Generate an MFA caching SSH key for another user

This method can be triggered by a strong user to generate an MFA caching SSH key for a specific user to be used connecting to targets via PSM for SSH.

The user who runs this method requires the following permission in the Vault:

  • Reset Users' Passwords

In addition, the user who runs this web service must be in the same Vault Location or higher as the user whose public SSH keys are retrieved.

URL

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

 

 

https://{PVWA}/PasswordVault/api/Users/{userID}/Secret/SSHKeys/Cache

The following mandatory value is required in the URL:

Parameter

UserName

Type

String

Description

The name of the user whose MFA caching SSH key will be generated.

 
  • This username is not case-sensitive.
  • Specify the name of any user in the Vault.

Valid values

Vault user name

Resource information

HTTP method

POST

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session, encoded in BASE 64.

Mandatory

Yes

Default value

none

Body parameters

Parameter

formats

Type

String

Description

The list of formats (PPK, PEM, OpenSSH) to output the key, separated by commas.

Mandatory

No

Default value

PEM

Parameter

keyPassword

Type

String

Description

The passphrase to protect the private key on generation.

Mandatory

No

Default value

no passphrase

Result

 
{'count': <number of private key types>,
'creationTime': <key creation time>,
'expirationTime': <key expiration time>,
'publicKey': <public key>
'value': [{'format': '<key format>',
'keyAlg': '<key encryption>',
'privateKey': <first private key>
'value': [{'format': '<key format>',
'keyAlg': '<key encryption>',
'privateKey': <second private key>
'value': [{'format': '<key format>',
'keyAlg': '<key encryption>',
'privateKey': <third private key>}]}

Return codes

For a complete list of return codes, see Return Codes.