Open asaunders-allyDVM opened 5 years ago
asaunders-allyDVM
commented
5 years ago Maybe I am doing something incorrectly here, however I cannot get an echo of the password to work with STDIN and MFA.
I also don't know how to add the BUG and HELP WANTED Labels.
stevemac007
commented
5 years ago I wouldn't expect that the STDIN redirection will work with the MFA as that value will need to change for every invocation.
If you don't want to enter the password have a look at the -k option that will store the password in a local secure store so all you have to enter is the MFA token.
I'm not sure if this is a BUG as the error is stating the truth - there is no data available on STDIN for the MFA token read.
asaunders-allyDVM
commented
5 years ago I am not trying to fill the MFA token with STDIN, I’m trying to fill the password and the get prompted for the MFA token. But something on the MFA portion of the code is broken when you use the STDIN functionality.
davidrjonas
commented
5 years ago The solution I use (replace the 0's with the ID of your lastpass entry),
~/bin/start-aws
#!/usr/bin/expect -f
set pw [exec lpass show --password 000000000]
spawn aws-google-auth --save-failure-html
expect "Google Password:"
send "$pw\r"
expect "MFA token:"
interactImproved Script Above ^^^, if you have multiple IAM roles to choose from. The script also supports user input durations.
#!/usr/bin/expect -f
proc duration { {d 3600} } {
variable ::dur $d
}
duration {*}$argv
set test 0
set timeout 2
proc login {} {
set pw [exec lpass show --password "XXXXXXXXX"]
expect "Google Password:" { send "$pw\r" }
expect "MFA token:" { interact }
}
spawn aws-google-auth --save-failure-html -a -d $dur
expect {
"\[ \1\] *" { interact
set test 1 }
}
if { $test == 0 } { login }
pio2pio
commented
4 years ago The same happens with SMS 2FA authentication
pass user.name@acme.com | aws-google-auth -u user.name@acme.com
Google Password:
Enter SMS token: G-ERROR:root:EOF when reading a line
Traceback (most recent call last):
File "/home/vagrant/ansibleenv/ansible287/lib/python3.6/site-packages/aws_google_auth/__init__.py", line 73, in cli
process_auth(args, config)
File "/home/vagrant/ansibleenv/ansible287/lib/python3.6/site-packages/aws_google_auth/__init__.py", line 218, in process_auth
google_client.do_login()
File "/home/vagrant/ansibleenv/ansible287/lib/python3.6/site-packages/aws_google_auth/google.py", line 300, in do_login
sess = self.handle_sms(sess)
File "/home/vagrant/ansibleenv/ansible287/lib/python3.6/site-packages/aws_google_auth/google.py", line 496, in handle_sms
sms_token = input("Enter SMS token: G-") or None
EOFError: EOF when reading a lineAs a work around I am using build in --keyring option but reading a password from stdin and recognizing 2FA wait for input would be my preference.
chrisjaimon2012
commented
3 years ago the only MFA option i have configured is U2F, so is there any provision for me to default to a particular MFA method?
running
lpass show --password Googlereturns just the password as a string of characters. runningaws-google-auth --no-cacheallows me to type in my password and then MFA token runninglpass show --password Google | aws-google-auth --no-cacheresults in the errors below.Running the command with the --save-failure-html option does not generate HTML pages that I have been able to locate.