SSH Policy violation result and key usage alert codes
The following codes show alert and policy violation result codes that can occur while Trust Protection Platform is managing public and private keys for SSH devices:
|
Result Code |
Policy Violation |
Description |
|---|---|---|
|
null |
None |
The authorized key had no policy violation result code. |
|
1 |
IsRootAccessOrphan |
The authorized key in the root account does not have any detected private key. |
|
2 |
IsClientAccessOrphan |
The authorized key in the non-root account does not have any detected private key. |
|
3 |
IsPrivateKeyOrphan |
The client private key does not have any detected authorized key. |
|
4 |
IsKnownHostOrphan |
The known host key does not have any detected host private key. |
|
5 |
IsRootAccess |
An authorized key in the root account is disallowed by the policy. |
|
6 |
IsDuplicateClientPrivateKey |
The multiple instances of the same private key are present for one account. Disallowed by the policy. |
|
7 |
IsIllegalAlgorithm |
The key algorithm does not match the one specified on the policy. |
|
8 |
IsIllegalProtocolVersion |
The usage of SSH1 protocol is disallowed by the policy. |
|
9 |
IsIllegalVendorFormat |
The key format does not match the one specified on the policy. |
|
10 |
IsIllegalForcedCommand |
The authorized key, forced command does not match the one specified on the policy. |
|
11 |
IsIllegalSourceRestrictions |
The authorized key in the AllowedSourceRestriction or AllowedSourceRestriction list does not match the ones specified on the policy. |
|
12 |
IsMissingOptions |
The authorized key does not have the Options required by the policy. |
|
13 |
IsKeyOlderThanAllowed |
The key was not rotated within the time frame that is allowed by the policy. |
|
14 |
IsKeySmallerThanRequired |
The key length is shorter than allowed by the policy. |
|
15 |
IsKeyLengthSmallerThan768 |
The key length is shorter than 768 bits. |
|
16 |
IsSharedPrivateKey |
There are multiple instances of same private key in different accounts. |
|
17 |
IsUnEncryptedKey |
The private key is not encrypted. |
|
18 |
IsSharedServerAccount |
There are multiple authorized keys accessing same account. |
|
19 |
IsPassphraseUnknown |
The private key passphrase is missing. |
|
20 |
IsUnknownClient |
The key is assigned to an unknown client. |
|
21 |
KeyWasNotRotated |
The key was not rotated for the associated devices because the caller marked it as one to skip. |
|
22 |
IsEnvironmentCrossing |
The same keys in two different policies or zones. |
|
33 |
IsDuplicateHostPrivateKey |
The multiple instances of the host private key are present for one account. Disallowed by the policy. |