Adding an SSH key¶
Add an SSH key.
Tip
To create an SSH key on the target Linux server, follow the instructions in the IBM Spectrum Protect Plus Installation and User’s Guide.
Method and URI¶
To add an SSH key, use a POST method with a URI:
POST https://{hostname|IPv4}/api/identity/key
Parameters¶
None.
Data¶
Data 1: name
The name of the SSH key.
Example value: BlueMachines Amazon S3 California Key
Type: String. Required. Available in the web user interface.
Data 2: user
A user name of the target Linux server for which you want to establish an SSL connection.
Example value:
sarah-oracle1
Type: String. Required. Available in the web user interface.
Data 3: keytype
The type of key.
Value:
ssh_private_key
Type: System string. Required. Available in the web user interface.
Data 4: privatekey
The private SSH key of the target Linux server. Replace new lines with the escape sequence characters:
\n
Example value:
-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-1
↪28-CBC,08295638...\n\nUbdH2oDSWTCkWrxWsLaDvEvV77O4vZhxDkcE6plRYyp8d4aCQ
↪...
↪wS1Ff2nxnW/7A9i9yKRGvFIiaotFIoa43ZLA8ivn\n-----END RSA PRIVATE KEY-----
Type: String. Required. Available in the web user interface.
Data 5: passphrase
The optional passphrase for the SSH key of the target Linux server. It may be different from the user password of the Linux server.
Example value:
E^vBQ:9!Y)w<pNw~
Type: String. Available in the web user interface.
Example: Create an SSH key¶
Assume that you want to establish a secure connection between IBM Spectrum Protect Plus and a Linux server that hosts an Oracle Database. You log in to the Linux server and generate an SSH public key and private key:
[sarah@workstation ~ ] ssh sarah-oracle1@10.4.4.1 # oracle-dallas1
sarah-oracle1@10.4.4.1's password: A'mK'"~RPtY=*k(h
...
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sarah-oracle1/.ssh/id_rsa):
Created directory '/home/sarah-oracle1/.ssh'.
Enter passphrase (empty for no passphrase): E^vBQ:9!Y)w<pNw~
...
Your identification has been saved in /home/sarah-oracle1/.ssh/id_rsa.
Your public key has been saved in /home/sarah-oracle1/.ssh/id_rsa.pub.
...
The key's randomart image is:
+---[RSA 2048]----+
| +.o=o o |
...
+----[SHA256]-----+
$ cat /home/sarah-oracle1/.ssh/id_rsa.pub
ssh-rsa 22EYOeQkIV0Olveps...
$ cat /home/sarah-oracle1/.ssh/id_rsa.pub \
>> /home/sarah-oracle1/.ssh/authorized_keys
$ chmod 600 \
/home/sarah-oracle1/.ssh/authorized_keys
$ sudo cp /etc/ssh/sshd_config{,.bak}
$ sudo vi /etc/ssh/sshd_config # Enable: PubkeyAuthentication yes
$ systemctl restart sshd
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Multiple identities can be used for authentication:
1. oracle
2. grid
3. sarah-oracle1
Choose identity to authenticate as (1-3): 3
Password: A'mK'"~RPtY=*k(h
==== AUTHENTICATION COMPLETE ===
$ cat /home/sarah-oracle1/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,4E9A0765C9067B52F06549D610C6591A
xbeIIcosQ5TsuqXirKJFlgOz1ryQus7RrapZcBgSuZ8PdVXvtvYDBA2qRo79G4OY
...
Pnidu8/8iFy7uoNe9F5J6h40g6S1vI58Ub/e9fbgIzd2NO5MhYkc5c0a8I1rhUq1
-----END RSA PRIVATE KEY-----
$
The SSH key that you have generated on the Linux server has the following properties:
Name: Oracle - Dallas 1 SSH
User:
sarah-oracle1
Private key: See the Python snippet.
Passphrase:
E^vBQ:9!Y)w<pNw~
A Python snippet that is similar to the following example can be used to send a request to IBM Spectrum Protect Plus to add the new SSH key:
privatekey_original = f'''-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,4E9A0765C9067B52F06549D610C6591A
xbeIIcosQ5TsuqXirKJFlgOz1ryQus7RrapZcBgSuZ8PdVXvtvYDBA2qRo79G4OY
...
Pnidu8/8iFy7uoNe9F5J6h40g6S1vI58Ub/e9fbgIzd2NO5MhYkc5c0a8I1rhUq1
-----END RSA PRIVATE KEY-----'''
privatekey = privatekey_original.replace('\n', '\\n') # Replace new lines with \n
_data = f'''{{
"name": "Oracle - Dallas 1 SSH",
"user": "sarah-oracle1",
"keytype": "ssh_private_key",
"privatekey": "{privatekey}",
"passphrase": "E^vBQ:9!Y)w<pNw~"
}}'''
requests.post('https://' + spp_ipv4 + '/api/identity/key',
headers={...}, data=_data, verify=...)

Figure 60 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the Keys and Certificates pane, click the SSH Keys tab. Click Add SSH Key. In the Add SSH Key section, enter the name, username, and private key, and click Save. You can select the Enctypted checkbox and enter the password to encrypt the SSH connection.¶
After you run the Python snippet, ensure that you get a response with the HTTP status of 200 (OK) and that the SSH key settings are updated. This request is similar to the one that you used to create the SSH key; compare the HTTP request method, the URI, the data
values, and the HTTP status code in the response. The response body is similar to the JSON object for the original SSH key, as shown in Getting information about access keys and SSH keys.