Powershell Script SSH to Linux Server - Stack Overflow

admin管理员组

文章数量:1406937

Currently since the implementation of Cisco DUO MFA as second prompt to select options for way of authentication i am facing issue on how to pass the argument to trigger an authentication.My first level of basic authentication will be Linux Username and Password. I am not sure if the session is established before or after the MFA authentication.

# Import Posh-SSH module
Import-Module Posh-SSH

# Define credentials
$hostname = "your.linux.server"
$username = "your_username"
$password = "your_password"

# Create a secure password object
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword)

# Step 1: Establish SSH session using password authentication
$session = New-SSHSession -ComputerName $hostname -Credential $credential -AcceptKey
if ($session.Connected) {
    Write-Output "SSH connection established. Waiting for MFA prompt..."
    
    # Step 2: Send '1' to trigger MFA push
    $mfaResponse = Invoke-SSHCommand -SSHSession $session -Command "echo 1"
    Write-Output "MFA push triggered. Please approve the request."

    # Step 3: Wait for authentication to complete
    Start-Sleep -Seconds 10  # Adjust based on MFA response time

    # Verify if authentication was successful
    $checkSession = Invoke-SSHCommand -SSHSession $session -Command "whoami"
    Write-Output "Logged in as: $($checkSession.Output)"

    # Continue with further commands if needed...
} else {
    Write-Output "Failed to establish SSH connection."
}

# Cleanup session
Remove-SSHSession -SessionId $session.SessionId

Currently since the implementation of Cisco DUO MFA as second prompt to select options for way of authentication i am facing issue on how to pass the argument to trigger an authentication.My first level of basic authentication will be Linux Username and Password. I am not sure if the session is established before or after the MFA authentication.

# Import Posh-SSH module
Import-Module Posh-SSH

# Define credentials
$hostname = "your.linux.server"
$username = "your_username"
$password = "your_password"

# Create a secure password object
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword)

# Step 1: Establish SSH session using password authentication
$session = New-SSHSession -ComputerName $hostname -Credential $credential -AcceptKey
if ($session.Connected) {
    Write-Output "SSH connection established. Waiting for MFA prompt..."
    
    # Step 2: Send '1' to trigger MFA push
    $mfaResponse = Invoke-SSHCommand -SSHSession $session -Command "echo 1"
    Write-Output "MFA push triggered. Please approve the request."

    # Step 3: Wait for authentication to complete
    Start-Sleep -Seconds 10  # Adjust based on MFA response time

    # Verify if authentication was successful
    $checkSession = Invoke-SSHCommand -SSHSession $session -Command "whoami"
    Write-Output "Logged in as: $($checkSession.Output)"

    # Continue with further commands if needed...
} else {
    Write-Output "Failed to establish SSH connection."
}

# Cleanup session
Remove-SSHSession -SessionId $session.SessionId

• powershell

Share Improve this question Follow asked Mar 6 at 13:14 Vijay JsVijay Js 911 bronze badge 3

• Best to use OAUTH2 which is compatible with Windows, Linux, and Mac. See learn.microsoft/en-us/exchange/client-developer/… – jdweng Commented Mar 6 at 13:43
• Appreciate the response. Since DUO is implemented.Looking for a solution around it. – Vijay Js Commented Mar 6 at 14:00
• See duo/docs/sso-oauth-client-credentialshttps://duo/docs/… – jdweng Commented Mar 6 at 16:47

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Please consider the important things for troubleshooting:

Establish SSH Session: Your script correctly establishes an SSH session using the New-SSHSession cmdlet. But ensure that the SSH session is fully established before triggering the MFA. The session should be connected before sending the MFA push command.

Trigger MFA: The Invoke-SSHCommand cmdlet is used to send a command to trigger the MFA push notification. The echo 1 command might not be the correct way to trigger the MFA push. You may need to use a specific command or API call provided by Cisco DUO to trigger the MFA.

Updated Script:

# Import Posh-SSH module
Import-Module Posh-SSH

# Define credentials
$hostname = "your.linux.server"
$username = "your_username"
$password = "your_password"

# Create a secure password object
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword)

# Step 1: Establish SSH session using password authentication
$session = New-SSHSession -ComputerName $hostname -Credential $credential -AcceptKey
if ($session.Connected) {
    Write-Output "SSH connection established. Waiting for MFA prompt..."
    
    # Step 2: Trigger MFA push (adjust command as needed)
    $mfaResponse = Invoke-SSHCommand -SSHSession $session -Command "duo auth push"
    Write-Output "MFA push triggered. Please approve the request."

    # Step 3: Wait for authentication to complete
    Start-Sleep -Seconds 10  # Adjust based on MFA response time

    # Verify if authentication was successful
    $checkSession = Invoke-SSHCommand -SSHSession $session -Command "whoami"
    Write-Output "Logged in as: $($checkSession.Output)"

    # Continue with further commands if needed...
} else {
    Write-Output "Failed to establish SSH connection."
}

# Cleanup session
Remove-SSHSession -SessionId $session.SessionId

Note: Make sure to replace "duo auth push" with the correct command or API call to trigger the MFA push notification. Refer Duo Documentation to get specifics for a command.

Hope it helps

本文标签： Powershell Script SSH to Linux ServerStack Overflow