Strip 2FA from Wikitech account of Snwachukwu
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Snwachukwu
	Jan 11 2023, 11:24 AM

Description

I have a challenge logging into my wikitech account. This is because I no longer use the mobile phone which had the google authenticator used for 2-step verification. Thus I am unable to fill in the token to continue login to my account.

Kindly assist me with any advice or solution to this problem.

Related Objects

Mentioned Here: rOPUP248a4c348c07: db1106: Disable notifications
T298786: Requesting access to Data Engineering team resources for Sandra Ebele Nwachukwu

Event Timeline

Snwachukwu created this task.Jan 11 2023, 11:24 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 11 2023, 11:24 AM

Snwachukwu added a project: wikitech.wikimedia.org.Jan 11 2023, 11:25 AM

@Snwachukwu Hi, please follow https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#For_users

@Aklapper I am unable to 'ssh bastion.wmcloud.org' or ssh login.toolforge.org

sandraebele@bastion.wmcloud.org: Permission denied (publickey).

Snwachukwu added a project: wikitech.wikimedia.org.Jan 12 2023, 4:49 PM

Aklapper removed a project: wikitech.wikimedia.org.Jan 12 2023, 5:39 PM

Snwachukwu triaged this task as High priority.Jan 17 2023, 8:36 AM

Please I have been unable to login to my wikitech account and do an important editing because of this issue. I would appreciate any form of assistance as this is urgent.

sandraebele@bastion.wmcloud.org: Permission denied (publickey).

Hmm, according to T298786 the user name should be ebysans instead?

Before now I haven't ssh to any cloud or toolforge instance. Is there another verification method?

sandraebele@wmf3068 ~ % ssh bastion.wmcloud.org
ebysans@bastion.wmcloud.org: Permission denied (publickey).

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:22 PM

fnegri moved this task from Kanban to Inbox on the cloud-services-team board.

Note that the ssh key to access wmcloud is a different one than the one for prod (ending in OLLJY vs YvU/Z), so you might be trying to log in there with the wrong key.

Since you have access to production servers, you could do that in an analytics host, instead of WMCloud.

@Platonides Here is the result when I run on a production host.

ebysans@an-launcher1002:~$ cd $HOME
ebysans@an-launcher1002:~$ touch 2fa-reset-request.txt
ebysans@an-launcher1002:~$ chmod 0600 2fa-reset-request.txt
ebysans@an-launcher1002:~$ echo "https://phabricator.wikimedia.org/[YOUR PHABRICATOR TASK NUMBER]" > 2fa-reset-request.txt
ebysans@an-launcher1002:~$ echo "$(hostname -f):$(pwd)/2fa-reset-request.txt"
an-launcher1002.eqiad.wmnet:/home/ebysans/2fa-reset-request.txt
ebysans@an-launcher1002:~$

@BTullis could you use your root super powers and close team association with @Snwachukwu to verify the veracity of their request and then remove their Wikitech 2FA via the procedure at https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#Wikimedia_or_wikitech_two_factor_authentication_removal? I unfortunately do not have access to the an-launcher1002.eqiad.wmnet host to verify the connection between the Phabricator account and the shell account.

@bd808 and @Platonides . I have been now have access to cloud bastion. Here is the result.

sandraebele@wmf3068 ~ % ssh bastion.wmcloud.org
Linux bastion-eqiad1-03 5.10.0-19-cloud-amd64 #1 SMP Debian 5.10.149-1 (2022-10-17) x86_64
Debian GNU/Linux 11 (bullseye)
bastion-eqiad1-03 is a Cloud VPS bastion host (with mosh enabled) (labs::bastion)
The last Puppet run was at Mon Jan 23 10:50:34 UTC 2023 (9 minutes ago).
Last Puppet commit: (248a4c348c) Manuel Arostegui - db1106: Disable notifications
Last login: Fri Jan 20 14:25:09 2023 from 168.253.119.70
ebysans@bastion-eqiad1-03:~$
ebysans@bastion-eqiad1-03:~$
ebysans@bastion-eqiad1-03:~$
ebysans@bastion-eqiad1-03:~$ cd $HOME
ebysans@bastion-eqiad1-03:~$ touch 2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$ chmod 0600 2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$ echo "https://phabricator.wikimedia.org/[YOUR PHABRICATOR TASK NUMBER]" > 2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$ echo "$(hostname -f):$(pwd)/2fa-reset-request.txt"
bastion-eqiad1-03.bastion.eqiad1.wikimedia.cloud:/home/ebysans/2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$

You need to replace YOUR PHABRICATOR TASK NUMBER with the number of this task..

@taavi. done

$ ssh root@bastion-eqiad1-03.bastion.eqiad1.wikimedia.cloud
root@bastion-eqiad1-03:~# ls -lh /home/ebysans/2fa-reset-request.txt
-rw------- 1 ebysans wikidev 42 Jan 23 13:32 /home/ebysans/2fa-reset-request.txt
root@bastion-eqiad1-03:~# cat /home/ebysans/2fa-reset-request.txt
https://phabricator.wikimedia.org/T326721

$ ssh cloudweb1003.wikimedia.org
$ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labswiki 'Snwachukwu'

*******************************************************************************
NOTE: Do not run maintenance scripts directly, use maintenance/run.php instead!
      Running scripts directly has been deprecated in MediaWiki 1.40.
      It may not work for some (or any) scripts in the future.
*******************************************************************************

OATHAuth disabled for Snwachukwu.

Restricted Application added a project: User-bd808. · View Herald TranscriptJan 23 2023, 7:06 PM

bd808 moved this task from Inbox to Clinic Duty on the cloud-services-team board.Jan 23 2023, 7:06 PM

Strip 2FA from Wikitech account of SnwachukwuClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Strip 2FA from Wikitech account of Snwachukwu
Closed, ResolvedPublic
Actions