jcreameriii
commented
3 years ago Happy Birthday @AndrewCopeland 🎂
Open jcreameriii opened 3 years ago
jcreameriii
commented
3 years ago Happy Birthday @AndrewCopeland 🎂
AndrewCopeland
commented
3 years ago Thanks :)
AndrewCopeland
commented
3 years ago What endpoint would be used to generate the SSH Private key that can be used to connect to the target devices?
I am having a hard time finding it here: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/API-account-actions-LP.htm?tocpath=Developer%7CREST%20APIs%7CAccounts%7CAccount%20actions%7C_____0
I could be looking in the wrong place.
jcreameriii
commented
3 years ago https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/MFA-Caching.htm
This page lists the various commands and links to the endpoint details of each.
AndrewCopeland
commented
3 years ago We will need to update our backend infrastructure to test this feature out. This will be pushed to a future release.
Is your feature request related to a problem? Please describe. v12.1 CyberArk introduced MFA caching support for PSM for SSH. It solves a user experience issue where needing to connect to multiple NIX machines simultaneously/or back-to-back, users needed to authenticate each time. The way CYBR implemented the solution was allowing the user to authenticate once using MFA, and then generated a Private SSH key (PPK, PEM, OpenSSH) that they download an use to authenticate to multiple NIX machines. That key has a short TTL and can be revoked on demand. There is a supported REST API command to generate this instead of needing to go the the PVWA.
Describe the solution you'd like Create a new command set to generate this MFA cache key. Enable the ability to menu select which type of key you want to generate, whether you want to add a passphrase to the key and (possibly) enable saving of the key to the default directory used by Putty.