SSH CLI API - Details

SSH (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. ssh connects and logs into the specified hostname with user name. The user must prove his/her identity to the remote machine using the public key authentication.

The command must be specified in the mentioned format which will be executed on the remote host and the required response returned.

SSH Public Authentication Mechanism

The scheme is based on public-key cryptography: there are cryptosystems where encryption and decryption are done using separate keys, and it is not possible to derive the decryption key from the encryption key. RSA is one such system. The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key.

The file / /.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The server checks if this key is permitted, and if so, sends the user a challenge, a random number, encrypted by the user's public key. The challenge can only be decrypted using the proper private key. The user's client then decrypts the challenge using the private key, proving that he/she knows the private key but without disclosing it to the server.

ssh implements the RSA authentication protocol automatically. The user creates his/her RSA key pair by running ssh-keygen. This stores the private key in id_rsa file and stores the public key in id_rsa.pub in the specified directory. The user should then add PAM360 API User and import the id_rsa.pub.

Name:

PAM360 maverick ssh - OpenSSH SSH client API

Synopsis:

ssh -q [-p port] [-l login_name] user@hostname [-i private_key] [PAM360 specific command]

For Example: ssh -q -p 6622 test@test-server -i /home/guest/id_rsa [PAM360 specific command]

1. Commands

1.1 For Password Retrieval

ssh -q [-p port] user@hostname [-i private_key] RETRIEVE --resource=<RESOURCE NAME As present in PAM360> --account=<ACCOUNT NAME As Present in PAM360> --reason=<REASON For Password Access>

Example:

ssh -q -p 6622 test@test-server -i /home/guest/id_rsa RETRIEVE --resource=test-server --account=root --reason=Testing password
retrieval using ssh client API

1.2 For Password Reset

1.2.1 For Local Password Reset

ssh -q [-p port] user@hostname [-i private_key] RESET_LOCAL --resource=<RESOURCE NAME AS PRESENT IN PAM360> --account=<ACCOUNT_NAME As Present in PAM360> --newpassword=<NEW PASSWORD> --reason=<Reason for Password Reset>

Example:

ssh -q -p 6622 test@test-server -i /home/guest/id_rsa RESET_LOCAL --resource=test-server --account=root--newpassword=rootnew --reason=Rotating Password

1.2.2 For Remote Password Reset

ssh -q [-p port] user@hostname [-i private_key] RESET_REMOTE --resource=<RESOURCE NAME AS PRESENT IN PAM360> --account=<ACCOUNT_NAME As Present in PAM360> --newpassword=<NEW PASSWORD> --reason=<Reason for Password Reset>

Example:

ssh -q -p 6622 test@test-server -i /home/guest/id_rsa RESET_REMOTE --resource=test-server --account=root --newpassword=rootnew --reason=Rotating Password

1.3 For Creating a New Resource and a User Account

ssh -q [-p port] user@hostname [-i private_key] CREATE --resource=<RESOURCE NAME To Be Created> --account=<ACCOUNT NAME to be created>--newpassword=<PASSWORD of the Account being added> --resourcetype=<Type of the Resource Being Added> --notes=<Reference Notes>

Example:

ssh -q -p 6622 test@test-server -i /home/guest/id_rsa CREATE --resource=testresource --account=testaccount --newpassword=test password--resourcetype=Windows--notes=A New resource is added

Top