1. ACLI Reference Guide
  2. ACLI Commands N-Z
  3. ssh-key

ssh-key

The ssh-key command allows you to import, generate, display and delete public keys on the Oracle Communications Session Border Controller.

Syntax

ssh-key <key type> <action> <other parameters>

Arguments

Supported key types:

authorized-key
Manage the keys of SSH clients who connect using public key authentication.

Supported actions:

export <name>
Export an authorized key in RFC 4716 format.
import <name> <class>
Import an authorized key in RFC 4716 format. The <class> parameter may be either user or admin.
delete <name>
Delete an authorized key that was previously imported.
known-host
Manage the known hosts for when the SBC acts as an SSH client.

Supported actions:

import <name>
Import a key in RFC 4716 format into the known_hosts file.

The <name> parameter is the IP address or hostname of the SFTP server.

delete <name>
Delete a key from the known_hosts file.

The <name> parameter is the IP address or hostname of the SFTP server.

private-key
Manage the private key of the SBC

Supported actions:

generate [ rsa | dsa ] [<size>]
Regenerate the RSA or DSA public and private key of the SBC.

RSA key size may be 2048, 3072, or 4096. The default value of 2048 is used if no size is selected.

DSA key size is always set to 1024.

ca-key
Manage the certificate authority keys.

Supported actions:

import <key-name> <class>
Import a CA key in RFC 4716 format. The <class> parameter may be either user or admin.
delete <key-name>
Delete a key from the known_hosts file.
ca-user-revoke
Manage certificate authority user revocation. Users are added to the revocation list by importing their public key.

Supported actions:

import <key-name>
Import the public key of the user or users who are authorized with this ca-key. Or import the public key of a CA to revoke all keys signed by that CA.
delete <key-name>
Remove a key-name from the revocation list.
x509
Manage certificates for OCSP-based authentication of SSH clients.

Note:

Requires Admin Security entitlement and FIPS entitlement.

Supported actions:

import <login-name> <ocsp-server> <class>
Import the end-entity certificate and certificate chain for an SSH client. The login-name should match the username that the SSH client uses to authenticate; the ocsp-server should be the FQDN of the OCSP server; and the class parameter may be either user or admin.
delete <login-name>
Remove the end-entity certificate and certificate chain for an SSH client.

Mode

Superuser

Example

ORACLE# ssh-key authorized-key import jdoe