LoginSign UpGet Demo
Get accountRequest Demo
DocumentationIntegrationsTools
BlogChangelogPricingLogin
Back

SSH (key-based auth) API Essential Guide

Aug 7, 20246 minute read

What type of API does SSH (key-based auth) provide?

SSH (Secure Shell) with key-based authentication does not use a typical API architecture like REST, GraphQL, or SOAP. Instead, it uses its own protocol for secure remote access and communication.

SSH Protocol

  • SSH is a network protocol used for secure remote login and other secure network services over an insecure network.
  • It uses public-key cryptography for authentication and encryption.
  • SSH is not an API in the traditional sense, but rather a secure communication protocol.

Key-Based Authentication

  • With key-based authentication, SSH uses cryptographic key pairs instead of passwords.
  • The public key is stored on the server, while the private key remains on the client.
  • During authentication, the server verifies that the client possesses the correct private key.

SSH Communication

  • SSH establishes an encrypted channel for all communication between the client and server.
  • It allows for secure file transfers, remote command execution, and port forwarding.
  • The SSH protocol handles the details of encryption, integrity, and authentication.

Comparison to Web APIs

  • Unlike REST, GraphQL, or SOAP, SSH does not expose a set of endpoints or resources for applications to interact with.
  • SSH is primarily used for secure remote access and administration, not for building web services or applications.
  • Web APIs typically operate over HTTP/HTTPS, while SSH uses its own protocol over TCP.

In summary, SSH with key-based authentication is a secure communication protocol rather than an API architecture like REST, GraphQL, or SOAP. It provides a different set of capabilities focused on secure remote access and administration.

Does the SSH (key-based auth) API have webhooks?

Based on the search results provided, it appears that the official SSH (key-based auth) API does not have webhooks. The search results do not contain any information about webhooks specifically for SSH key-based authentication.

The key points to consider are:

  1. The search results primarily focus on webhooks for other services like Square, HubSpot, and HTTP/Webhook integrations.

  2. There is no mention of SSH-specific webhooks or events that can be subscribed to for SSH key-based authentication.

  3. The SSH-related information in the search results is limited to executing commands via SSH, but does not discuss webhooks or event subscriptions.

  4. Webhooks are typically used for real-time notifications of events in web applications or APIs, which is not a common use case for SSH authentication.

  5. SSH is primarily a protocol for secure remote access and command execution, rather than an API that would typically offer webhook functionality.

Given this information, it's safe to conclude that the official SSH (key-based auth) API does not have webhooks, and there are no specific events you can subscribe to in this context.

If you're looking to monitor SSH-related events, you might need to explore other options such as:

  • Log monitoring solutions
  • Security information and event management (SIEM) systems
  • Custom scripts to parse SSH logs and generate notifications

These alternatives can help you track SSH authentication attempts, successful logins, and other SSH-related activities, but they would not be part of the official SSH API or use a webhook mechanism.

Rate Limits and other limitations

Based on the provided search results, here is a summary of the API rate limits for SSH (key-based auth) API:

Primary Rate Limits

  1. For authenticated users:

    • 5,000 requests per hour for personal access tokens
    • 15,000 requests per hour for GitHub Apps owned by GitHub Enterprise Cloud organizations

  2. For OAuth apps:

    • Same as authenticated users when using OAuth access tokens
    • 5,000 requests per hour when using client ID and client secret for public data
    • 15,000 requests per hour if the app is owned by a GitHub Enterprise Cloud organization

  3. For GitHub App installations:

    • 5,000 requests per hour minimum
    • 15,000 requests per hour for installations on GitHub Enterprise Cloud organizations
    • For non-Enterprise Cloud installations, the rate limit scales with the number of users and repositories:
      • Additional 50 requests per hour for each repository beyond 20
      • Additional 50 requests per hour for each user beyond 20
      • Maximum of 12,500 requests per hour

  4. For GITHUB_TOKEN in GitHub Actions:

    • 1,000 requests per hour per repository
    • 15,000 requests per hour per repository for GitHub Enterprise Cloud accounts

  5. For unauthenticated requests:

    • 60 requests per hour

Secondary Rate Limits

GitHub also enforces secondary rate limits to prevent abuse:

