Page MenuHomePhabricator

Strip 2FA from Wikitech account of Snwachukwu
Closed, ResolvedPublic


I have a challenge logging into my wikitech account. This is because I no longer use the mobile phone which had the google authenticator used for 2-step verification. Thus I am unable to fill in the token to continue login to my account.

Kindly assist me with any advice or solution to this problem.

Event Timeline

@Aklapper I am unable to 'ssh' or ssh Permission denied (publickey).

Please I have been unable to login to my wikitech account and do an important editing because of this issue. I would appreciate any form of assistance as this is urgent.

Aklapper renamed this task from Wikitech account reset to Strip 2FA from Wikitech account of Snwachukwu.Jan 17 2023, 9:01 AM
Aklapper raised the priority of this task from High to Needs Triage. Permission denied (publickey).

Hmm, according to T298786 the user name should be ebysans instead?

Before now I haven't ssh to any cloud or toolforge instance. Is there another verification method?

sandraebele@wmf3068 ~ % ssh Permission denied (publickey).

Note that the ssh key to access wmcloud is a different one than the one for prod (ending in OLLJY vs YvU/Z), so you might be trying to log in there with the wrong key.

Since you have access to production servers, you could do that in an analytics host, instead of WMCloud.

@Platonides Here is the result when I run on a production host.

ebysans@an-launcher1002:~$ cd $HOME
ebysans@an-launcher1002:~$ touch 2fa-reset-request.txt
ebysans@an-launcher1002:~$ chmod 0600 2fa-reset-request.txt
ebysans@an-launcher1002:~$ echo "[YOUR PHABRICATOR TASK NUMBER]" > 2fa-reset-request.txt
ebysans@an-launcher1002:~$ echo "$(hostname -f):$(pwd)/2fa-reset-request.txt"

@BTullis could you use your root super powers and close team association with @Snwachukwu to verify the veracity of their request and then remove their Wikitech 2FA via the procedure at I unfortunately do not have access to the an-launcher1002.eqiad.wmnet host to verify the connection between the Phabricator account and the shell account.

@bd808 and @Platonides . I have been now have access to cloud bastion. Here is the result.

sandraebele@wmf3068 ~ % ssh
Linux bastion-eqiad1-03 5.10.0-19-cloud-amd64 #1 SMP Debian 5.10.149-1 (2022-10-17) x86_64
Debian GNU/Linux 11 (bullseye)
bastion-eqiad1-03 is a Cloud VPS bastion host (with mosh enabled) (labs::bastion)
The last Puppet run was at Mon Jan 23 10:50:34 UTC 2023 (9 minutes ago).
Last Puppet commit: (248a4c348c) Manuel Arostegui - db1106: Disable notifications
Last login: Fri Jan 20 14:25:09 2023 from
ebysans@bastion-eqiad1-03:~$ cd $HOME
ebysans@bastion-eqiad1-03:~$ touch 2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$ chmod 0600 2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$ echo "[YOUR PHABRICATOR TASK NUMBER]" > 2fa-reset-request.txt
ebysans@bastion-eqiad1-03:~$ echo "$(hostname -f):$(pwd)/2fa-reset-request.txt"

You need to replace YOUR PHABRICATOR TASK NUMBER with the number of this task..

bd808 claimed this task.
$ ssh
root@bastion-eqiad1-03:~# ls -lh /home/ebysans/2fa-reset-request.txt
-rw------- 1 ebysans wikidev 42 Jan 23 13:32 /home/ebysans/2fa-reset-request.txt
root@bastion-eqiad1-03:~# cat /home/ebysans/2fa-reset-request.txt
$ ssh
$ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labswiki 'Snwachukwu'

NOTE: Do not run maintenance scripts directly, use maintenance/run.php instead!
      Running scripts directly has been deprecated in MediaWiki 1.40.
      It may not work for some (or any) scripts in the future.

OATHAuth disabled for Snwachukwu.