MFA Caching Support for PSM for SSH

[jcreameriii]

Is your feature request related to a problem? Please describe.
v12.1 CyberArk introduced MFA caching support for PSM for SSH. It solves a user experience issue where needing to connect to multiple *NIX machines simultaneously/or back-to-back, users needed to authenticate each time. The way CYBR implemented the solution was allowing the user to authenticate once using MFA, and then generated a Private SSH key (PPK, PEM, OpenSSH) that they download an use to authenticate to multiple *NIX machines. That key has a short TTL and can be revoked on demand. There is a supported REST API command to generate this instead of needing to go the the PVWA.

Describe the solution you'd like
Create a new command set to generate this MFA cache key. Enable the ability to menu select which type of key you want to generate, whether you want to add a passphrase to the key and (possibly) enable saving of the key to the default directory used by Putty.

[jcreameriii]

Happy Birthday @AndrewCopeland 🎂

[AndrewCopeland]

Thanks :)

[AndrewCopeland]

What endpoint would be used to generate the SSH Private key that can be used to connect to the target devices?

I am having a hard time finding it here:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/WebServices/API-account-actions-LP.htm?tocpath=Developer%7CREST%20APIs%7CAccounts%7CAccount%20actions%7C_____0

I could be looking in the wrong place.

[jcreameriii]

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/MFA-Caching.htm

This page lists the various commands and links to the endpoint details of each.

[AndrewCopeland]

We will need to update our backend infrastructure to test this feature out. This will be pushed to a future release.