POST SSH/EditKeyOptions
Changes Source Restrictions, and Forced commands in an authorized keys file.
Requirements
- Token scope: SSH:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
KeyId |
Numeric identifier of the authorized key. If the KeyId does not map to an authorized key, the error is "Failed to find key." To get this information, call GET SSH/KeysetDetails. |
AllowedSourceRestriction (Optional) |
List of allowed IP addresses for the key. If omitted, existing value is not changed. |
DeniedSourceRestriction (Optional) |
List of denied ID addresses for the key. If omitted, existing value is not changed. |
ForcedCommand (Optional) |
The SSH command for connections that use the authorized key. If omitted, existing value is not changed. |
Options (Optional) |
List of authorized key options. If omitted, existing value is not changed: no-x11-forwarding, no-agent-forwarding, no-pty, no-port-forwarding, permitopen, environment, cert-authority, principals, tunnel, allow-from, deny-from, from, command. For additional help, see OpenSSH Client configuration. |
Returns
Name |
Description |
---|---|
Response |
Returns Success and True, when the configuration updated successfully. Otherwise, returns the SSH SshWebResponse object . |
Example: Apply Source Restriction to a Key
Request
POST https://tpp.venafi.example/vedsdk/SSH/EditKeyOptions Authorization:Bearer 4MyGeneratedBearerTknz== { "KeyId":106, "AllowedSourceRestriction":[ "192.168.1.*", "192.168.2.*" ], "DeniedSourceRestriction":[ "192.168.1.1", "192.168.2.1" ], "ForcedCommand":"echo 'SSH connected'", "Options":[ "no-pty", "no-port-forwarding" ] }
Response
HTTP/1.1 200 OK { "Success":true }