Create and run alias commands

Instead of running the full DPA connection commands, you can create a short easy-to-use alias that holds your details so you don't need to type them every time you make a connection.

The script below can be run in your Linux machine in your CLI client. The script saves the alias commands in your default shell.

Two alias commands are available after the script is run:

  • cybr-ssh - only runs the SSH command, for those who do not want to use MFA caching.

  • cybr-sso - runs the MFA caching command (to get the key) and, after that, the SSH command.

function print_aliases(){
    printf "Your aliases were created. You can now use the following commands when connecting to a target via DPA:\n"
    params=$1
    shift
    for alias in "$@"
    do
      echo "$alias" "$params" 
    done
}
function sanitize_user_input_for_filename(){
    file_name=$(echo "$1" | sed -r 's/[/\\:?<>|*]//g')
    echo $file_name
}

function setup_alias() {
    ALIAS="$1"
    FUNCTION_NAME="$2"
    COMMAND="$3"
    if [ -f "$HOME/.zshrc" ]
    then
      setup_alias_internal "$ALIAS" "$FUNCTION_NAME" "$COMMAND" "$HOME/.zshrc"
    fi
    setup_alias_internal "$ALIAS" "$FUNCTION_NAME" "$COMMAND" "$HOME/.bashrc"
}
 
function setup_alias_internal() {
    ALIAS="$1"
    FUNCTION_NAME="$2"
    COMMAND="$3"
    RC="$4"
    if [[ $(grep -c "$ALIAS=" "$RC") -gt 0 ]]; then
      sed -i.bak "/alias $ALIAS/d" "$RC"
      sed -i.bak "/^$FUNCTION_NAME/,/^}/d" "$RC"
    fi
    if [[ $(grep -c "sanitize_user_input_for_filename" "$RC") -eq 0 ]]; then
      echo "sanitize_user_input_for_filename(){
            file_name=$(echo "\$1" | sed -r 's/[/\\:?<>|*]//g')
            echo \$file_name
          }" >> "$RC"
    fi
    echo "$COMMAND" >> "$RC"
    echo alias "$ALIAS"=\""$FUNCTION_NAME"\" >> "$RC"
}

function get_user_input() {
    MESSAGE="$1"
    USER_INPUT=""
    while [[ -z "$USER_INPUT" ]]
    do
      if [ -n "$BASH_VERSION" ]; then
        read -p "$MESSAGE " USER_INPUT;
      else
        read -r "USER_INPUT?$MESSAGE "        
      fi
    done
    echo "$USER_INPUT"
}

function set_aliases_without_username(){
  ssh_gw_address="$1"
  tenant="$2"
  key_path="$3"
  setup_alias cybr-ssh f-ssh "f-ssh() {
    counter="'"${1//[^@]}" && counter="${#counter}"'"
    if [[ "\$counter" -eq 2 ]]
    then
      IFS="'"@"'" read -r USER_NAME LOGIN_PREFIX TARGET_ID <<< "'"$1"'"
      file_name=$(sanitize_user_input_for_filename "$tenant"_"\$USER_NAME"@"\$LOGIN_PREFIX");
      KEY_PATH=$key_path/"\$file_name"
      if [ -f "\$KEY_PATH" ]
      then
        ssh -i "\$KEY_PATH" "\$USER_NAME"@"\$LOGIN_PREFIX"#$tenant@"\$TARGET_ID"@${ssh_gw_address}
      else
        ssh "\$USER_NAME"@"\$LOGIN_PREFIX"#$tenant@"\$TARGET_ID"@${ssh_gw_address}
      fi
    else  
      echo 'Bad input. Use this syntax: cybr-ssh <username>@<login_prefix>@<target_address>'
    fi
  }"
  setup_alias cybr-login f-login "f-login() {
    full_user_name="\$1"
    key_path="\$2"
    if [[ -z "\$full_user_name" ]]
    then
      echo 'Bad input. Use this syntax: cybr-sso <username>@<login_prefix>@<target_address>'
    else
      sftp -i "\$key_path" "\$full_user_name"#${tenant}@key@${ssh_gw_address}:/key "\$key_path"
    fi
  }"
  setup_alias cybr-sso f-sso "f-sso() { 
    counter="'"${1//[^@]}" && counter="${#counter}"'"
    if [[ "\$counter" -eq 2 ]]
    then
      IFS="'"@"'" read -r USER_NAME LOGIN_PREFIX TARGET_ID <<< "'"$1"'"
      file_name=$(sanitize_user_input_for_filename "$tenant"_"\$USER_NAME"@"\$LOGIN_PREFIX");
      KEY_PATH=$key_path/"\$file_name"
      cybr-login "\$USER_NAME"@"\$LOGIN_PREFIX" "\$KEY_PATH"
      cybr-ssh "\$1"
    else  
      echo 'Bad input. Use this syntax: cybr-sso <username>@<login_prefix>@<target_address>'
    fi
  }"
}

