Search Host Keys from Discovery
The API will search host keys and its information from the discovery.
Before you begin
- Discovery should be present in AppViewX.
Request Structure
| Endpoint: | /ssh/search/hostKeysNote: The same API has been used for the
following: |
| Type: | POST |
| Sample URL: | https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/search/hostKeys?keysFrom=rotatedInventory&gwsource=externalTo understand the elements of the sample URL, click here. |
| Headers: | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory) Session ID received after
login. Type: String Constraints: Required if username and password are not provided. |
| username
|
(Mandatory) AppViewX login username Type: String Constraints: Required if sessionId is not provided. |
| password
|
(Mandatory) AppViewX login password Type: String Constraints: Required if sessionId is not provided. |
| Content-Type
|
(Mandatory) Specifies the nature of the data in the
payload Type: String Constraints: The value of the param should be ‘application/json’. |
| gwsource
|
(Mandatory) Source from which the request is
triggered. (E.g. external) Type: String |
| discoveryName
|
Discovery Name. (E.g. SampleDiscovery) If this value not given, hosts will be fetched from host keys inventory.Type: String |
| Payload
|
(Mandatory) Contains all the parameters to be sent
in the request body for the post request Type: Payload |
Payload
| Name | Description |
|---|---|
| input | (Optional) Input Parameters to fetch host keys from
discovery. Type: Input |
| filter | (Mandatory) Filter parameters to fetch host keys
from discovery. Type: Filter |
| Name | Description |
|---|---|
| freeSearch | (Optional)Search text to find host key information
from discovery. Type: String |
| keywordSearch | (Optional)Keyword and value tosearch and retrieve
host key. Example: {"keyname":"RotateKeys_admin_1716367661908-B0-001} |
| Name | Description |
|---|---|
| sortColumn | (Mandatory) Column name to be sorted. Type: String |
| sortOrder | (Mandatory) Order to be sorted. Possible values: asc, desc |
| start | (Mandatory) Start count of the host keys to be fetched from discovery. Type: String |
| max | (Mandatory) Count of the host keys to be fetched from discovery. Type: String |
Response Structure
200 OK returns string of type application/json with the following body params.
| Name | Description |
|---|---|
| response | Contains the response attributes for the host keys
Type: response |
| message | Success message of the action or failure description
in case of error. Will be non-null for failure
response Type: String |
| appStatusCode | Application-specific status code for the response.
Will be non-null for failure response Type: String |
| tags | More info in case of failure response |
| Name | Description |
|---|---|
| data | List of host key information which matches the search criteria. Type: List |
| iTotalDisplayRecords | Total number of host keys available for the search criteria. |
Status Codes
| HTTP Status code | appStatusCode | Message and Possible remediation |
|---|---|---|
| 200 OK | NA | Host keys retrieved successfully |
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason - Invalid
Credentials Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param. |
| 400 Bad Request | AVX-VLDTN-001 | Mandatory field is missing or invalid values
specified - <<field name>> Possible remediation: Check and ensure that valid value is provided for <<field name>> field in the request. |
Sample Request/Response
To search host key “RotateKeys_admin_1716367184410-B0-001” in the discovery using /search/hostKeys API.
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/search/hostKeys?keysFrom=rotatedInventory&gwsource=external{
"input": {
"freeSearch": "RotateKeys_admin_1716367184410-B0-001"
},
"filter": {
"sortColumn": "none",
"sortOrder": "desc",
"start": "0",
"max": "100"
}
}
{
"input": {
"keywordSearch":{"keyname":"RotateKeys_admin_1716367184410-B0-001"}
},
"filter": {
"sortColumn": "none",
"sortOrder": "desc",
"start": "0",
"max": "100"
}
}
{
"response": {
"data": [
{
"sshkey": {
"type": "ECDSA",
"name": "RotateKeys_admin_1716367184410-B0-001",
"bitLength": "256",
"passPhrase": null,
"passPhraseCryptKey": null,
"comment": "Created for host 192.168.60.130",
"privateKey": null,
"cryptKeyForPrivateKey": null,
"publicKey": null,
