Verified Commit 681bb346 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add instructions for GitHub master account

parent 6fae8ded
# Setting up OTP stuff for Arch's various accounts
Arch has master accounts with some service providers. These are to be treated with utmost
care for obvious reasons. We use 2FA where ever possible.
The general flow for these is:
- Install pass-otp: `pacman -S pass-otp`
- Use pass-otp to log in via a master seed
- (Optional) Depending on the service provider, you can then add your own authenticator
## GitHub
Run
pass otp insert -i GitHub -a archlinux-master-token github.com/archlinux-master-token -s
When asked for a secret, provide the `github_master_seed` from `misc/vault_github.yml`.
You can then run
pass otp code github.com/archlinux-master-token
to generate a token to log in.
Sadly, GitHub doesn't support multiple 2FA devices so this is all we get.
## Hetzner
Run
pass otp insert -i Hetzner -a archlinux-master-token Hetzner/archlinux-master-token -s
When asked for a secret, provide the `hetzner_master_seed` from `misc/vault_hetzner.yml`.
You can then run
pass otp code Hetzner/archlinux-master-token
to generate a token to log in.
### Adding your own account
Hetzner supports multiple 2FA devices at once which allows you to add your own 2FA app of choice
in addition to pass-otp.
To add yours, go to the 2FA management page: https://accounts.hetzner.com/tfa
Add a new authentication method with your username and add the token of this
key to either pass otp or an OTP tool of your choice.
Make sure to put your nickname into the description so we know who that key belongs to.
If you choose to use pass, you can add the key by running something
similar to `pass otp insert -i Hetzner -a archlinux Hetzner/archlinux -s`.
If you want to use your own tool, you can either scan the QR code or enter the shown string manually.
# Set up OTP for access to Hetzner's control panel
You can use smartphone 2fa apps like Google Authenticator or pass-otp.
## Logging in via pass-otp
Install with `pacman -S pass-otp` and run `pass otp insert -i Hetzner -a
archlinux-master-token Hetzner/archlinux-master-token -s`. You will be asked
to supply the "secret" which you can find in "misc/vault_hetzner.yml" with
the name "hetzner_master_seed". Once done, run `pass otp code
Hetzner/archlinux-master-token` to generate an OTP you can use to log in.
## Adding your own account
Go to the 2fa management page: https://accounts.hetzner.com/tfa
Add a new authentication method with your username and add the token of this
key to either pass or an OTP tool of your choice.
Make sure to put your nickname into the description so we know who that key belongs to.
If you choose to use pass, you can add the key by running something
similar to `pass otp insert -i Hetzner -a archlinux Hetzner/archlinux -s`.
If you want to use your own tool, you can either scan the QR code or enter the shown string manually.
$ANSIBLE_VAULT;1.1;AES256
30376633613234633134353461626239303766366466346131313065623861306337613832656330
6561373361613437363462363735383138636662643933320a323434353835373739383631636161
37616138633763666431316664636230633734303166636635613339613238666237383734616166
6462643836373136370a363130623733636537633233623437633338343138376432623737316262
61623362643164336638393938313333663335343730633062663534383539666334343334616536
36373336373864373337613532616665663431393364353530356162663433373738313366623266
66306231656263633830643361633832323861386166383666336431663636323333666536323237
66663533393435613965633037353738336235356365663533663162656261373661613332386261
39323733333066626339303330373431613134646362363337663163313932373930633062326632
3730303639323666313133336238666630636361623463653661
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment