I lost my phone and have lost my 2FA token for logging into Phabricator using my Developer account. Please reset my 2FA on my account so that I can continue using my Developer account.
Description
Event Timeline
@Rosalie_WMDE, could you please clarify if you need help with removing 2FA from your Developer account (https://wikitech.wikimedia.org/wiki/User:Rosalie_Perside_(WMDE)) or from your Phabricator account (@Rosalie_WMDE). Wikitech and Phabricator have separate 2FA solutions and support requests for disabling are typically handled by different folks.
Hello @bd808 , I need 2FA removed from my phabricator account and my Developer account please
Phabricator ideally would be a different request as those are different systems and different project tags. Could someone from WMDE vouch please, for verification?
Hi @Aklapper, I'm Conny Kawohl, Engineering Manager for @Rosalie_WMDE's team and I can vouch for the validity of this change request
Thanks. Stripped in Phabricator:
aklapper@phab1004:~$ sudo /srv/phab/phabricator/bin/auth strip --all-types --user Rosalie_WMDE These auth factors will be stripped: Rosalie_WMDE totp Mobile Phone App (TOTP) Strip these authentication factors? [y/N] y Stripping authentication factors... Done. aklapper@phab1004:~$
@Rosalie_WMDE, please follow the steps at https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#For_users to provide proof of control of the 'Rosalie Perside (WMDE)' Developer account.
@bd808 running ssh bastion.wmcloud.org gives me permission denied public key. Also, I don´t have access o my wikitech account , please what do you suggest I do?
The 'Rosalie Perside (WMDE)' account is a member of the bastion project and also has an SSH public key associated with it. I would guess that your attempt at connecting failed because you used the wrong username (rosalie-wmde is the shell name of the account), the wrong ssh key (expected public key is ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8kI8GBFC6vtMD0+vWoXqJG6wfpiuHYgx8YKxeg4SmysPBsOAuX8nUzSgY91aT8n736Z8T4N1IQa3ZXzCP5Qt8BNg/36jBTnk8rgsWz7oS33QqPc+pDFiOaTdfhEomHscpvtDIjZgoIAv0X/Zqhxd+F3h71oN0vq9z3/GXa5BC3EKR6AKGg/4w85yNGnPQi6pES0ieGZLp2ZM5srcqRtQqW1XMqS9r9qlOdVVMDKe6Jglill/nkL5NbU9ehA5fOX+AgXvdWBVkytiZtdHpPK97FcrwGZlnu4lBQSKEC7NeC10wjWvUZyGLXFzzV72YXQkh1Hi7cLPr2GDU0fTJm/fn), or both.
If you can't verify the account ownership using ssh, I suppose we can rely on the data from T329179#8600696 in the same way that @Aklapper did. Things just feel nicer when they align with published policies.
Thank you. Sorry for the delay I was out of office for a while. Here is the output from the last command 103015:/home/pero/2fa-reset-request.txt
`
@Rosalie_WMDE, what host did you create the file on? I need to find it so I can verify the ownership and contents. The "103015" output from what theoretically was from hostname -f which typically in a Cloud VPS instance will present the fully qualified domain name of the host. Obviously that string is not a FQDN.
@bd808, you are right.
This is the correct string bastion-eqiad1-03.bastion.eqiad1.wikimedia.cloud:/home/rosalie-wmde/2fa-reset-request.txt
$ ssh root@bastion-eqiad1-03.bastion.eqiad1.wikimedia.cloud $ ls -lh /home/rosalie-wmde/2fa-reset-request.txt -rw------- 1 rosalie-wmde wikidev 47 Feb 23 06:58 /home/rosalie-wmde/2fa-reset-request.txt $ cat /home/rosalie-wmde/2fa-reset-request.txt https://phabricator.wikimedia.org/Rosalie_WMDE
The contents of the file are not quite what is described at https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#For_users, but along with other evidence I am satisfied that this is a legitimate request.
$ ssh cloudweb1003.wikimedia.org $ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labswiki 'Rosalie Perside (WMDE)' ******************************************************************************* NOTE: Do not run maintenance scripts directly, use maintenance/run.php instead! Running scripts directly has been deprecated in MediaWiki 1.40. It may not work for some (or any) scripts in the future. ******************************************************************************* OATHAuth disabled for Rosalie Perside (WMDE).