POST SSH/AddSelfServiceAuthorizedKey
Creates and adds an OpenSSH authorized key to a keyset. Assigns a public key for authorizing login access by anyone capable of using the corresponding private key. The caller must have Create permission to the policy folder where the key will be added.
Requirements
- Token scope: SSH:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
AllowedSourceRestriction |
An array of allowed IP addresses or host names that can use the authorized key. |
ContactEmail |
(Optional) The email contact to use if the key owner is outside the organization. |
DeniedSourceRestriction |
An array of blocked IP addresses or host names that can use the authorized key. |
FolderId |
The GUID of the policy folder. Enclose the GUID in curly braces. For example, {724a3db3-8855-4ea9-986f-519f0c571148}.To get the GUID, call POST Config/DnToGuid. |
ForcedCommand |
(Optional) The forced command for connections with the key. If omitted, the value is taken from device policy. |
KeysetId |
(Optional) The identifier of a public and corresponding private key that applies to FolderId. The keys must conform to all policy settings. For example if the keys are too old or too small, an error occurs. If no KeysetId is specified, new keyset will be created. To get the KeysetId, use GET SSH/KeysetDetails. |
Location |
The host or computer name. |
Notes |
Any additional information. |
Options |
An array of authorized key options. |
Owner |
The identity that will own the key. |
Returns
Name |
Description |
---|---|
KeyId |
The description of the key format.
|
KeySetId |
The identifier for a set of public and private keys. The value is hexadecimal. If there is no private key password, the format is EncryptedPrivateKey-[unique number]. For example, EncryptedPrivateKey-3. |
Notes |
Additional information. |
Response |
Returns Success and True, when the private key exported successfully. Otherwise, returns the SSH SshWebResponse object. |
Example: Provision a private key to a device
Request
POST https://tpp.venafi.example/vedsdk/AddSelfServiceAuthorizedKey Authorization:Bearer 4MyGeneratedBearerTknz== { "AllowedSourceRestriction":[ "192.168.1.*", "192.168.2.*" ], "DeniedSourceRestriction":[ "192.168.1.1", "192.168.2.1" ], "ContactEmail":"name@example.com", "FolderId":"{26f6e7d5-2653-4662-bfbc-55fcc21477b8}", "ForcedCommand":"echo 'SSH connected'", "KeysetId":"94ED6AA79F736C4DAE53AB473418B9905896CFC9", "Location":"Bld4a", "Notes":"Allows user to download new keyset", "Options":[ "no-pty", "no-port-forwarding" ], "Owner":"local:admin" }
Response
HTTP/1.1 200 OK { "KeyId":25968, "KeysetId":"94ED6AA79F736C4DAE53AB473418B9905896CFC9", "Notes":"Allows user to download new keyset", "Response":{ "Success":true } }