Keys
Verification sessions compare the public keys offered by a user’s SSH client against the keys configured on the session.
Accepted formats
Section titled “Accepted formats”The public_key field accepts public keys in OpenSSH authorized key format or PEM format.
OpenSSH example:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... user@example.comPEM example:
-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----Key metadata
Section titled “Key metadata”Each configured key can include:
| Field | Description |
|---|---|
name | Optional label for display in the app. |
external_id | Optional identifier from your system. |
public_key | The key to verify, sent when creating or updating the session. |
Responses include normalized key data:
| Field | Description |
|---|---|
public_key_ssh | Key in OpenSSH format. |
public_key_pem | Key in PEM format. |
public_key_md5 | MD5 fingerprint. |
public_key_sha256 | SHA256 fingerprint. |
public_key_algorithm | Algorithm, such as ssh-ed25519 or ssh-rsa. |
verified_at | Time the key was verified, or null if it has not been verified. |
Use SHA256 fingerprints for user-facing comparisons whenever possible.
Matching behavior
Section titled “Matching behavior”When match_all_keys is disabled, the session can be verified by one matching key. When match_all_keys is enabled,
all configured keys must be verified before the session succeeds.
Enable multi_key when SSHVerify should continue checking multiple keys from the same connection instead of stopping at
the first match.