ssh-cmpclient command [options] access [name]
Where command is one of the following:
INITIALIZE psk|racerts keypair template
ENROLL certs|racerts keypair template
UPDATE certs [keypair]
POLL psk|certs|racerts id
RECOVER psk|certs|racerts template
REVOKE psk|certs|racerts template
TUNNEL racerts template
Most commands can accept the following options:
-B Perform key backup for subject keys.
-o prefix Save result into files with prefix.
-O filename Save the result into the specified file.
If there is more than one result file,
the remaining results are rejected.
-C file CA certificate from this file.
-S url Use this SOCKS server to access the CA.
-H url Use this HTTP proxy to access the CA.
-E PoP by encryption (CA certificate needed).
-v num Protocol version 1|2 of the CA platform. Default is 2.
-y Non-interactive mode. All questions answered with 'y'.
-N file Specifies a file to stir to the random pool.
-Z provspec Specifies the external key provider for private key.
The format of provspec is "providername:initstring".
The following identifiers are used to specify options:
psk -p refnum:key (reference number and pre-shared key)
-p file (containing refnum:key)
-i number (iteration count, default 1024)
certs -c file (certificate file) -k url (private-key URL)
racerts -R file (RA certificate file) -k url (RA private-key URL)
keypair -P url (private-key URL)
id -I number (polling ID)
template -T file (certificate template)
access URL where the CA listens for requests.
name Directory name for the issuing CA (if -C is not given).
Key URLs are either valid external key paths or in the format:
The key generation "savetype" can be:
- ssh2, secsh2, secsh (Secure Shell 2 key type)
- ssh1, secsh1 (legacy Secure Shell 1 key type)
- pkcs1 (PKCS #1 format)
- pkcs8s (passphrase-protected PKCS #8, "shrouded PKCS #8")
- pkcs8 (plain-text PKCS #8)
- x509 (SSH-proprietary X.509 library key type)
-h Prints usage message.
-F Prints key usage extension and keytype instructions.
-e Prints command-line examples.
Cryptomining with the SSH protocol: what big enterprises need to know about it
Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency. Read more
SLAM the door shut on traditional privileged access management
Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity? Read more
We broke the IT security perimeter
Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so. Read more