Following on from the post about AWS logins with Yubikey, I also wanted to share another helpful bit of code to automate typing TOTP codes from a Yubikey into web pages on macOS.

The usefulness of this is hopefully on the decline as websites migrate to WebAuthentication - which interfaces directly with a token like a Yubikey instead of requiring a code input as text, and doesn’t require this approach - but TOTP codes are still used by many sites at the time of writing.

If you’re working with Amazon Web Services, and want the highest level of security around usage of your AWS account, AWS recommends that you use IAM users instead of the account’s root user, set up Multi-Factor authentication (MFA) on the IAM users, and then require MFA for API operations. Typically this requires the person performing operations on AWS to provide a one-time code when they authenticate to AWS, as well as their more permanent password (for the web console) or their Access Key (for the CLI and SDKs).

I recently wanted to automate building a headless Debian testing (codename “buster”) virtual machine, hosted on macOS, and it turned out to be somewhat more complicated than I expected, so I thought I’d document it here for others’ benefit.

Instead of installing VirtualBox, VMWare Fusion or Parallels which are quite heavyweight virtual machine apps, I wanted to run a headless VM using QEMU, which can be installed easily using Homebrew. QEMU now supports hardware accelerated x86 virtualisation on Macs using the Hypervisor.framework built in to macOS.

The script and preseed file to perform the fully automated install is here, and I’ll explain the details behind what it does in this post.