POST SSH/KeysetDetails

Returns private and public key pairs that identify details about a device. Finds information, such as keyset and key rotation status, about a particular device. POST SSH/KeysetDetails includes paging support.

Requirements

  • Permissions: The caller must have Read permission and View permission either on a device with a keyset or on the policy containing the keyset (when keyset is present in the Policy tree).
  • Token scope:  SSH

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

KeysetFilter

(Optional) An array of one or more Keyset filters. For more information, see SSH KeysetFilter object.

LoadKeyData

(Optional)The amount of keyset data to return:

true: Show general, public, and private key information about a device.

false: Default. Show general key information about the device. Omit private key and public key information. General information includes Access, Algorithm, KeysetId, LastRotationDate, Length, ProcessStatus, Type, and ViolationStatus values. For example, if you just want the last key rotation date, for each keyset on one or more devices, specify false.

Offset

(Optional) The offset for query results. The number of records to skip.

PageSize

The maximum number of records to return.

Returns

POST SSH/KeysetDetails returns:

  • HTTP 500: Internal Server error and Error: Internal error occurred for invalid requests that contain syntax errors or hidden characters.
  • HTTP 400: Bad Request for invalid requests.
  • HTTP 200: If the caller has insufficient privileges, an empty JSON body.
  • HTTP 200: message and the following information:

Summary of SSH/KeysetDetail return values

Response description

Name

Description

Data

An array of one or more SSH Keyset Data objects.

Example 1: Find public and private keysets for a device

Request for Example 1

POST https://tpp.venafi.example/vedsdk/SSH/keysetdetails 
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "KeysetFilter":{
      "Algorithm":[
         "DSA"
      ],
      "MaxKeyLength":1024,
      "ProcessingStatus":[
         0
      ]
   },
   "PageSize":1,
   "Offset":0,
   "LoadKeyData":true
}

Response for Example 1

HTTP/1.1 200 OK
{
   "Data":[
      {
         "Access":"192.168.6.243",
         "Algorithm":"DSA",
         "FingerprintMD5":"98:59:2a:7f:e3:f1:bc:ca:aa:5d:65:30:b3:6b:7f:99",
         "FingerprintSHA256":"NsMtm5l8PyDezuQ2dhFMeArDbQFxT/0HdGdxb7Nknss",
         "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70",
         "LastRotationDate":null,
         "LastUsed":null,
         "Length":1024,
         "PrivateKeys":[
            {
               "ActiveFrom":"/Date(1528905980897+0300)/",
               "Algorithm":"DSA",
               "AllowedSourceRestriction":null,
               "Approver":[

               ],
               "Comment":null,
               "DeniedSourceRestriction":null,
               "DeviceGuid":"{ffa955ef-7699-41f2-a8c6-fb2968adcc8d}",
               "FilePath":"/etc/ssh/ssh_host__dsa_1111",
               "ForceCommand":null,
               "Format":"OpenSSH",
               "IsEncrypted":false,
               "KeyId":10,
               "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70",
               "LastUsed":null,
               "Length":1024,
               "Notes":null,
               "Options":null,
               "ProcessError":null,
               "ProcessStatus":0,
               "Reason":null,
               "Type":"HostPrivateKey",
               "Username":"root",
               "ViolationStatus":[
                  16
               ]
            },
            {
               "ActiveFrom":"/Date(1528905980897+0300)/",
               "Algorithm":"DSA",
               "AllowedSourceRestriction":null,
               "Approver":[

               ],
               "Comment":null,
               "DeniedSourceRestriction":null,
               "DeviceGuid":"{db1042bd-819c-4a34-ae99-1c1aa3ebd810}",
               "FilePath":"/etc/ssh/ssh_host__dsa_1111",
               "ForceCommand":null,
               "Format":"OpenSSH",
               "IsEncrypted":false,
               "KeyId":1324,
               "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70",
               "LastUsed":null,
               "Length":1024,
               "Notes":null,
               "Options":null,
               "ProcessError":null,
               "ProcessStatus":0,
               "Reason":null,	
               "Type":"HostPrivateKey",
               "Username":"root",
               "ViolationStatus":[
                  16
               ]
            }
         ],
         "ProcessStatus":0,
         "PublicKeys":[
            {
               "ActiveFrom":"/Date(1528905987687+0300)/",
               "Algorithm":"DSA",
               "AllowedSourceRestriction":null,
               "Approver":[

