Out of tree netmiko driver for 2FA with google-authenticator
Project description
Netmiko 2FA Google Authenticator
Introduction
netmiko_2fa_google_authenticator is an out of tree netmiko driver for 2 factor authentication based on TOTP (timed one time passwords) as the google-authenticator app generates them.
As security demands increase, many internet facing linux machines are secured by 2fa. As some of our customers provide linux machines as ssh jumphosts for automation, we built this plugin.
It is compatible and has been extensively tested with netmiko_multihop.
Installation
Install the netmiko google-authenticator driver by running:
pip3 install netmiko_2fa_google_authenticator
Usage
The usage is pretty straightforward, just import the module after importing netmiko. This will register a new platform in netmiko, which is capable to do TOPT 2FA (MFA). As target_device_type currently only linux is supported, but other platforms can be supported easily.
There are 2 modes of operation. Either provide password as list of machine password and TOTP or provide the shared secret. If you provide the shared secret, the driver will generate TOTPs at it’s own, this means that you perhaps breaking your company’s security requirements, so be careful.
from netmiko import ConnectHandler
import netmiko_2fa_google_authenticator
target = {
'device_type': '2fa_google_authenticator',
'target_device_type': 'linux',
'ip': ssh_host, # ip of host
'username': ssh_username, # username
'password': [ssh_password,authenticator_otp], # password list [<server_password>,<google TOTP>]
'port': 22,
}
target2 = {
'device_type': '2fa_google_authenticator',
'target_device_type': 'linux',
'ip': ssh_host, # ip of host
'username': ssh_username, # username
'password': ssh_password, # password <server_password>
'port': 22,
'otp_secret': authenticator_secret # secret shown by google-authenticator at setup, warning this means, netmiko_2fa_google_authenticator generates TOTPs autonomous.
}
ssh = ConnectHandler(**target)
print(ssh.send_command("ls /"))
ssh = ConnectHandler(**target2)
print(ssh.send_command("ls /"))Contribute
License
This project is licensed under the Apache License Version 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netmiko_2fa_google_authenticator-0.2-py3-none-any.whl.
File metadata
- Download URL: netmiko_2fa_google_authenticator-0.2-py3-none-any.whl
- Upload date:
- Size: 10.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
45d00e63f19a41d57ba18c799e3f2014d6410b4faf13f7640ecc395e851b5a37
|
|
| MD5 |
0dea269ac92156f924e9fae9aa31acb3
|
|
| BLAKE2b-256 |
4a2d5f230c6035c78c1daaf48c775ca976e78125f4f24b45635e5be789b0afc4
|