"fingerPrint": "+1cEqAhMLynje99v9hjeB3QEooh1sqEPQH1303d5P8o",
"keyStatus": "Managed",
"compliance": null,
"groupName": "Default_Key_Group",
"validity": null,
"period": "lifetime",
"hsmDeviceName": null,
"uuid": "81da80bf-e20f-358e-8606-34b63d8d61c1",
"keyWords": [
"discoveredKeys",
"Created for host 192.168.60.130",
"256",
"pe-cert-apvx-node02",
"RotateKeys_admin_1716367184410-B0-001",
"ECDSA",
"Compliant"
],
"active": true,
"fileName": null,
"privateKeyFilePermission": null,
"publicFilePermission": null,
"createdBy": "discoveredKeys",
"displayName": null,
"awsDiscoveredKey": true,
"userName": null,
"associatedUsers": [],
"clientFingerprint": null,
"modifiedBy": null,
"modifiedTime": 1716367224,
"fingerPrints": null,
"isModified": null,
"colorCode": null,
"oldPassPhrase": null,
"oldPassPhraseCryptKey": null,
"awsFingerPrint": null,
"sourceIp": [],
"destIp": [
"192.168.60.130"
],
"createdTime": 1716366952000,
"isPushAutomatically": null,
"isRotateAutomatically": null,
"autoRotate": null,
"workOrderDetail": null,
"groupIds": [
"5767bcef3465bfbf73e44727"
],
"readWrite": false,
"keyPath": null,
"renewDate": 0,
"expiryDate": 0,
"isExpired": false,
"hostUserName": null,
"workOrderMandate": null,
"initiatedTime": 1716366952000,
"complianceDescription": null,
"agentUuid": null,
"keyType": null,
"filePaths": [
"pe-cert-apvx-node02~~/etc/ssh/appviewxssh/ssh_host_ECDSA_key",
"pe-cert-apvx-node02~~/etc/ssh/appviewxssh/ssh_host_ECDSA_key.pub"
],
"symLinks": [],
"privateKeyFileProps": {
"readable": "true",
"executable": "false",
"writable": "true"
},
"publicKeyFileProps": {
"readable": "true",
"executable": "false",
"writable": "true"
},
"clientMachineNames": [],
"serverMachineNames": [
"pe-cert-apvx-node02"
],
"keyFoundInDiscoverySeqIdRanges": [
{
"from": 30,
"to": 30
}
],
"firstDiscovery": 1716367184461,
"previousDiscovery": 0,
"currentDiscoveredTime": 1716367184461,
"certificate": [
{
"fingerPrint": "+1cEqAhMLynje99v9hjeB3QEooh1sqEPQH1303d5P8o",
"certType": "Host",
"rawFPString": "ECDSA-CERT SHA256:+1cEqAhMLynje99v9hjeB3QEooh1sqEPQH1303d5P8o",
"signingCA": "ECDSA SHA256:k/k8+W/SlzdaK0ajyat/l3FVpnWpPpndaP0qTM7lf7M (using ecdsa-sha2-nistp256)",
"keyId": "pe-cert-apvx-node02.lab.appviewx.net",
"serialNumber": "3515119686734784",
"rawCertType": "[email protected] host certificate",
"validFrom": 1716366944000,
"validTo": 1747902944000,
"validity": 364,
"validityUnit": "days",
"expiresIn": "364 days",
"principals": [
"192.168.60.130",
"pe-cert-apvx-node02.lab.appviewx.net"
],
"cryptKeyForCertContent": "opj82wtc1bylx4igskt7ra724",
"certStatus": "Active",
"filePaths": [
{
"hostName": "pe-cert-apvx-node02",
"paths": [
"pe-cert-apvx-node02~~/etc/ssh/appviewxssh/ssh_host_ECDSA_key-cert.pub"
]
}
],
"onlyForWebTerminal": false
}
],
"sharedType": "single",
"excludeFromSharedKeyReportEndTime": 0,
"excludeFromWeakKeyReportEndTime": 0,
"excludeFromOrphanKeyReportEndTime": 0,
"excludeFromSuspiciousKeyReportEndTime": 0,
"discoveryIdWithNewState": {
"30": true
},
"eligibleForRollback": false,
"backupData": null,
"sharedKey": false,
"weakKey": false,
"riskKey": false,
"discovered": true,
"accessRequest": false,
"new": true,
"keyDownload": false,
"privateKeyDeleted": false,
"publicKeyDeleted": false,
"keyFilePermission": [
{
"user": null,
"userHomeDirectory": null,
"userGroup": null,
"filePath": null,
"deviceName": null,
"fileProperties": null
}
],
"selected": false,
"upload": false,
"passphraseValidated": false,
"hasPrivateKey": true,
"_id": "664daf7868cf79570aab88b5"
},
"age": "0 day",
"clientMachineNames": null,
"serverMachineNames": null,
"groupPermission": [
{
"Default_Key_Group": "RW"
}
],
"permission": "RW",
"compliance": "Compliant",
"createdTime": 0,
"displayName": "RotateKeys_admin_1716367184410-B0-001",
"hostComplianceGroup": null,
"joinedHostGroups": null,
"hostName": null,
"associatedUsers": null,
"colorCode": "newKeys",
"complianceDescription": "",
"hostInfos": null,
"keyComplianceGroup": null,
"accessGroup": null,
"selected": false,
"_id": null
}
],
"iTotalDisplayRecords": 1,
"serverTime": 1716377205029
},
"message": "User keys retrieved successfully",
"appStatusCode": null,
"tags": null,
"headers": null
}
Reference
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.Note: GWPORT is not required for SaaS setups.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: /ssh/host/create
- gwsource: Source or origin of a gateway, for example: external.
