Yubikey for 2FA with Gitlab

Posted by Markus Benning on August 17, 2017

Settings for “Two-Factor Authentication” in Gitlab are located at:

User -> Settings -> Account

Press the green button: “Enable two-factor authentication”

Gitlab will require you to register a 2FA app for fallback first before a U2F device could be registred. I used the FreeOTP App which is available for Android and iOS.

  • Press the QR code button in the app and scan the QR code displayed in the settings dialog. This will add a new item for your gitlab account to the app.
  • Tap on the new item to generate a code and enter this code into the ‘Pin code’ form.
  • The next screen will show recovery keys for the 2FA. Store them in a save place.

Now you will be asked for a one-time PIN everytime you log into gitlab.

The next step is to register the yubikey as a U2F device.

  • Open the two-factor authentication dialog again. (now its called “Manage two-factor authentication”)
  • Press “Setup new U2F device”
  • The browser should ask you tap your U2F device. Do it.
  • Enter a name for the device and press “Register U2F device”

Now you should be able to login to gitlab with your yubikey as second factor.