POST SSH/EditKeyOptions

Changes Source Restrictions, and Forced commands in an authorized keys file.

Requirements

  • Token scope:  SSH:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

KeyId

Numeric identifier of the authorized key. If the KeyId does not map to an authorized key, the error is "Failed to find key." To get this information, call GET SSH/KeysetDetails.

AllowedSourceRestriction (Optional)

List of allowed IP addresses for the key. If omitted, existing value is not changed.

DeniedSourceRestriction (Optional)

List of denied ID addresses for the key. If omitted, existing value is not changed.

ForcedCommand (Optional)

The SSH command for connections that use the authorized key. If omitted, existing value is not changed.

Options (Optional)

List of authorized key options. If omitted, existing value is not changed: no-x11-forwarding, no-agent-forwarding, no-pty, no-port-forwarding, permitopen, environment, cert-authority, principals, tunnel, allow-from, deny-from, from, command. For additional help, see OpenSSH Client configuration.

Returns

Response description

Name

Description

Response

Returns Success and True, when the configuration updated successfully. Otherwise, returns the SSH SshWebResponse object .

Example: Apply Source Restriction to a Key

Request

POST https://tpp.venafi.example/vedsdk/SSH/EditKeyOptions
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "KeyId":106,
   "AllowedSourceRestriction":[
      "192.168.1.*",
      "192.168.2.*"
   ],
   "DeniedSourceRestriction":[
      "192.168.1.1",
      "192.168.2.1"
   ],
   "ForcedCommand":"echo 'SSH connected'",
   "Options":[
      "no-pty",
      "no-port-forwarding"
   ]
}

Response

HTTP/1.1 200 OK
{
   "Success":true
}