Skip to main content

Determining Which Configurations a Key Belongs To

You can use Key Manager to determine which configurations include a certain user key.

User-key locations are specified by the SSH configurations on each host. Usually, private-key-file locations are specified in the system-wide and/or user-specific SSH client configurations, whereas authorized-key-file locations are specified in the SSH server configuration.

To determine which configurations include a certain user-key, you can enable the Is In Configuration column for private keys and authorized keys in the Key Manager GUI.

Possible values for authorized keys

  • not_in_configuration: The path of the key is not specified in any SSH configuration.

  • in_global_configuration: The path of the key is specified in the system-wide SSH server configuration.

Possible values for private keys

  • not_in_configuration: The path of the key is not specified in any SSH configuration.

  • in_global_configuration: The path of the key is specified in the system-wide SSH client configuration.

  • in_user_configuration: The path of the key is specified in user-specific SSH configuration(s).

  • in_both_configuration: The path of the key is specified in both the system-wide and user-specific SSH client configuration(s).

  • in_any_configuration: The path of the key is specified in either the global or the user-specific SSH client configuration. This value is used for filtering only (to match globally defined and/or user-defined keys). This value is never assigned to a key.

You can also use the command-line client to display keys according to their configuration status, using the filter attribute is_in_config. For example:

$ ssh-mgr-client list-authorized-keys -F "is_in_config=not_in_configuration"
$ ssh-mgr-client list-private-keys -F "is_in_config=in_user_configuration"