Enabling Fortinet 2FA CLI integration for FAC does not ask for OTP entry when issuing 'git clone'
Summary
After enabling the Fortinet 2FA CLI integration for FAC (gitlab-shell
iteration), doing a git clone
no OTP prompt is provided; the clone
completes with no further authentication.
Steps to reproduce
- Install 13.7-pre build
- Follow OTP instructions
- Clone sample project:
git clone git@<IP>:liur/build_scripts.git
Example Project
A project with just default README.md
is sufficient.
What is the current bug behavior?
After enabling the Fortinet 2FA CLI integration doing a git clone
doesn't ask for an OTP and just completes:
[liur@cm-jump proj]$ git clone git@<IP>:liur/build_scripts.git
Cloning into 'build_scripts'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), 269 bytes | 0 bytes/s, done.
Note: In the web UI during login, we were presented with the 2FA OTP request, so we believe the feature was properly enabled.
What is the expected correct behavior?
After enabling the Fortinet 2FA CLI integration doing a git clone
a command is presented that will ask for an OTP:
[liur@cm-jump proj]$ git clone git@<IP>:liur/build_scripts.git
Error: please issue the command 'ssh git@gitlab.com login_with_2fa' first then retry.
[liur@cm-jump proj]$ ssh git@gitlab.com login_with_2fa
[liur@cm-jump proj]$ git clone git@<IP>:liur/build_scripts.git
Cloning into 'build_scripts'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), 269 bytes | 0 bytes/s, done.
Note: syntax may be a little off since I don't have a working example to capture. I'm going off what was discussed in the implementation issue.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)