POST SSH/AddSelfServiceAuthorizedKey

Creates and adds an OpenSSH authorized key to a keyset. Assigns a public key for authorizing login access by anyone capable of using the corresponding private key. The caller must have Create permission to the policy folder where the key will be added.

Requirements

  • Token scope:  SSH:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

AllowedSourceRestriction

An array of allowed IP addresses or host names that can use the authorized key.

ContactEmail

(Optional) The email contact to use if the key owner is outside the organization.

DeniedSourceRestriction

An array of blocked IP addresses or host names that can use the authorized key.

FolderId

The GUID of the policy folder. Enclose the GUID in curly braces. For example, {724a3db3-8855-4ea9-986f-519f0c571148}.To get the GUID, call POST Config/DnToGuid.

ForcedCommand

(Optional) The forced command for connections with the key. If omitted, the value is taken from device policy.

KeysetId

(Optional) The identifier of a public and corresponding private key that applies to FolderId. The keys must conform to all policy settings. For example if the keys are too old or too small, an error occurs. If no KeysetId is specified, new keyset will be created. To get the KeysetId, use GET SSH/KeysetDetails.

Location

The host or computer name.

Notes

Any additional information.

Options

An array of authorized key options.

Owner

The identity that will own the key.

Returns

Response description

Name

Description

KeyId

The description of the key format.

KeySetId

The identifier for a set of public and private keys. The value is hexadecimal. If there is no private key password, the format is EncryptedPrivateKey-[unique number]. For example, EncryptedPrivateKey-3.

Notes

Additional information.

Response

Returns Success and True, when the private key exported successfully. Otherwise, returns the SSH SshWebResponse object.

Example: Provision a private key to a device

Request

POST https://tpp.venafi.example/vedsdk/AddSelfServiceAuthorizedKey
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "AllowedSourceRestriction":[
      "192.168.1.*",
      "192.168.2.*"
   ],
   "DeniedSourceRestriction":[
      "192.168.1.1",
      "192.168.2.1"
   ],
   "ContactEmail":"name@example.com",
   "FolderId":"{26f6e7d5-2653-4662-bfbc-55fcc21477b8}",
   "ForcedCommand":"echo 'SSH connected'",
   "KeysetId":"94ED6AA79F736C4DAE53AB473418B9905896CFC9",
   "Location":"Bld4a",
   "Notes":"Allows user to download new keyset",
   "Options":[
      "no-pty",
      "no-port-forwarding"
   ],
   "Owner":"local:admin"
}

Response

HTTP/1.1 200 OK
{
   "KeyId":25968,
   "KeysetId":"94ED6AA79F736C4DAE53AB473418B9905896CFC9",
   "Notes":"Allows user to download new keyset",
   "Response":{
      "Success":true
   }
}