Regenerate two-factor authentication recovery codes.Enable one-time password using FortiToken Cloud.Enable one-time password using FortiAuthenticator.Use personal access tokens with two-factor authentication.Just like that, we have aws-vault automatically retrieving MFA codes from a YubiKey with only a touch required. When calling aws-vault, simply include -prompt ykman in your command, and aws-vault will call ykman in the background. Now we can tell aws-vault to prompt ykman for an MFA code.Now we should be able to run a test command that should return a list of all accounts from Yubico Authenticator: ykman oath accounts list.Create a symlink with the following command - sudo ln -s /mnt/c/Program\ Files/Yubico/YubiKey\ Manager/ykman.exe /usr/bin/ykman ykman is the command line interface to the YubiKey Manager. Within WSL, we need to create a symlink to the Windows binary of ykman.Double click on the new account in Yubico Authenticator, tap your YubiKey, and enter two consecutive MFA codes into the AWS console.Ensure you tick the box for Require Touch - this will help keep things secure. Enter AWS as the Issuer, your MFA ARN as the Account Name ( arn:aws:iam:::mfa/), and paste in the secret key.Go to Yubico Authenticator and Add Account.Click the hyperlink to Show Secret Key and copy it to your clipboard.Click on Assign MFA Device and then select Virtual MFA device.If you don’t have MFA enabled already, the button will read Assign MFA Device. Scroll down the page to the Multi-factor authentication (MFA) section, and click Manage MFA Device, then Remove.Onto the good stuff! Now that we have the YubiKey software installed, log in to AWS and go to Security Credentials.
For ease of managing our TOTP accounts, Yubico Authenticator is helpful.
The only show stopper - WSL is unable to access the YubiKey which is plugged into the host OS, Windows.
Let’s use a YubiKey to enter the codes for you. So… you’re running aws-vault within Windows Subsystem for Linux (WSL) and you want to stop typing in MFA codes.
0 kommentar(er)
