{"id":29290,"date":"2023-11-13T13:53:56","date_gmt":"2023-11-13T12:53:56","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=29290"},"modified":"2025-01-24T10:42:25","modified_gmt":"2025-01-24T09:42:25","slug":"manage-ssh-keys-with-oracle-key-vault-2-2","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/","title":{"rendered":"Manage SSH public keys with Oracle Key Vault (2\/2)"},"content":{"rendered":"\n<p>by Alexandre Nestor<\/p>\n\n\n\n<p><a href=\"https:\/\/www.dbi-services.com\/blog\/?p=29293\">Manage SSH public keys with Oracle Key Vault (1\/2)<\/a><\/p>\n\n\n\n<p>In the <a href=\"https:\/\/www.dbi-services.com\/blog\/?p=29293\">first post<\/a> these steps where performed: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure the REST API.<\/li>\n\n\n\n<li>How to install the REST API on server.<\/li>\n\n\n\n<li>Configure the REST API on server.<\/li>\n\n\n\n<li>Declare and enroll the server endpoint using the REST API.<\/li>\n<\/ul>\n\n\n\n<p> Let&#8217;s now upload the keys configure the ssh daemon and make a connection using ssh key from OKV. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-upload-public-key-to-okv\">Upload public key to OKV<\/h3>\n\n\n\n<p>First generate some ssh keys: <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli ~]$ ssh-keygen -t rsa -b 2048\n<\/pre><\/div>\n\n\n<p>If the public key is not in the format PKCS8, which is almost sure, we need to convert it first. <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli ~]$ ssh-keygen -e -m PKCS8 -f $HOME\/.ssh\/id_rsa.pub &gt; $HOME\/.ssh\/id_rsa-pkcs8.pub\n\n&#x5B;opc@tstokvcli ~]$ cat $HOME\/.ssh\/id_rsa-pkcs8.pub\n-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuLrgarG7OgvUkixlu25d\n........\nKhrUWpazjmhm9fR+RIec6fjgVbh\/7Q6dKPzl0kY00yUawvejsLFChWi+V4Mk3PUk\n2mbHWkxIFvMab4HXWfAwXyMTUXNv\/Bs\/jTaK4Z3eb87HAgMBAAE=\n-----END PUBLIC KEY-----\n<\/pre><\/div>\n\n\n<p>Upload the key<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli ~]$ $OKV_HOME\/bin\/okv managed-object public-key register --generate-json-input &amp;gt; \/tmp\/t.json\n\n&#x5B;opc@tstokvcli log]$ cat \/tmp\/t.json\n{\n  &quot;service&quot; : {\n    &quot;category&quot; : &quot;managed-object&quot;,\n    &quot;resource&quot; : &quot;public-key&quot;,\n    &quot;action&quot; : &quot;register&quot;,\n    &quot;options&quot; : {\n      &quot;object&quot; : &quot;\/home\/opc\/.ssh\/id_rsa-pkcs8.pub&quot;,\n      &quot;algorithm&quot; : &quot;RSA&quot;,\n      &quot;length&quot; : &quot;2048&quot;,\n      &quot;mask&quot; : &#x5B; &quot;ENCRYPT&quot; ],\n      &quot;sshUser&quot; : &quot;oracle&quot;,\n      &quot;attributes&quot; : {\n        &quot;name&quot; : {\n          &quot;value&quot; : &quot;ORACLE-PUBKEY&quot;,\n          &quot;type&quot; : &quot;text&quot;\n        },\n        &quot;activationDate&quot; : &quot;NOW&quot;,\n        &quot;deactivationDate&quot; : &quot;2099-12-01 00:00:00&quot;\n      }\n    }\n  }\n}\n\n&#x5B;opc@tstokvcli log]$ $OKV_HOME\/bin\/okv managed-object public-key register --from-json \/tmp\/t.json\n{\n  &quot;result&quot; : &quot;Success&quot;,\n  &quot;value&quot; : {\n    &quot;uuid&quot; : &quot;2AC6239C-C673-4FBC-BFF1-6D4A17990634&quot;\n  }\n}\n<\/pre><\/div>\n\n\n<p>The UUID is to be kept, as this is the identifier in OKV for this key.