Connect to a Linux target using MFA caching
If this feature is enabled, by connecting to a Linux target using MFA caching, you can enter your MFA details just once and then, in a configurable time period, connect to multiple targets with minimal input.
Your client must support ed25519 SSH keys.
There are two main steps:
-
Run an SFTP command to get the SSH key from CyberArk.
-
Use the key in an SSH command, to connect to a target via DPA.
Step 1: Get a key
-
Open an SFTP client.
-
Type the SFTP command using the following syntax:
SFTP <username>@<login_suffix>#<subdomain>@key@<DPA SSH gateway address>:/key <key_path_on_end_user_machine>For example:
SFTP jane.doe@acme.com#acme@key@acme.ssh.cyberark.cloud:/key ~/.ssh/tenantName_janedoe
Syntax parameters Parameter
Description
username
Your username as it is defined in your organization's directory service.
login_suffix
The domain of your company as defined in Identity Administration, or any other login suffix that was defined for the users in this directory.
For more information about login suffixes, see Manage login suffixes.
subdomain
Your organization's tenant subdomain, as provided to you by your administrator, and as shown in your portal URL (https://subdomain.cyberark.cloud).
DPA SSH gateway address
The DPA SSH gateway address:
<subdomain>.ssh.cyberark.cloud. The<subdomain>parameter is your organization's tenant subdomain, as provided to you by your administrator, and as shown in your portal URL (https://subdomain.cyberark.cloud).key_path_on_end_user_machine
The path where the key will be saved.
Step 2: Use the key to connect to a target
Once the key has been generated, you can use it to connect to the SSH target. For example:
SSH -i ~/.ssh/tenantName_janedoe jane.doe@acme.com#acme@i-0d11333d451d5e4db@acme.ssh.cyberark.cloudYou can also use this key for file transfer sessions using SFTP or SCP.