               ],
               "Comment":null,
               "DeniedSourceRestriction":null,
               "DeviceGuid":"{ffa955ef-7699-41f2-a8c6-fb2968adcc8d}",
               "FilePath":"/etc/ssh/ssh_host__dsa_1111.pub",
               "ForceCommand":null,
               "Format":"OpenSSH",
               "IsEncrypted":false,
               "KeyId":11,
               "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70",
               "LastUsed":null,
               "Length":1024,
               "Notes":null,
               "Options":null,
               "ProcessError":null,
               "ProcessStatus":0,
               "Reason":null,	
               "Type":"UserPublicKey",
               "Username":"root",
               "ViolationStatus":null
            },
            {
               "ActiveFrom":"/Date(1528905987687+0300)/",
               "Algorithm":"DSA",
               "AllowedSourceRestriction":null,
               "Approver":[

               ],
               "Comment":null,
               "DeniedSourceRestriction":null,
               "DeviceGuid":"{db1042bd-819c-4a34-ae99-1c1aa3ebd810}",
               "FilePath":"/etc/ssh/ssh_host__dsa_1111.pub",
               "ForceCommand":null,
               "Format":"OpenSSH",
               "IsEncrypted":false,
               "KeyId":1325,
               "KeysetId":"A9AC67A8201B413CDBE8F92AB6A72FF6AEC98C70",
               "LastUsed":null,
               "Length":1024,
               "Notes":null,
               "Options":null,
               "ProcessError":null,
               "ProcessStatus":0,
               "Reason":null,	
               "Type":"HostPublicKey",
               "Username":"root",
               "ViolationStatus":null
            }
         ],
         "RotationStage":null,
         "Type":"Host",
         "ViolationStatus":[
            16
         ]
      }
   ]
}

Example 2: Find keyset IDs that do not have a private key passphrase

Use the KeyID from the response to set or change the private key passphrase. For more information, see POST SSH/ChangePrivateKeyPassphrase.

Request for Example 2

POST https://tpp.venafi.example/vedsdk/SSH/keysetdetails 
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "KeysetFilter":{
      "ViolationStatus":[
         19
      ]
   },
   "PageSize":100,
   "Offset":0,
   "LoadKeyData":true
}

Response for Example 2

HTTP/1.1 200 OK
{
   "Data":[
      {
         "Access":"a_0d5f14@192.168.0.113 → a_0d5f14@192.168.0.113",
         "Algorithm":"ECDSA",
         "FingerprintMD5":"90:f5:8c:48:ed:74:9f:6d:90:ec:b8:5e:0b:36:16:a3",
         "FingerprintSHA256":"+yQnht2o8GFXGCr+cLxl4rkl6omUqgePtgJ4AGM6yTE",
         "KeysetId":"0CCA275F5E189BB1A58795C5C79FF8B4D7FDD9CD",
         "LastRotationDate":null,
         "LastUsed":null,
         "Length":521,
         "PrivateKeys":[
            {
               "ActiveFrom":"/Date(1583988340953-0700)/",
               "Algorithm":"ECDSA",
               "AllowedSourceRestriction":null,
               "Approver":[
                  
               ],
               "Comment":null,
               "DeniedSourceRestriction":null,
               "DeviceGuid":"{955ad719-4b33-4703-bddf-27a0fe20edd8}",
               "FilePath":"/home/a_0d5f14/.ssh/id_a_0d5f14_PuTTY",
               "ForceCommand":null,
               "Format":"PuTTY",
               "IsEncrypted":true,
               "KeyId":55290,
               "KeysetId":"0CCA275F5E189BB1A58795C5C79FF8B4D7FDD9CD",
               "LastUsed":null,
               "Length":521,
               "Notes":null,
               "Options":null,
               "ProcessError":null,
               "ProcessStatus":0,
               "Reason":null,
               "Type":"UserPrivateKey",
               "Username":"a_0d5f14",
               "ViolationStatus":[
                  19
               ]
            }
         ],
         "ProcessStatus":0,
         "PublicKeys":[
            {
               "ActiveFrom":"/Date(1583988341823-0700)/",
               "Algorithm":"ECDSA",
               "AllowedSourceRestriction":null,
               "Approver":[
                  
               ],
               "Comment":null,
               "DeniedSourceRestriction":null,
               "DeviceGuid":"{955ad719-4b33-4703-bddf-27a0fe20edd8}",
               "FilePath":"/home/a_0d5f14/.ssh/authorized_keys",
               "ForceCommand":null,
               "Format":"OpenSSH",
               "IsEncrypted":false,
               "KeyId":55289,
               "KeysetId":"0CCA275F5E189BB1A58795C5C79FF8B4D7FDD9CD",
               "LastUsed":null,
               "Length":521,
               "Notes":null,
               "Options":null,
               "ProcessError":null,
               "ProcessStatus":0,
               "Reason":null,
               "Type":"AuthorizedKey",
               "Username":"a_0d5f14",
               "ViolationStatus":null
            }
         ],
         "RotationStage":null,
         "Type":"User",
         "ViolationStatus":[
            19
         ]
      }
   ]
}