POST SSH/KeysetDetails
Returns private and public key pairs that identify details about a device. Finds information, such as keyset and key rotation status, about a particular device. POST SSH/KeysetDetails includes paging support.
Requirements
- Permissions: The caller must have Read permission and View permission either on a device with a keyset or on the policy containing the keyset (when keyset is present in the Policy tree).
- Token scope: SSH
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
KeysetFilter |
(Optional) An array of one or more Keyset filters. For more information, see SSH KeysetFilter object. |
LoadKeyData |
(Optional)The amount of keyset data to return: true: Show general, public, and private key information about a device. false: Default. Show general key information about the device. Omit private key and public key information. General information includes Access, Algorithm, KeysetId, LastRotationDate, Length, ProcessStatus, Type, and ViolationStatus values. For example, if you just want the last key rotation date, for each keyset on one or more devices, specify false. |
Offset |
(Optional) The offset for query results. The number of records to skip. |
PageSize |
The maximum number of records to return. |
Returns
POST SSH/KeysetDetails returns:
- HTTP 500: Internal Server error and Error: Internal error occurred for invalid requests that contain syntax errors or hidden characters.
- HTTP 400: Bad Request for invalid requests.
- HTTP 200: If the caller has insufficient privileges, an empty JSON body.
- HTTP 200: message and the following information:
Name |
Description |
---|---|
Data |
An array of one or more SSH Keyset Data objects. |
Example 1: Find public and private keysets for a device
Request for Example 1
POST https://tpp.venafi.example/vedsdk/SSH/keysetdetails Authorization:Bearer 4MyGeneratedBearerTknz== { "KeysetFilter":{ "Algorithm":[ "DSA" ], "MaxKeyLength":1024, "ProcessingStatus":[ 0 ] }, "PageSize":1, "Offset":0, "LoadKeyData":true }
Response for Example 1
HTTP/1.1 200 OK { "Data":[ { "Access":"192.168.6.243", "Algorithm":"DSA", "FingerprintMD5":"98:59:2a:7f:e3:f1:bc:ca:aa:5d:65:30:b3:6b:7f:99", "FingerprintSHA256":"NsMtm5l8PyDezuQ2dhFMeArDbQFxT/0HdGdxb7Nknss", "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70", "LastRotationDate":null, "LastUsed":null, "Length":1024, "PrivateKeys":[ { "ActiveFrom":"/Date(1528905980897+0300)/", "Algorithm":"DSA", "AllowedSourceRestriction":null, "Approver":[ ], "Comment":null, "DeniedSourceRestriction":null, "DeviceGuid":"{ffa955ef-7699-41f2-a8c6-fb2968adcc8d}", "FilePath":"/etc/ssh/ssh_host__dsa_1111", "ForceCommand":null, "Format":"OpenSSH", "IsEncrypted":false, "KeyId":10, "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70", "LastUsed":null, "Length":1024, "Notes":null, "Options":null, "ProcessError":null, "ProcessStatus":0, "Reason":null, "Type":"HostPrivateKey", "Username":"root", "ViolationStatus":[ 16 ] }, { "ActiveFrom":"/Date(1528905980897+0300)/", "Algorithm":"DSA", "AllowedSourceRestriction":null, "Approver":[ ], "Comment":null, "DeniedSourceRestriction":null, "DeviceGuid":"{db1042bd-819c-4a34-ae99-1c1aa3ebd810}", "FilePath":"/etc/ssh/ssh_host__dsa_1111", "ForceCommand":null, "Format":"OpenSSH", "IsEncrypted":false, "KeyId":1324, "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70", "LastUsed":null, "Length":1024, "Notes":null, "Options":null, "ProcessError":null, "ProcessStatus":0, "Reason":null, "Type":"HostPrivateKey", "Username":"root", "ViolationStatus":[ 