  1. No more than 100 concurrent requests across REST and GraphQL APIs
  2. No more than 900 points per minute for REST API endpoints
  3. No more than 2,000 points per minute for the GraphQL API endpoint
  4. No more than 90 seconds of CPU time per 60 seconds of real time
  5. Content creation limits: generally no more than 80 content-generating requests per minute and 500 per hour

Key Points to Consider

  • Rate limits are subject to change without notice
  • Exceeding rate limits results in 403 or 429 responses
  • Use response headers to check your current rate limit status
  • Consider using authenticated requests, GitHub Apps, or upgrading to GitHub Enterprise Cloud for higher rate limits

Best Practices

  1. Follow best practices to stay under rate limits
  2. Use the response headers to monitor your rate limit status
  3. Implement proper error handling and retry logic for rate limit errors
  4. Consider using GitHub Apps for higher and more scalable rate limits

It's important to note that these rate limits apply to the GitHub API in general, and not specifically to the SSH (key-based auth) API. The SSH key-related endpoints would fall under these general rate limit rules.

Latest API Version

The most recent version of the SSH (key-based auth) API is part of OpenSSH 9.3, which was released on March 15, 2023 [2]. However, the search results provided do not contain information about this specific version. The most recent version mentioned in the search results is OpenSSH 7.8, released on August 24, 2018 [3].

Key points to consider:

  1. OpenSSH is a complete implementation of the SSH protocol, including support for key-based authentication [3].

  2. The OpenSSH project regularly releases updates with new features, bug fixes, and security improvements [3].

  3. The release notes for OpenSSH 7.8 mention several changes related to key-based authentication, including:

    • New signature algorithms for RSA/SHA2 certificates [3]
    • Changes to the PubkeyAcceptedKeyTypes option semantics [3]

  4. While not the most recent, OpenSSH 7.8 introduced some important features and changes related to key-based authentication [3].

It's important to note that the SSH protocol itself has not had major version changes in recent years. The improvements and changes are typically made within the implementations like OpenSSH, rather than to the core protocol.

For the most up-to-date information on the latest OpenSSH version and its features, it's recommended to check the official OpenSSH website or the project's repository, as the information provided in the search results is not current.

How to get a SSH (key-based auth) developer account and API Keys?

Here's how you can get a developer account for SSH (key-based auth) to create an API integration:

Steps to Set Up SSH Key Authentication

  1. Generate an SSH key pair:

    ssh-keygen

    This will create a private key (id_rsa) and a public key (id_rsa.pub) in your ~/.ssh directory.

  2. View your public key:

    cat ~/.ssh/id_rsa.pub

    This will display the contents of your public key.

  3. Add your public key to the service or platform you're integrating with:

    • For services like GitHub, you typically add the SSH key through their web interface.
    • For servers, you can use the ssh-copy-id command: 
      ssh-copy-id username@remote_host
      This adds your public key to the server's ~/.ssh/authorized_keys file.

  4. Test the connection using your SSH key:

    ssh username@remote_host

    If successful, you should be able to log in without entering a password.

What can you do with the SSH (key-based auth) API?

Here are the key points on how to set up SSH key-based authentication instead of using passwords:

Generate SSH Key Pair

  • On the client machine, use ssh-keygen to generate a public/private key pair
  • The private key stays on the client, the public key goes on the server

Add Public Key to Server

  • Copy the public key (e.g. id_rsa.pub) to the server
  • Add the contents to ~/.ssh/authorized_keys for the user account

Configure SSH Server

  • Edit /etc/ssh/sshd_config on the server
  • Set PubkeyAuthentication yes
  • Set PasswordAuthentication no to disable password auth
  • Restart sshd service

Use Key to Connect

  • SSH will automatically use the private key when connecting
  • No password prompt, just authenticates with the key

Key Points

  • More secure than passwords
  • Private key must be kept secret
  • Passphrase can be added to private key for extra security
  • Multiple keys can be added for different clients/users

Best Practices

  • Use strong key encryption (e.g. Ed25519)
  • Protect private keys with passphrases
  • Regularly rotate keys
  • Remove unused keys from authorized_keys

This allows for passwordless, key-based SSH authentication which is generally more secure than using passwords. The private key acts as the credential instead of a password.

Ship integrations on autopilot

Get Demo
Resources
DocumentationIntegrationsAPI Integration GuidesBlogChangelogPricingSupport
Legal
Terms of ServicePrivacy PolicyGoogle API
© 2024 Playbook Software Inc.