Skip to main content

Agent Commands

The command-line client can be used to manage Key Manager agent ICB files.

count-icbs

Syntax:

ssh-mgr-client count-icbs [options] [-F <filter>] [-vvv] [-U <url>]

Returns the number of ICB files in the Key Manager system.

You can use filters (-F) to only count the ICB files that match the given filters. For filtering, you can use the same attributes that are available for the list-icbs command (see list-icbs).

The default command counts all the ICBs in the Key Manager system:

$ ssh-mgr-client count-icbs
3

Example for finding all the ICB files for a specific host group:

$ ssh-mgr-client count-authorized-keys -F "hostgroupid=4"
1

list-icbs

Syntax:

ssh-mgr-client list-icbs [options] [-F <filter>] \
[-vvv] [-U <url>] [-o <format>] [-C <columns>] [-H] \
[-O <sort-order>] [-S <start-from>] [-M <max-results>] [-E <delim>]

The default command lists all the Key Manager agent ICB files in the Key Manager system:

$ ssh-mgr-client list-icbs

The following columns can be used for filtering (-F) and output formatting (-C):

agent_type

Type of the connecting agent. Only usable for output formatting (-C).

fingerprint_babble

Fingerprint of agent public key in Bubble Babble

fingerprint_id

Internal id of the agent public key

fingerprint_openssh

Fingerprint of agent public key in OpenSSH format

fingerprint_sha256

Fingerprint of agent public key in SHA256 format

fingerprint_ssh1

Fingerprint of agent public key in SSH1 format

hostgroupid

Id of host group that the ICB is on

id

Internal PrivX Key Manager id for ICB

name

Name of the ICB file

public_key_data

Public key data in OpenSSH format

For example, to display the name, and the ICB id of all the ICB files (in the mentioned order):

$ ssh-mgr-client -C "name,id" list-icbs

The following example displays the ICB with the ICB ID of 1:

$ ssh-mgr-client list-icbs -F "id=1"

create-icb

Syntax:

ssh-mgr-client create-icb -d <data> [options] \
[-vvv] [-U <url>] [-B] [-p <priority>]

The command creates new ICB files. To create new ICB files using this command, you must provide a name that is unique in the system. ICB file information can be provided directly on the command line (-d), or from a text file (-f).

You can optionally specify a host group for the ICB file. If specified, agent-based hosts added with the ICB file are added to the host group when they enter the managed environment.

Required data:

name

The name of the ICB file.

Optional data:

hostgroupid

The ID of a host group. If specified, Key Manager agents configured with this ICB automatically add their host to the specified host group.

The command launches a create-icb job for adding the new ICB. The new ICB is added to the Key Manager system as soon as this job finishes.

The following example demonstrates the minimum arguments required for creating a new ICB file:

$ ssh-mgr-client create-icb -d name=name

To specify a host group, provide the host-group ID of that host group with hostgroup:

$ ssh-mgr-client create-icb -d name=ICB_1,hostgroup=4

The same information can be provided from a text file as well.:

$ ssh-mgr-client create-icb -f icbs.txt

The contents of icbs.txt could look like the following. When providing information from text files, it is possible to add multiple ICB files with one command:

name
Generic ICB
Workstation ICB
ICB2

Another example of a text file:

name,hostgroup,hostgroupdescription
ICB name,3,description
Workstation ICB,3,description2
ICB2,,description

download-icb

Syntax:

ssh-mgr-client download-icb -i <id> [options] [-f <filename>] [-vvv] [-U <url>]

Downloads the specified ICB file to your current working directory.

The ICB file must be identified by its icbid value. You can optionally specify the name of the file to which the ICB data is downloaded. if not specified, the file name defaults to agent-icb.json

The ID is provided with the -i option. For example, to output the ICB file with the icbid value of 2:

$ ssh-mgr-client download-icb -i 2

show-icb

Syntax:

ssh-mgr-client [-v] [-U <url>] [-o <format>] [-C <columns>] show-icb -i <id>

Displays the icb with the given ID.

For output formatting (-C), you can use the same attributes that are available for the list-icbs command (see list-icbs).

Example:

$ ssh-mgr-client show-icb -i 3