function set_aliases_with_username(){
    user="$1"
    key_path="$2"
    key_file_name="$3"
    ssh_gw_address="$4"
    tenant="$5"
    setup_alias cybr-ssh f-ssh "f-ssh() {
      if [[ -z "\$1" ]]
      then
        echo Missing target-id.
      else
        counter="'"${1//[^@]}" && counter="${#counter}"'"
        if [[ "\$counter" -eq 2 ]]
        then
          IFS="'"@"'" read -r USER_NAME LOGIN_PREFIX TARGET_ID <<< "'"$1"'"
          file_name=$(sanitize_user_input_for_filename "$tenant"_"\$USER_NAME"@"\$LOGIN_PREFIX");
          KEY_PATH=$key_path/"\$file_name"
          if [ -f "\$KEY_PATH" ]
          then
            ssh -i "\$KEY_PATH" "\$USER_NAME"@"\$LOGIN_PREFIX"#$tenant@"\$TARGET_ID"@${ssh_gw_address}
          else
            ssh "\$USER_NAME"@"\$LOGIN_PREFIX"#$tenant@"\$TARGET_ID"@${ssh_gw_address}
          fi
        else  
          key_path=$key_path/${key_file_name}
          if [ -f "\${key_path}" ]
          then
            ssh -i \${key_path} ${user}#$tenant@"\$1"@${ssh_gw_address}
          else
            ssh ${user}#$tenant@"\$1"@${ssh_gw_address}
          fi
        fi
      fi
    }"
    setup_alias cybr-login f-login "f-login() {
      counter="'"${1//[^@]}" && counter="${#counter}"'"
      if [[ "\$counter" -eq 2 ]]
      then
        IFS="'"@"'" read -r USER_NAME LOGIN_PREFIX TARGET_ID <<< "'"$1"'"
        file_name=$(sanitize_user_input_for_filename "$tenant"_"\$USER_NAME"@"\$LOGIN_PREFIX");
        KEY_PATH=$key_path/"\$file_name"
        sftp -i "\$KEY_PATH" "\$USER_NAME"@"\$LOGIN_PREFIX"#$tenant@key@${ssh_gw_address}:/key "\$KEY_PATH"
      else  
        key_path=$key_path/${key_file_name}
        sftp -i "\$key_path" ${user}#$tenant@key@${ssh_gw_address}:/key "\$key_path";
      fi    
    }"
    setup_alias cybr-sso f-sso "f-sso() {
      if [[ -z "\$1" ]]
      then
        echo Missing target-id.
      else
        cybr-login "\$1" 
        cybr-ssh "\$1"
      fi
    }"
}

function create_aliases(){
  tenant=${tenant_name}
  if [[ -z "$tenant" ]]; then
      tenant="$(get_user_input "Enter your tenant subdomain:")"
  fi
  ssh_gw_address=${tenant}".ssh.cyberark.cloud"
  echo -n "Enter your full username <username>@<login_prefix>, or leave empty so the username is not saved and authentication of different identities is enabled: " && read user

  key_file_name=$(sanitize_user_input_for_filename "$tenant"_"$user");
  params="";
  if [[ -z "$user" ]]; then
      echo -n "Enter the path where the key will be saved, or leave empty to use the default path [~/.ssh/<tenant_name>_<username>@<login_prefix>]: " && read key_path;
      if [[ -z "$key_path" ]]; then
        key_path=~/.ssh
      fi
      set_aliases_without_username $ssh_gw_address $tenant $key_path
      params="<username>@<login_prefix>@<target_address>";
  else
      echo -n "Enter the path where the key will be saved, or leave empty to use the default path [~/.ssh/${key_file_name}]: " && read key_path;
      if [[ -z "$key_path" ]]; then
        key_path=~/.ssh
      fi
      set_aliases_with_username $user $key_path $key_file_name $ssh_gw_address $tenant 
      params="<target_address>";
  fi
  source ~/.bashrc;
  source ~/.zshrc;
  print_aliases $params cybr-ssh cybr-sso;
}
create_aliases

When the script has finished running, the alias commands are ready to use:

  • If you saved a username when running the script, you can use the following alias commands:

    • cybr-sso <target_address> to get another key (after the one hour interval is over)

    • cybr-ssh <target_address> to connect using a regular SSH connection (without MFA caching)

  • If you did not save a username when running the script, you can use the following alias commands:

    • cybr-sso <username>@<login_suffix>@<target_address> to get another key (after the one hour interval is over)

    • cybr-ssh <username>@<login_suffix>@<target_address> to connect using a regular SSH connection (without MFA caching)

  • You can change the alias command and its details by editing the alias created in your client shell, after running the script, either in $HOME/.zshrc or $HOME/.bashrc.