Once you have your second unique code, paste it into the “MFA code 2” box and click “Assign MFA”. Remember these are time based codes, so you may need to issue the command a few times in a row as time passes while watching for the change in codes. Now you’ll need to issue that same token-generating command a few times (consider using the up arrow) until you get a second, different code. Copy and paste your code into the AWS Console’s “MFA code 1” box. Your terminal will prompt you to tap your now flashing YubiKey, and once you do so a six-digit code will print out in your terminal. Use the following command: ykman oath code Generate two consecutive unique codes to finish assigning the MFA in AWS Without the -t for ‘tap’, a process could generate codes without the need for a physical button tap, and that’s really not a best practice. This is a security measure and should be enabled to ensure a malicious process cannot generate codes without your approval. t specifies that we want to require a “tap” each time a code is requested. By default, it’s time based and 6 digits, but that can be modified if you review the ykman manual. Oath specifies that we want to set up a one time password. is the secret key listed below the QR code in the AWS Console that you just copied. We’ll use it to call for tokens from now on. can be any word or name you wish, without spacing. Back to your terminal window!īack on your terminal window, you’ll want to use the following command (but with your own information as described below): ykman oath add -t Again, leave the AWS console window open too! 6. Since a YubiKey doesn’t have the ability to snap-up QR codes like a phone camera, we’re going to go the code route.
0 kommentar(er)
