I have lost my Phone and do not have the recovery code for my 2FA for GitLab.
So I am locked out of my account.
What are my options?
Asked
Active
Viewed 2.4k times
31
2 Answers
118
I know this is an old question, but the following, which I have tested only with gitlab.com free hosted accounts, may be useful for others with GitLab 2fa problems.
IF
- you have set up 2fa but then lost access to your 2fa device for some reason, and
- you have lost (or never saved) your recovery codes, and
- you had previously configured your ssh key in your gitlab.com account
THEN ...
You can create a brand new list of recovery codes via ssh:
ssh git@gitlab.com 2fa_recovery_codes
Answer the questions and save the list of recovery codes somewhere safe this time! I'm guilty of all of the above and this solution provided by GitLab is both simple and elegant.
-
15Stack should have an option to throw as many upvotes as we can, when someone save's our lifes! – Marcelo Agimóvel Jun 20 '18 at 12:30
-
1Worked like a charm , just make sure the SSH key has to be present on your account. – ras May 19 '21 at 10:42
-
Terrific! You saved me! – Zhong Ri Dec 07 '21 at 16:28
-
This does not work for me. I got error "Two-factor authentication is not enabled for this user" but when I login I am still asked for codes – Rye Jul 17 '22 at 10:46
-
Man, you save my day. I reset my iPhone recently and forget the recovery which I saved before haha... – Zhou Haibo Jul 20 '22 at 02:16
-
1When I do this, gitlab does not accept the regenerated recovery keys – Native Coder Oct 09 '22 at 13:05
-
1I lost my backpack, including my phone and laptop. Which means no ssh, recovery codes, or 2fa application. Is there any chance for me? – Tien Hoang Jul 14 '23 at 02:40
1
nexus6's answer also applies with GitLab Self managed, using GitLab 15.9 (February 2023)
More control over your SSH connections with gitlab-sshd
gitlab-sshdis a standalone SSH server, written in Go, that provides more insight and control than OpenSSH.
It’s lightweight and contains minimal external dependencies.If you host a self-managed instance, switching from OpenSSH to
gitlab-sshdgives you metrics collection, detailed logging, and graceful shutdowns for SSH connections.Unlike OpenSSH, it supports the PROXY protocol and can pass on the original IP address when operated behind a proxy. This enables you to restrict SSH access by IP address when your instance is operated behind a proxy.
GitLab.com has used
gitlab-sshdsince 15.2, and 100% of the SSH traffic passes throughgitlab-sshd.To learn more, read this blog post. To understand how to enable it refer to the documentation.
gitlab-sshdbegan as a community contribution from @lorenz. Thank you very much for your contribution!See Documentation and Issue.
This includes generating new 2FA recovery codes:
$ ssh git@<hostname> 2fa_recovery_codes
Are you sure you want to generate new two-factor recovery codes?
Any existing recovery codes you saved will be invalidated. (yes/no)
yes
Your two-factor authentication recovery codes are:
...
VonC
- 1,262,500
- 529
- 4,410
- 5,250