<\/p>\n\n\n\n<p>At this moment the key is loaded in OKV but is not a part of any wallet. In the <a href=\"https:\/\/www.dbi-services.com\/blog\/?p=29293\">previous post<\/a> we create an ssh wallet <code>oracle_ssh_wallet<\/code>, and grant the rights to manage this wallet to the endpoint. <\/p>\n\n\n\n<p>Now we are going to add this key to the wallet <code>oracle_ssh_wallet<\/code>:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli log]$ $OKV_HOME\/bin\/okv managed-object wallet add-member --generate-json-input &gt; \/tmp\/t.json\n\n&#x5B;opc@tstokvcli log]$ cat \/tmp\/t.json\n{\n  &quot;service&quot; : {\n    &quot;category&quot; : &quot;managed-object&quot;,\n    &quot;resource&quot; : &quot;wallet&quot;,\n    &quot;action&quot; : &quot;add-member&quot;,\n    &quot;options&quot; : {\n      &quot;uuid&quot; : &quot;2AC6239C-C673-4FBC-BFF1-6D4A17990634&quot;,\n      &quot;wallet&quot; : &quot;oracle_ssh_wallet&quot;\n    }\n  }\n}\n\n&#x5B;opc@tstokvcli log]$ $OKV_HOME\/bin\/okv managed-object wallet add-member --from-json \/tmp\/t.json\n{\n  &quot;result&quot; : &quot;Success&quot;\n}\n<\/pre><\/div>\n\n\n<p>As a verification we can list the wallet content by using the REST API commands:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli log]$ $OKV_HOME\/bin\/okv manage-access wallet list-objects --generate-json-input &gt; \/tmp\/t.json\n\n&#x5B;opc@tstokvcli log]$ cat \/tmp\/t.json\n{\n  &quot;service&quot; : {\n    &quot;category&quot; : &quot;manage-access&quot;,\n    &quot;resource&quot; : &quot;wallet&quot;,\n    &quot;action&quot; : &quot;list-objects&quot;,\n    &quot;options&quot; : {\n      &quot;wallet&quot; : &quot;oracle_ssh_wallet&quot;\n    }\n  }\n}\n\n&#x5B;opc@tstokvcli log]$  $OKV_HOME\/bin\/okv manage-access wallet list-objects --from-json \/tmp\/t.json\n{\n  &quot;result&quot; : &quot;Success&quot;,\n  &quot;value&quot; : {\n    &quot;fetchedObjectCount&quot; : &quot;1&quot;,\n    &quot;managedObjects&quot; : &#x5B; {\n      &quot;creatingEndpoint&quot; : &quot;TSTOKVCLI&quot;,\n      &quot;creationDate&quot; : &quot;2023-11-07 15:34:27&quot;,\n      &quot;deactivationDate&quot; : &quot;2099-12-01 00:00:00&quot;,\n      &quot;displayName&quot; : &quot;SSH Key for user: oracle, Fingerprint: SHA256:CalWw0m5Z3KnlXhCbFz3OmiYT2\/ubfrk60DO\/0oCTTY&quot;,\n      &quot;name&quot; : &quot;ORACLE-PUBKEY&quot;,\n      &quot;protectStopDate&quot; : &quot;&quot;,\n      &quot;state&quot; : &quot;Active&quot;,\n      &quot;type&quot; : &quot;Public Key&quot;,\n      &quot;uuid&quot; : &quot;2AC6239C-C673-4FBC-BFF1-6D4A17990634&quot;,\n      &quot;walletMembership&quot; : &#x5B; &quot;oracle_ssh_wallet&quot; ]\n    } ]\n  }\n}\n<\/pre><\/div>\n\n\n<p>or using the <code>okvutil<\/code> from the endpoint, which should work too as this will be the tool used by ssh daemon to retrieve the key from OKV: <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli ~]$ \/opt\/okvutil\/bin\/okvutil list\nUnique ID                               Type            Identifier\n2AC6239C-C673-4FBC-BFF1-6D4A17990634\tPublic Key\tSSH Key for user: oracle, Fingerprint: SHA256:CalWw0m5Z3KnlXhCbFz3OmiYT2\/ubfrk60DO\/0oCTTY\n<\/pre><\/div>\n\n\n<p>Before configure ssh daemon let&#8217;s try to retrieve the key from OKV, and convert it back to an RSA key to be used in <code>authorized_keys<\/code> file:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli ~]$ $OKV_HOME\/bin\/okv managed-object public-key get --output_format TEXT --uuid 2AC6239C-C673-4FBC-BFF1-6D4A17990634 &gt; \/tmp\/ssh_pkcs8.pub \n\n&#x5B;opc@tstokvcli ~]$ cat \/tmp\/ssh_pkcs8.pub \n-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuLrgarG7OgvUkixlu25d\nMU9182jk+UEpCy2vGQdUvp65yp\/NylkiBSeIzI35SA79vrJcy\/1rXeovosxmryoQ\nuDlGFUwCewXqogXSDuwXUlQGsNM2RcsfivTkZYtQ+8B7NGlzyXfDA5i\/eGN8yv6U\nDTFcsr6EEYgR42CtsbMxQDDeCNRjhKN0DP\/41QMaWNFy5qB2zI+jeBgu4yvSmlKA\nMH1OCXnRMmFFfkC8wLFRb6GFo1dqBWXAGY4VycGUqeYNfMX\/fozb5ArsRCkh\/\/ir\nfaH5R6gaga9W6UpOlsNWwQ69kaByeQq6Xsnd3s1o6BcVL6YgEH94AkENeUbS3Cs6\n11FfgzLQBectgISitpDKtFSepENpcfsSoAEkj24mtPCZKkG1zxYIQyWfXR7y6GbF\nKhrUWpazjmhm9fR+RIec6fjgVbh\/7Q6dKPzl0kY00yUawvejsLFChWi+V4Mk3PUk\n2mbHWkxIFvMab4HXWfAwXyMTUXNv\/Bs\/jTaK4Z3eb87HAgMBAAE=\n-----END PUBLIC KEY-----\n\n&#x5B;opc@tstokvcli .ssh]$ ssh-keygen -i -f \/tmp\/ssh_pkcs8.pub  -m PKCS8 \nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmSoCFY7XflTUNoPBLLaLYfloGCPhbHewlo7niJ0xUnGHLzaHJ7DHbG9nmxRSFh+eZWzqDt2ZzKVWKLuAG53+3nJZ+\/ksZZ80tjC6WtRA37nY3D+RBZ3wA4sxI5jCVqHxbpKQARlDlLMlLLxHEegJ1yXULHmIcJMf9p3HiBJwxSZKWBZyJAWMh6v671EK0RBez+bKDud7\/VDhYeVcLOxNceC25NnfjJyftigN95Bk\/miIJ49BGThdmcRY9txR2d9RrE7ZK1YEv+bAAKHRb9w8d\/FWvo1XMGA+yNWa\/5MV\/V\/EDA1OMcimyWT6YLM4zkmt9GUSOHgmmu\/g8niE4HNl\n\n<\/pre><\/div>\n\n\n<p>The generated ssh key was:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;opc@tstokvcli .ssh]$ cat id_rsa.pub\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmSoCFY7XflTUNoPBLLaLYfloGCPhbHewlo7niJ0xUnGHLzaHJ7DHbG9nmxRSFh+eZWzqDt2ZzKVWKLuAG53+3nJZ+\/ksZZ80tjC6WtRA37nY3D+RBZ3wA4sxI5jCVqHxbpKQARlDlLMlLLxHEegJ1yXULHmIcJMf9p3HiBJwxSZKWBZyJAWMh6v671EK0RBez+bKDud7\/VDhYeVcLOxNceC25NnfjJyftigN95Bk\/miIJ49BGThdmcRY9txR2d9RrE7ZK1YEv+bAAKHRb9w8d\/FWvo1XMGA+yNWa\/5MV\/V\/EDA1OMcimyWT6YLM4zkmt9GUSOHgmmu\/g8niE4HNl opc@tstokvcli\n<\/pre><\/div>\n\n\n<p>which is the same but the comment. <\/p>\n\n\n\n<p>Now we are able to populate automatically the <code>authorized_keys<\/code> file, with a <code>cron<\/code> job for instance or by script.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-configure-the-ssh-daemon-get-keys-directly-from-okv\">Configure the ssh daemon get keys directly from OKV<\/h3>\n\n\n\n<p>Now we are going to configure the ssh to automatically get the public key when an ssh client try to connect.<br>For this we use the <code>AuthorizedKeysCommand<\/code> and <code>AuthorizedKeysCommandUser<\/code> parameters of <code>sshd<\/code> daemon <code>sshd_config<\/code> file. <\/p>\n\n\n\n<p><code>AuthorizedKeysCommand<\/code> specifies a program to be used to look up the user&#8217;s public keys.<br>The program must be owned by root, not writable by group or others and specified by an absolute path.<\/p>\n\n\n\n<p>Otherwise you will have in <code>\/var\/log\/secure<\/code> traces like:<br><code>error: Unsafe AuthorizedKeysCommand \"... okv_ssh_ep_lookup_authorized_keys\": bad ownership or modes for directory ... bin<\/code><\/p>\n\n\n\n<p>For the demo purpose I will  create an user <code>oracle<\/code> on the same server and make a connection from <code>opc<\/code> account to <code>oracle<\/code> account using ssh.<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n&#x5B;root@tstokvcli ~]# cat \/etc\/ssh\/sshd_config\n....\nAuthorizedKeysCommand \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k get_authorized_keys_for_user %u %f %k\nAuthorizedKeysCommandUser root\n....\n\n&#x5B;root@tstokvcli ~]# systemctl restart sshd\n<\/pre><\/div>\n\n\n<p>For debug purpose, I started sshd daemon in debug mode. The traces show the call of <code>\/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys<\/code> program when connection as <code>oracle<\/code> (<code>ssh oracle@tstokvcli<\/code>) user are made. <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;root@tstokvcli ~]# tail -f \/var\/log\/secure\n.....