Blacklisting User Keys

You can perform a blacklisting operation to effectively disable all the keys within the managed environment that have a certain key fingerprint. This can be useful in situations where you want to immediately prevent the use of certain keys throughout the entire managed environment.

Any user keys with the corresponding key fingerprint are deleted, and cannot be restored using Key Manager. Blacklisted user keys are not be reused when creating new authorizations using Key Manager. Alerts are generated when Key Manager detects attempts to authorize into the managed environment using blacklisted keys. Additionally, such events will be recorded in the Key Manager audit log.

To blacklist a user key (and all the other keys that have the same fingerprint), navigate to any page that lists user keys, then perform a Blacklist action on the target key(s). The target key(s), and any key with corresponding fingerprint(s) are automatically deleted, and entries matching to these keys are marked as blacklisted.

You can also blacklist keys using the command-line client (described in blacklist-authorized-keys).

$ ssh-mgr-client blacklist-authorized-keys -i 99