16 ] } ], "ProcessStatus":0, "PublicKeys":[ { "ActiveFrom":"/Date(1528905987687+0300)/", "Algorithm":"DSA", "AllowedSourceRestriction":null, "Approver":[ ], "Comment":null, "DeniedSourceRestriction":null, "DeviceGuid":"{ffa955ef-7699-41f2-a8c6-fb2968adcc8d}", "FilePath":"/etc/ssh/ssh_host__dsa_1111.pub", "ForceCommand":null, "Format":"OpenSSH", "IsEncrypted":false, "KeyId":11, "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70", "LastUsed":null, "Length":1024, "Notes":null, "Options":null, "ProcessError":null, "ProcessStatus":0, "Reason":null, "Type":"UserPublicKey", "Username":"root", "ViolationStatus":null }, { "ActiveFrom":"/Date(1528905987687+0300)/", "Algorithm":"DSA", "AllowedSourceRestriction":null, "Approver":[ ], "Comment":null, "DeniedSourceRestriction":null, "DeviceGuid":"{db1042bd-819c-4a34-ae99-1c1aa3ebd810}", "FilePath":"/etc/ssh/ssh_host__dsa_1111.pub", "ForceCommand":null, "Format":"OpenSSH", "IsEncrypted":false, "KeyId":1325, "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70", "LastUsed":null, "Length":1024, "Notes":null, "Options":null, "ProcessError":null, "ProcessStatus":0, "Reason":null, "Type":"HostPublicKey", "Username":"root", "ViolationStatus":null } ], "RotationStage":null, "Type":"Host", "ViolationStatus":[ 16 ] } ] }
Example 2: Find keyset IDs that do not have a private key passphrase
Use the KeyID from the response to set or change the private key passphrase. For more information, see POST SSH/ChangePrivateKeyPassphrase.
Request for Example 2
POST https://tpp.venafi.example/vedsdk/SSH/keysetdetails Authorization:Bearer 4MyGeneratedBearerTknz== { "KeysetFilter":{ "ViolationStatus":[ 19 ] }, "PageSize":100, "Offset":0, "LoadKeyData":true }
Response for Example 2
HTTP/1.1 200 OK
{ "Data":[ { "Access":"a_0d5f14@192.168.0.113 → a_0d5f14@192.168.0.113", "Algorithm":"ECDSA", "FingerprintMD5":"90:f5:8c:48:ed:74:9f:6d:90:ec:b8:5e:0b:36:16:a3", "FingerprintSHA256":"+yQnht2o8GFXGCr+cLxl4rkl6omUqgePtgJ4AGM6yTE", "KeysetId":"0CCA275F5E189BB1A58795C5C79FF8B4D7FDD9CD", "LastRotationDate":null, "LastUsed":null, "Length":521, "PrivateKeys":[ { "ActiveFrom":"/Date(1583988340953-0700)/", "Algorithm":"ECDSA", "AllowedSourceRestriction":null, "Approver":[ ], "Comment":null, "DeniedSourceRestriction":null, "DeviceGuid":"{955ad719-4b33-4703-bddf-27a0fe20edd8}", "FilePath":"/home/a_0d5f14/.ssh/id_a_0d5f14_PuTTY", "ForceCommand":null, "Format":"PuTTY", "IsEncrypted":true, "KeyId":55290, "KeysetId":"0CCA275F5E189BB1A58795C5C79FF8B4D7FDD9CD", "LastUsed":null, "Length":521, "Notes":null, "Options":null, "ProcessError":null, "ProcessStatus":0, "Reason":null, "Type":"UserPrivateKey", "Username":"a_0d5f14", "ViolationStatus":[ 19 ] } ], "ProcessStatus":0, "PublicKeys":[ { "ActiveFrom":"/Date(1583988341823-0700)/", "Algorithm":"ECDSA", "AllowedSourceRestriction":null, "Approver":[ ], "Comment":null, "DeniedSourceRestriction":null, "DeviceGuid":"{955ad719-4b33-4703-bddf-27a0fe20edd8}", "FilePath":"/home/a_0d5f14/.ssh/authorized_keys", "ForceCommand":null, "Format":"OpenSSH", "IsEncrypted":false, "KeyId":55289, "KeysetId":"0CCA275F5E189BB1A58795C5C79FF8B4D7FDD9CD", "LastUsed":null, "Length":521, "Notes":null, "Options":null, "ProcessError":null, "ProcessStatus":0, "Reason":null, "Type":"AuthorizedKey", "Username":"a_0d5f14", "ViolationStatus":null } ], "RotationStage":null, "Type":"User", "ViolationStatus":[ 19 ] } ] }