Connect to a Linux target using MFA caching
If this feature is enabled, by connecting to a Linux target using MFA caching, you can enter your MFA details just once and then, in a configurable time period, connect to multiple targets with minimal input.
Your client must support ed25519 SSH keys.
There are two main steps:
Run an SFTP command to get the SSH key from CyberArk.
Use the key in an SSH command, to connect to a target via DPA.
Step 1: Get a key
Open an SFTP client.
Type the SFTP command using the following syntax:
SFTP <username>@<login_suffix>#<subdomain>@key@<DPA SSH gateway address>:/key <key_path_on_end_user_machine>
SFTP firstname.lastname@example.org#acme@email@example.com:/key ~/.ssh/tenantName_janedoe
Your username as it is defined in your organization's directory service.
The domain of your company as defined in Identity Administration, or any other login suffix that was defined for the users in this directory.
For more information about login suffixes, see Manage login suffixes.
Your organization's tenant subdomain, as provided to you by your administrator, and as shown in your portal URL (https://subdomain.cyberark.cloud).
DPA SSH gateway address
The DPA SSH gateway address:
<subdomain>parameter is your organization's tenant subdomain, as provided to you by your administrator, and as shown in your portal URL (
The path where the key will be saved.
Step 2: Use the key to connect to a target
Once the key has been generated, you can use it to connect to the SSH target. For example:
SSH -i ~/.ssh/tenantName_janedoe firstname.lastname@example.org#acme@email@example.com
You can also use this key for file transfer sessions using SFTP or SCP.