Parent class—Ssh Device Base

Manages Secure Shell (SSH) attributes as an internal parent class.

Class Name: Ssh Device Base
Inheritance: None

SSH Driver Base attributes
Attribute	Description
Algorithm UI: Algorithm Required: No	Policy Definable: Yes. Default: NA The algorithm for the key: DSA or ssh-dss ECDSA: All ECDSA keysets with keylength P256, P348, and P521. ED25519: For Open SSH and PuTTy. RSA or ssh-rsa RSA1 or ssh-rsa1 Unknown
Allow Duplicate Private Keys UI: Allow Duplicate Private Required: No	Policy Definable: Yes. Default: NA A setting to manage duplicate private keys during key rotation: 0: Mark duplicate private key as non-compliant and generate a violation that requires user intervention. 1: Allow duplicate private keys.
Allow From UI: Allow From Required: No	Policy Definable: Yes. Default: NA A list of host or IP addresses that can access the device. For use with Authorized keys.
Allow Multiple Authorized Keys	For internal use.
Allow Root Access UI: Allow Root Access Required: No	Policy Definable: Yes. Default: 0 Allow the SSH Discovery process root access to the device: 0: Block root access. 1: Allow root access.
Allow Shared Server Accounts UI: NA Required: No	Policy Definable: No. Default: 0 The way to manage server accounts: 0: Block shared server accounts. 1: Allow shared server accounts.
Allow Ssh1 UI: Allow Ssh1 Required: No	Policy Definable: Yes. Default: 0 The version of Secure Shell: 0: Allow any version of SecureShell. 1: Allow SecureShell Version 1.
Allow Unencrypted Private Keys UI: NA Required: No	Policy Definable: No. Default: NA The setting to manage encryption for private keys: 0: Require encrypted private keys. 1: Allow unencrypted private keys.
Allowed Algorithm UI: Allowed Algorithm Required: No	Policy Definable: Yes. Default: NA The algorithm for the key: DSA or ssh-dss ECDSA: All ECDSA keysets with keylength P256, P348, and P521. ED25519: For Open SSH and PuTTy. RSA or ssh-rsa RSA1 or ssh-rsa1 Unknown
Allowed Command UI: Command Required: No	Policy Definable: Yes. Default: NA A list of device login options: no-port-forwarding= Forbid TCP forwarding when the key is used for authentication. no-X11-forwarding = Forbid X11 forwarding when the key is used for authentication. no-pty = Forbid pseudo terminal (pty) access.
Allowed Vendor Types UI: Vendor Types Required: No	Policy Definable: Yes. Default: OpenSSH One or more of the following SSH vendors: OpenSSH: Allow secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities. PuTTY: Allow encrypted connection to a remote computer. Tectia: Allow encrypted connection to a remote computer and use a secure file transfer program to move files to a remote server.
Automatic Rotation Cleanup Wait UI: NA Required: No	Policy Definable: No. Default: NA Not currently in use.
Automatic Rotation Enabled UI: Automatic Rotation Enabled Required: No	Policy Definable: Yes. Default: 0 The setting to manage old keys. 0 = When the key expires, allow the administrator to manually rotate the key. 1 = When the key expires, automatically rotate the key.
Automatic Rotation Interval UI: Automatic Rotation Interval Required: No	Policy Definable: Yes. Default: NA The number of days between device key rotation.
Automatic Rotation Lead Time UI: Automatic Rotation Lead Time Required: No	Policy Definable: Yes. Default: NA The number of days, prior to expiration, to receive notification of the expiring key.
Deny From UI: Deny From Required: No	Policy Definable: Yes. Default: NA A list of host name and IP addresses that cannot access this device. For use with Authorized keys.
Environment UI: Environment Required: No	Policy Definable: Yes. Default: NA The description of the host environment.
Host Trusts UI: NA Required: No	Policy Definable: No. Default: NA The number of host keys on all devices from the keyset.
Key Bit Strength UI: Key Bit Strength Required: No	Policy Definable: No. Default: NA The total number of bytes of the key pair.
Known Hosts UI: Known Hosts Required: No	Policy Definable: No. Default: NA The number of keys in known_hosts files on the device.
Management Type UI: Management Type Required: No	Policy Definable: Yes. Default: 0 The manner to manage keys: 0= Detect or scan customer's devices for SSH keys and download them to Trust Protection Platform. 1 = Remediate. Discover and download keys from customer's devices. If the key changed or it is deleted on the remote devices, Trust Protection Platform restores the original key. Allow the administrator to add, edit, or delete SSH keys directly in the UI. Allow key manual rotation.
Maximum Key Age UI: Maximum Key Age Required: No	Policy Definable: Yes. Default: 0 The maximum number of days a key remains valid.
Minimum KeyBit Strength UI: Minimum KeyBit Strength Required: No	Policy Definable: No. Default: 0 The minimum number of bytes for the key pair.
Required Options UI: Required Options Required: Yes	Policy Definable: No. Default: NA A list of login options for use with Authorized keys.
Root Server Access UI: Root Server Access Required: No	Policy Definable: No. Default: NA The number of user root keys on all devices from the keyset.
Server Access UI: NA Required: No	Policy Definable: No. Default: NA The number of user keys on all devices from the keyset.
Ssh Device Status UI: NA Required: No	Policy Definable: No. Default: NA The current status of the device. For more information, see SSH Discovery and stage codes
Ssh Device Type UI: NA Required: No	Policy Definable: No. Default: NA The entity: Client: A stand alone computer. Server: A system that services one or more clients or other servers. ClientServer: A client computer with connectivity to a server.
Trusted Root Users UI: NA Required: No	Policy Definable: No. Default: NA The number of root user keys on the device.
Trusted Users UI: NA Required: No	Policy Definable: No. Default: NA The number of user authorized keys on the device.
Update Cache UI: NA Required: No	Policy Definable: No. Default: NA The setting to refresh the Trust cache. 0: Do not refresh. 1: Refresh the Trust cache.