accountInfo
Display some information about an account
usage
--osh accountInfo <--account ACCOUNT|--all> [OPTIONS]
- --account ACCOUNT
The account name to work on
- --all
Dump info for all accounts (auditors only), use with
--json
- --with[out]-everything
Include or exclude all below options, including future ones
- --with[out]-groups
Whether to include the groups the account has a role on (SLOW, default: no)
- --with[out]-mfa-password-info
Whether to include MFA password info of the account (SLOW, auditors only, default: no)
- --with[out]-egress-keys
Whether to include the account's egress keys (SLOW, auditors only, default: no)
Usage examples
Show info about a specific account:
--osh accountInfo --account jdoe12
Gather info about all accounts, with no extra data except their egress keys:
--osh accountInfo --all --without-everything --with-egress-keys --json
Gather info about all accounts, including all extra data (and possibly future options):
--osh accountInfo --all --with-everything --json
Output example
│ user1 is a bastion admin
│ user1 is a bastion superowner
│ user1 is a bastion auditor
│
│ user1 has access to the following restricted commands:
│ - accountCreate
│ - accountDelete
│ - groupCreate
│ - groupDelete
│
│ This account is part of the following groups:
│ testgroup1 Owner GateKeeper ACLKeeper Member -
│ gatekeeper-grp2 Owner GateKeeper - - -
│
│ This account is active
│ This account has no TTL set
│ This account is not frozen
│ This account has seen recent-enough activity to not be activity-expired
│ As a consequence, this account can connect to this bastion
│
│ Last seen on Thu 2023-03-16 07:51:49 UTC (00:00:00 ago)
│ Created on Fri 2022-06-17 09:52:50 UTC (271d+21:58:59 ago)
│ Created by jdoe
│ Created using The Bastion v3.08.01
│
│ Account egress SSH config:
│ - (default)
│
│ PIV-enforced policy for ingress keys on this account is enabled
│
│ Account Multi-Factor Authentication status:
│ - Additional password authentication is not required for this account
│ - Additional password authentication bypass is disabled for this account
│ - Additional password authentication is enabled and active
│ - Additional TOTP authentication is not required for this account
│ - Additional TOTP authentication bypass is disabled for this account
│ - Additional TOTP authentication is disabled
│ - PAM authentication bypass is disabled
│ - Optional public key authentication is disabled
│ - MFA policy on personal accesses (using personal keys) on egress side is: password
│
│ - Account is immune to idle counter-measures: no
│ - Maximum number of days of inactivity before account is disabled: (default)
│
│ Account PAM UNIX password information (used for password MFA):
│ - Password is set
│ - Password was last changed on 2023-01-27
│ - Password must be changed every 90 days at least
│ - A warning is displayed 75 days before expiration
│ - Account will not be disabled after password expiration