Setting up MFA w/ YubiKey Manager CLI
BACKGROUND…
I’m using the YubiKey 5c in combination with the YubiKey Manager CLI tool (ykman) for generating token codes (from the command line) versus a mobile app. I just set this up today but had a few questions since the process was a bit odd.
WHAT I HAVE TRIED…
Under my account settings I had to enable two factor authentication before registering a U2F device. The process in doing this with ykman consisted of copying the temp code you guys generate and then registering that with an associated credential on my yubikey like such…
ykman oath add -t mygitlab <tempCode>
The -t option here enforces the “touch” action so the user is required to touch the key for a code to be generated.
After doing this the dialog box requires you to finally generate a six digit code to complete the process. Generating token codes with ykman looks like…
ykman oath code mygitlab
Once I completed the above two factor was successfullly enabled. I then moved forward in the process thinking I had to now register my U2F device (being my yubikey). However, it wasn’t recognizing my device and there seemed to be no clear way in triggering gitlab to recognize it. I tried firefox and chrome but no luck.
It was at this point that I thought perhaps I don’t have to setup a U2F device. So I skipped that step and went ahead and logged out and back in again. As expected, upon logging in (with my yubikey plugged in) it prompted me for a six digit token code. Again with ykman I generated the token code as such…
ykman oath code mygitlab
…then pasted the code in. I was successfully logged in at this point. Woohoo!
MY QUESTIONS…
So it appears my yubikey is already setup and that I don’t have to setup a U2F device?!?! Is this assumption correct?!?! Can someone provide some clarification as to whether I did this correct?!?!