\nNov  8 14:59:56 tstokvcli sshd&#x5B;21835]: AuthorizedKeysCommand \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user oracle SHA256:o6r9tlURDNyA104Ei7RWGUBmXYDdy8jJFSfbWGFKtd0 AAAAB3NzaC1yc2EAAAADAQABAAABAQDRmSoCFY7XflTUNoPBLLaLYfloGCPhbHewlo7niJ0xUnGHLzaHJ7DHbG9nmxRSFh+eZWzqDt2ZzKVWKLuAG53+3nJZ+\/ksZZ80tjC6WtRA37nY3D+RBZ3wA4sxI5jCVqHxbpKQARlDlLMlLLxHEegJ1yXULHmIcJMf9p3HiBJwxSZKWBZyJAWMh6v671EK0RBez+bKDud7\/VDhYeVcLOxNceC25NnfjJyftigN95Bk\/miIJ49BGThdmcRY9txR2d9RrE7ZK1YEv+bAAKHRb9w8d\/FWvo1XMGA+yNWa\/5MV\/V\/EDA1OMcim\n<\/pre><\/div>\n\n\n<p>and from the debug traces: <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ndebug1: restore_uid: 0\/0\ndebug1: temporarily_use_uid: 0\/0 (e=0\/0)\ndebug1: \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k:14: matching key found: RSA SHA256:o6r9tlURDNyA104Ei7RWGUBmXYDdy8jJFSfbWGFKtd0\ndebug1: \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k:14: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding\nAccepted key RSA SHA256:o6r9tlURDNyA104Ei7RWGUBmXYDdy8jJFSfbWGFKtd0 found at \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k:14\ndebug1: restore_uid: 0\/0\nPostponed publickey for oracle from 172.168.1.181 port 51386 ssh2 &#x5B;preauth]\n.....\n\ndebug1: \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k:14: matching key found: RSA SHA256:o6r9tlURDNyA104Ei7RWGUBmXYDdy8jJFSfbWGFKtd0\ndebug1: \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k:14: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding\nAccepted key RSA SHA256:o6r9tlURDNyA104Ei7RWGUBmXYDdy8jJFSfbWGFKtd0 found at \/opt\/okvutil\/bin\/okv_ssh_ep_lookup_authorized_keys get_authorized_keys_for_user %u %f %k:14\ndebug1: restore_uid: 0\/0\n.....\nAccepted publickey for oracle from 172.168.1.181 port 51386 ssh2: RSA SHA256:o6r9tlURDNyA104Ei7RWGUBmXYDdy8jJFSfbWGFKtd0\n<\/pre><\/div>\n\n\n<p>In a high secure environement sshd can be configured to disable the <code>.ssh\/authorized_keys<\/code> at all so the only keys to be used will be those get from OKV. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-important\">IMPORTANT. <\/h4>\n\n\n\n<p>As I spent some time to figure out what happens&#8230;.<\/p>\n\n\n\n<p><code>\/opt\/bin\/okvutil<\/code> use <code>java<\/code>. So I had to pass SELINUX to <code>PERMISSIVE<\/code>. Otherwise <code>java<\/code> cannot be executed from <code>systemd<\/code>. The error is:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\nNov 09 13:38:28 tstokvcli sshd&#x5B;22452]: + CURRENT_JAVA_VERSION=&#039;Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00007f89584bc000, 2555904, 1) failed; error=&#039;\\&#039;&#039;Permission denied&#039;\\&#039;&#039; (errno=13)\n<\/pre><\/div>\n\n\n<p>To output this error in the <code>\/var\/log\/messages<\/code> I added the bash debug option <code>set -x<\/code> to <code>\/opt\/okvutil\/bin\/okvcli<\/code> shell.<\/p>\n\n\n\n<p>In <code>PERMISSIVE<\/code> mode, SELINUX will output in <code>\/var\/log\/messages<\/code> all informations and commands to execute to keep the <code>ENFORCED<\/code> mode, but on this test platform I didn&#8217;t implement all this stuff.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion <\/h2>\n\n\n\n<p>The post treat only the the SSH public keys management. OKV propose also to manage the private KEYS and also to generate them. This is for another post. <\/p>\n\n\n\n<p>Is OKV  the simplest method to concentrate all public keys ? The answer is maybe <strong>no<\/strong>.<\/p>\n\n\n\n<p>But as OKV is the best solution to manage the Oracle TDE keys, it is nice to have, only one tool to manage all keys, SSH included.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oracle Key Vault 21.7 introduce the SSH key support, a new type of endpoint(SSH server) and a new wallet type (SSH Wallet).