Network SSH record

action={action}

(Required) Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

id={value}

(Required to update or delete record) Record IDs to update/delete. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma separated.

title={value}

(Required to create record) A title for the record. The title must be unique. Maximum 255 characters (ascii).

comments={value}

(Optional to create or update record) User defined comments. Maximum of 1999 characters.

port={value}

(Optional) The port the database name is running on.

target_type={value}

(Optional) Specify the target type.

username={value}

(Required to create record, optional to update record) The username of the account to be used for authentication. If login_type=vault is specified, this is the username of a vault account. Maximum 255 characters (ascii).

password={value}

(Optional) The password of the Network SSH account to be used for authentication. Maximum 100 characters (ascii).

login_type=(basic|vault}

(Optional) Login type can be basic (default) or vault. Set to vault if a third party vault will be used to retrieve the password. Vault parameters need to be provided in the record.

Click here for vault parameters

p2_login_type=(basic|vault}

(Optional) p2 Login type can be basic (default) or vault. Set to vault if a third party vault will be used to retrieve the password. Vault parameters need to be provided in the record.

Click here for vault parameters

p2_<vault parameter>={value}

(Optional) If p2_login_type is vault then all vault parameter fields must be added with prefix 'p2_'

For example, p2_vault_type, p2_vault_id.

Vault specific parameters required depend on the vault type you've selected. See “Vault Definition” in the API user guide.

cleartext_password={0|1}

(Optional) When not specified, the scanning engine only uses strong password encryption for remote login. Specify 1 to allow your password to be transmitted in clear text when connecting to services which do not support strong password encryption. For more info, search for "Clear Text Password" in online help.

For a create request, if cleartext_password=1, the password parameter is required. For an update request, if cleartext_password=1, and the record does not have a password set, then cleartext_password=1 is *silently ignored*.

password2={value}

(Optional) This password2 field is similar to existing expert_password field (for Checkpoint Firewall sub-type) and enable_password field (for Cisco sub-type).

For Checkpoint Firewall: The password required for executing the “expert” command on the target hosts. The password may include 1-31 characters (ascii).

For Cisco: The password required for executing the “enable” command on the target hosts. The password may include 1-31 characters (ascii).

{XML File}

(Optional and valid only for Unix record, i.e. not supported for Cisco or Checkpoint Firewall sub-type)

XML file where you define private-key certificates and root delegations. These are defined using this DTD: <platform API server>/api/2.0/fo/auth/unix/unix_auth_params.dtd

ips={value}

(Required to create record) The IP address(es) for the targets you want to authenticate to. Multiple entries are comma separated.

(Optional to update record) IPs specified will overwrite existing IPs in the record, and existing IPs will be removed.

An IP added to the Network SSH authentication record cannot added in Unix, Cisco or Checkpoint authentication records.

This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request.