Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 04-30-2020, 07:38 PM
akshtray akshtray is offline
Registered User
 
Join Date: Dec 2019
Posts: 9
Post Please make my life easier: MFA and Bastion setup.

I work in an environment where most of the machines we connect to are beyond a boundary. In order to connect to these machines I follow the process below.

1. Secure CRT (local shell)
2. ssh command to connect to a bastion. This pops up a request for authorization in the session/terminal:

(1). Push (app on phone)
(2). Phone call (accept call and press any button on keypad)
(3). SMS code (enter code)

For the sake of simplicity, lets just say I do (1) and hit approve on my app. This ssh's me into the bastion.

3. When SSH'd into the bastion, I can then SSH to different machines I want to by just running 'ssh <user>@<ip>'

Both the bastion and the other machines in the boundary always use the same username and ssh public key to connect.

What I would like to do is basically be able to connect to atleast he bastion directly. Basically, lets assume I want to hit (1) when the request for auth pops up.

What I would ideally like to do is setup a session in a way where it ssh's me directly to the end point in the boundary through the bastion.

Are either of these do-able? If anyone could help or point me in the right direction, it would be awesome.

Thanks.

P.S: I am a licensed user for both SecureCRT and SecureFX. If going through support is the recommended option, please let me know and I will do that.
Reply With Quote
  #2  
Old 05-01-2020, 09:31 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,424
Hi akshtray,

I assume you are using SecureCRT on Mac or Linux, correct? (What version of SecureCRT?)

Quote:
What I would like to do is basically be able to connect to atleast he bastion directly. Basically, lets assume I want to hit (1) when the request for auth pops up.

What I would ideally like to do is setup a session in a way where it ssh's me directly to the end point in the boundary through the bastion.

Are either of these do-able? If anyone could help or point me in the right direction, it would be awesome.
Yes, as long as the bastion host is capable of port forwarding. See this video on using dependent session functionality which has been available since v7.1.

As far as authentication, you would want to be sure Keyboard Interactive is the first listed authentication method in the Connection / SSH2 category of Session Options.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 05-01-2020, 09:45 AM
akshtray akshtray is offline
Registered User
 
Join Date: Dec 2019
Posts: 9
Quote:
Originally Posted by bgagnon View Post
Hi akshtray,

I assume you are using SecureCRT on Mac or Linux, correct? (What version of SecureCRT?)



Yes, as long as the bastion host is capable of port forwarding. See this video on using dependent session functionality which has been available since v7.1.

As far as authentication, you would want to be sure Keyboard Interactive is the first listed authentication method in the Connection / SSH2 category of Session Options.

Correct, this is on a Mac. Current version and build are 8.7.1 and 2171.

Yes. The bastions are capable of port forwarding. We forward both ssh and rdp specific ports to the end points from the bastion.
Reply With Quote
  #4  
Old 05-01-2020, 09:58 AM
akshtray akshtray is offline
Registered User
 
Join Date: Dec 2019
Posts: 9
Quote:
Originally Posted by bgagnon View Post
Hi akshtray,

I assume you are using SecureCRT on Mac or Linux, correct? (What version of SecureCRT?)



Yes, as long as the bastion host is capable of port forwarding. See this video on using dependent session functionality which has been available since v7.1.

As far as authentication, you would want to be sure Keyboard Interactive is the first listed authentication method in the Connection / SSH2 category of Session Options.
Excellent that video helped out. Was able to connect to end points just fine now. Thanks a lot!
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 07:16 PM.