So, network security engineer here. I use Linux as my primary OS and ssh from the CLI for every session to FWs and routers and wanted to share how I manage my sessions. Sure I could use .ssh/config, but I have 2 additional requirements - 1) MFA login to RADIUS servers; 2)Full session logging.
install oathtool (for MFA) and xclip
set shell var $PW=to_your_passowrd
set script name to whatever (like edgefw) - I have 81 different ones - with tab completion, it's real fast.
#!/bin/bash
oathtool --totp -b <SEED> | sed -e's/\(^.*$\)/'"$PW"'\1/' | xclip
sleep 2
ssh <IP_OF_DEVICE> | tee >( ts > /home/<YOUR_USER_NAME>/ssh_logs/<RELEVANT_NAME>-\date +"%d-%b-%Y-%H:%M"`)`
Then, put it in your path, execute and middle click to paste PW on prompt. The logfile is saved to your ssh_logs dir and each line is timestamped.
I found it handy and you might too.
No comments:
Post a Comment