<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[59],"tags":[3153,96,3152],"type_dbi":[3155,2728],"class_list":["post-29290","post","type-post","status-publish","format-standard","hentry","category-oracle","tag-okv","tag-oracle","tag-oracle-key-vault","type-okv","type-oracle"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Manage SSH public keys with Oracle Key Vault (2\/2) - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Manage SSH public keys with Oracle Key Vault (2\/2)\" \/>\n<meta property=\"og:description\" content=\"Oracle Key Vault 21.7 introduce the SSH key support, a new type of endpoint(SSH server) and a new wallet type (SSH Wallet).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-13T12:53:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-24T09:42:25+00:00\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"Manage SSH public keys with Oracle Key Vault (2\/2)\",\"datePublished\":\"2023-11-13T12:53:56+00:00\",\"dateModified\":\"2025-01-24T09:42:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\"},\"wordCount\":565,\"commentCount\":1,\"keywords\":[\"OKV\",\"Oracle\",\"Oracle Key Vault\"],\"articleSection\":[\"Oracle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\",\"name\":\"Manage SSH public keys with Oracle Key Vault (2\/2) - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2023-11-13T12:53:56+00:00\",\"dateModified\":\"2025-01-24T09:42:25+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Manage SSH public keys with Oracle Key Vault (2\/2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Manage SSH public keys with Oracle Key Vault (2\/2) - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/","og_locale":"en_US","og_type":"article","og_title":"Manage SSH public keys with Oracle Key Vault (2\/2)","og_description":"Oracle Key Vault 21.7 introduce the SSH key support, a new type of endpoint(SSH server) and a new wallet type (SSH Wallet).","og_url":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/","og_site_name":"dbi Blog","article_published_time":"2023-11-13T12:53:56+00:00","article_modified_time":"2025-01-24T09:42:25+00:00","author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"Manage SSH public keys with Oracle Key Vault (2\/2)","datePublished":"2023-11-13T12:53:56+00:00","dateModified":"2025-01-24T09:42:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/"},"wordCount":565,"commentCount":1,"keywords":["OKV","Oracle","Oracle Key Vault"],"articleSection":["Oracle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/","url":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/","name":"Manage SSH public keys with Oracle Key Vault (2\/2) - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2023-11-13T12:53:56+00:00","dateModified":"2025-01-24T09:42:25+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/manage-ssh-keys-with-oracle-key-vault-2-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Manage SSH public keys with Oracle Key Vault (2\/2)"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/29290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=29290"}],"version-history":[{"count":27,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/29290\/revisions"}],"predecessor-version":[{"id":36868,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/29290\/revisions\/36868"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=29290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=29290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=29290"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=29290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}