope:  SSH:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

DeviceGuid

The GUID that identifies a device. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}. To get the GUID, use POST SSH/KeysetDetails or the UI. For example:

Location of device GUID in UI

Username

Name on user specified device that will own the key.

Filepath

Path of the file with the key.

KeysetId

The identifier of a set of public and private key pairs. Depending on your environment, the value may be expressed with or without curly braces {}. You can get the KeysetId, from POST SSH/KeyUsage or the SSH Keyset Inventory. For example:

Location of KeysetID in the UI

Format (Optional)

The format of the SSH key. Can be omitted if the format is specified on device policy. Valid formats: OpenSSH, PuTTY, SSH2, or Tectia.

Returns

Response description

Name

Description

KeyId

The identifier for a set of public and private keys. The value is hexadecimal. If there is no private key password, the format is EncryptedPrivateKey-[unique number]. For example, EncryptedPrivateKey-3.

Response

SshWebResponse object with result of the operation. For more information, see SSH SshWebResponse object.

Example: Add Host Key

Request

POST https://tpp.venafi.example/vedsdk/SSH/AddKnownHostKey
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "DeviceGuid":"{21a8574c-f448-4a8c-aa13-cbd6a07df49b}",
   "Username":"user",
   "Filepath":"/home/user/.ssh/known_hosts",
   "Format":"OpenSSH",
   "KeysetId":"7FAF6953C85736E1D254E60AB4F8665239D94215"
}

Response

HTTP/1.1 200 OK
{
   "KeyId":"145",
   "Response":{
      "Success":true
   }
}