ssh-scepclient command [options] access [name]
Where command is one of the following:
ENROLL keypair ca psk template
POLL keypair ca -r state-file
Most commands can accept the following options:
-o prefix Save result into files with prefix.
-S url Use this socks server to access CA.
-H url Use this HTTP proxy to access CA.
-N file Specifies a file to stir to the random pool.
-Z provspec Specifies the external key provider for private key.
The format of provspec is "providername:initstring".
The following identifiers are used to specify options:
psk -p key (used as revocationPassword or challengePassword)
keypair -P url (private-key URL)
ca -C file (CA certificate file)
-E file (RA encryption certificate file)
-V file (RA validation certificate file)
template -T file (certificate template)
access URL where the CA listens for requests.
GET-CA and GET-CHAIN take name argument, that is something
interpreted by the CA to specify a CA entity managed by the responder.
Key URLs are either valid external key paths or in the format:
The "keytype" for the SCEP protocol has to be "rsa".
The key generation "savetype" can be:
- ssh2 (Secure Shell 2 key type)
- ssh1 (Legacy Secure Shell 1 key type)
- ssh (SSH proprietary crypto library format, passphrase-protected)
- pkcs1 (PKCS#1 format)
- pkcs8s (passphrase-protected PKCS#8, "shrouded PKCS#8")
- pkcs8 (plain-text PKCS#8)
- x509 (SSH proprietary X.509 library key type)
Cryptomining with the SSH protocol: what big enterprises need to know about it
Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency. Read more
SLAM the door shut on traditional privileged access management
Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity? Read more
We broke the IT security perimeter
Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so. Read more