ktbyers
commented
4 years ago @Darth-Ginger Can you post what you are doing to solve this with Paramiko?
Closed Darth-Ginger closed 10 months ago
ktbyers
commented
4 years ago @Darth-Ginger Can you post what you are doing to solve this with Paramiko?
Darth-Ginger
commented
4 years ago I can indeed. I created a handler for using the auth_interactive portion of paramiko.Transport
cisco1={"hostname":[host],"username":[user],"Okta":2} Def answ_handler(title, instructions, prompt_list): resp = [] for prompt in prompt_list: for key in list(cisco1.keys()): if key in prompt[0].lower(): resp.append(cisco1[key])
input(resp)
return respnet_connect = paramiko.Transport((cisco1["hostname"])) net_connect.connect() net_connect.auth_interactive(cisco1["username"], answ_handler)
Let me know if you need anything further.
ktbyers
commented
3 years ago @Darth-Ginger So here you need to actually type in the okta challenge manually correct?
Is there any workaround where it just automatically works and is embedded in the script. Maybe that is not possible given the security constraints, but it partially defeats the purpose of automation to always have to be there when the script runs.
Regards, Kirk
Darth-Ginger
commented
3 years ago So. I know there is a method for something like that if you have access to the okta app key for an organization. But seeing as in my situation I don't have that I have had to get creative. While you can have okta ask for entry of a pin, there is also the option (in our deployment, and I am sure in others) to send a push notification to a phone. This can be even a phone emulated that can run the okta app. In my case I just use tasker to accept my pushes from Okta. The only the I am trying to push to the challenge is the option (in this case 2) to the request, which then initiates the push notify. Definitely slows the process down since you have to make sure the phone is accepting the notifications correctly but still pretty reliable.
But for other use cases, the transport object is able to reply to any challenge so if there is a software rsa key or something you can generally access those as well.
ktbyers
commented
10 months ago Purging old issues...
I have been experimenting with both Netmiko and Paramiko lately. In my latest set of experiments I find that I can log into my company devices that request Okta input through the use of Paramiko.Transport.auth_interactive to send the option I want (in this case a '2') which then kicks off the push notification and whatnot.
I have not found a similar solution in Netmiko. I thought either response_return or default_enter might hold the key but neither was the solution.
Anyone have thoughts?