Skip to main content

Host-Key Commands

Host-key commands are used for managing the host keys in the managed environment.

count-host-keys

Syntax:

ssh-mgr-client count-host-keys [options] [-F <filter>] [-vvv] [-U <url>]

Returns the number of host keys that match the given criteria.

When filters are specified, this command returns the number of host keys that match the filter criteria.

For filtering, you can use the same attributes that are available for the list-host-keys command (see list-host-keys).

Example for returning the number of host keys in the managed environment:

$ ssh-mgr-client count-host-keys
496

label-host-keys

Syntax:

ssh-mgr-client label-host-keys [options]
(-F <filter> | -i <id>) -d <data> [-vvv] [-U <url>]

Label all the keys that have the same fingerprint as any of the selected host keys.

Specify the label by providing the label attribute (-d). You can select a host key by providing its ID (-i). Alternatively, you can select host keys using filters (-F). For filtering, you can use the same attributes that are available for the list-host-keys command (see list-host-keys).

Required data:

label

The text that is used for labeling the host key(s).

For example, assigning a key, and any other keys with the same fingerprint, with a label:

$ ssh-mgr-client label-host-keys -i 82 -d label="example_label"

As another example, assigning all keys on a certain host, and any other keys with the same fingerprints, with a label:

$ ssh-mgr-client label-host-keys -F "hostname=example.server.com" \
-d label="example_label"

list-host-keys

Syntax:

ssh-mgr-client list-host-keys [options] [-F <filter>] [-vvv] \
[-U <url>] [-o <format>] [-C <columns>] [-H] [-O <sort-order>] \
[-S <start-from>] [-M <max-results>] [-E <delim>] [-B]

The default command lists all the host keys present in the managed environment:

$ ssh-mgr-client list-host-keys

The following columns can be used for filtering (-F) and output formatting (-C):

black_listed

Key is black listed

checksum

Checksum of the private key file of the host key

date_created

Date when the key was first seen by PrivX Key Manager

fingerprint_babble

Fingerprint of key in Bubble Babble format

fingerprint_id

The unique ID of the fingerprint

fingerprint_openssh

Fingerprint of key in OpenSSH format

fingerprint_sha256

Fingerprint of key in OpenSSH SHA256 format

fingerprint_ssh1

Fingerprint of key in SSH1 format

host_id

Id of the host where the key is located

host_tags

Tags attached to the host of the key

hostgroup

Name of host group that the host key is on. Only usable for filtering (-F).

hostgroupid

Id of host group that the host key is on. Only usable for filtering (-F).

hostname

Host where the key is located

id

Internal PrivX Key Manager id for host key

is_in_config

Key is in SSH configuration

key_age

Age of the key

key_algorithm

Cryptographic algorithm of the key

key_comment

Comment field in SSH key

key_data

Public key data. Only usable for output formatting (-C).

key_format

Format of the key. One of openssh, secsh2, or ssh1

key_label

Label given to the key

key_location

Location of the public key file of the host key

key_size

Size of key in bits (e.g 768, 1024, 2048)

management_state

Management state of the key's fingerprint

not_after

End of the validity period of the key

not_before

Start of the validity period of the key

notes

Notes for the key

passphrase_protected

Flag to specify whether the private key file of the host key is passphrase protected

passphrase_status

Status of the host key passphrase

pending_key_operation

Pending key operation

policy_violation_score

Combined numeric severities of the policies this product is currently violating

policy_violations

List of policy rules this product is currently violating

private_key_file_attrs

Attributes of the private key file of host key. Only usable for output formatting (-C).

private_key_location

Location of the private key file of the host key

product

Product of key

public_key_file_attrs

Attributes of the public key file of host key. Only usable for output formatting (-C).

status

Status of the key

tags

Tags attached to the key

For example, to display the host key fingerprint of the host example.server.com in both Tectia and OpenSSH format:

$ ssh-mgr-client list-host-keys -F "hostname=example.server.com" -C fingerprint_babble,fingerprint_openssh

show-host-key

Syntax:

ssh-mgr-client [-v] [-U <url>] [-o <format>] [-C <columns>] show-host-key -i <id>

Displays the host key with the given key ID.

For output formatting, you can use similar attributes as the list-host-keys command (see list-host-keys).

Example:

$ ssh-mgr-client show-host-key -i 3

tag-host-keys

Syntax:

ssh-mgr-client tag-host-keys [options] \
(-F <filter> | -i <id>) -d <data> [-vvv] [-U <url>]

Tags selected host keys.

Specify the tag by the name of the tag. If the tag does not exist, it will be created automatically. You can select a host key using its ID. Alternatively, you can select multiple host keys using filters. For filtering (-F), you can use the same attributes that are available for the list-host-keys command (see list-host-keys).

For example, to tag the host key that has the ID of 36, with the tag named to_be_reviewed:

$ ssh-mgr-client tag-host-keys -d id=36,tag=to_be_reviewed

untag-host-keys

Syntax:

ssh-mgr-client untag-host-keys [options] \
(-F <filter> | -i <id>) -d <data> [-vvv] [-U <url>]

Removes a tag from the selected host key(s).

Specify the tag by the name of the tag. You can select a host key using its ID. Alternatively, you can select multiple host keys using filters. For filtering (-F), you can use the same attributes that are available for the list-host-keys command (see list-host-keys).

Example:

$ ssh-mgr-client untag-host-keys -i 36 -d tags="to_be_reviewed"