cybr-cli
cybr-cli copied to clipboard
infamousjoeg
MFA Caching Support for PSM for SSH
Is your feature request related to a problem? Please describe. v12.1 CyberArk introduced MFA caching support for PSM for SSH. It solves a user experience issue where needing to connect to multiple *NIX machines simultaneously/or back-to-back, users needed to authenticate each time. The way CYBR implemented the solution was allowing the user to authenticate once using MFA, and then generated a Private SSH key (PPK, PEM, OpenSSH) that they download an use to authenticate to multiple *NIX machines. That key has a short TTL and can be revoked on demand. There is a supported REST API command to generate this instead of needing to go the the PVWA.
Describe the solution you'd like Create a new command set to generate this MFA cache key. Enable the ability to menu select which type of key you want to generate, whether you want to add a passphrase to the key and (possibly) enable saving of the key to the default directory used by Putty.
What endpoint would be used to generate the SSH Private key that can be used to connect to the target devices?
I am having a hard time finding it here: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/API-account-actions-LP.htm?tocpath=Developer%7CREST%20APIs%7CAccounts%7CAccount%20actions%7C_____0
I could be looking in the wrong place.
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/MFA-Caching.htm
This page lists the various commands and links to the endpoint details of each.
We will need to update our backend infrastructure to test this feature out. This will be pushed to a future release.