YubiKey/TOTP with PowerShell

Hello,

I don't think it's supported. I'll do some tests, and I will get back to you.

Does your DVLS require Yubikey MFA?

You can use an Application Key instead to connect to your DVLS from PowerShell without being prompted for MFA.
https://devolutions.lightning.force.com/lightning/r/LiveChatTranscript/570OL000001f9l7YAA/view

Best regards,

Hello,

So yes, we can use the Yubikey with PowerShell if we use the RDM cmdlets (verb-RDMxxx cmdlets). This authentication process goes through the web authentication page.

But it's not supported with the DVLS cmdlets (verb-DSxxx cmdlets).

Best regards,

Hi Erica

Today we require TOTP on every AD account used in DVLS and we are looking to support YubiKey for DVLS admins.

We have a policy that says we have to export/print password tagged as emergency quarterly and place them in a secure vault that a couple of employees has access to.

For this we have created a PowerShell script to export the passwords as a html that we are able to print easily but that isn't possible with accounts that are MFA enabled and therefore my question if the modules support MFA.

I have looked at Application Keys but the permission structure makes it hard to manage and it also requires access to view passwords for all account and therefore a script with this key in it will not be allowed by our security team.

Regards
Thomas

Hi Erica

Thanks for letting me know. We unfortunately can't use RDM to do this, so we will have to find another way.

Regards
Thomas

Hello,

So yes, we can use the Yubikey with PowerShell if we use the RDM cmdlets (verb-RDMxxx cmdlets). This authentication process goes through the web authentication page.

But it's not supported with the DVLS cmdlets (verb-DSxxx cmdlets).

Best regards,

Hi Thomas,

Thank you for your feedback.

In fact, using the RDM cmdlets doesn't require RDM to be installed on the machine or have an RDM license assigned to users. It only creates the required files like RDM will, but it does not use its interface. Then, you can connect to the DVLS data source, as shown in method 1 in this article.
https://docs.devolutions.net/kb/devolutions-powershell/devolutions-server/powershell-connectivity/#method-1-using-remote-desktop-manager-cmdlets

Let us know if that could be a viable solution.

Best regards,

Hi Erica

Okay i didn't know this. Do you still need an RDM license to use the RDM cmdlets?

Regards
Thomas

Hi Thomas,

Thank you for your feedback.

In fact, using the RDM cmdlets doesn't require RDM to be installed on the machine or have an RDM license assigned to users. It only creates the required files like RDM will, but it does not use its interface. Then, you can connect to the DVLS data source, as shown in method 1 in this article.
https://docs.devolutions.net/kb/devolutions-powershell/devolutions-server/powershell-connectivity/#method-1-using-remote-desktop-manager-cmdlets

Let us know if that could be a viable solution.

Best regards,

Hi Thomas,

No need to have a license to use PowerShell, no matter which cmdlets you use.

Best regards,