Is there a command line two-factor authentication verification code generator?

ssh authentication pam

I manage a server with two-factor authentication. I have to use the Google Authenticator iPhone app to get the 6-digit verification code to enter after entering the normal server password. The setup is described here: http://www.mnxsolutions.com/security/two-factor-ssh-with-google-authenticator.html

I would like a way to get the verification code using just my laptop and not from my iphone. There must be a way to seed a command line app that generates these verification codes and gives you the code for the current 30-second window.

Is there a program that can do this?


Solution 1:

Yes, oathtool can do this. You'll need to seed it with the shared secret from your server.

You can install it from the oath-toolkit package.

Example usage to generate same code as google authenticator and authy:

oathtool -b --totp 'N3V3R G0nn4 G1v3 Y0u Up'

Solution 2:

There is also a go implementation on github at https://github.com/pcarrier/gauth

This one uses a config file ~/.config/gauth.csv to store the tokens in a the following format

[email protected]: abcd efg hijk lmno
aws-account: mygauthtoken

And the output is rather friendly too:

$ gauth
           prev   curr   next
AWS        315306 135387 483601
Airbnb     563728 339206 904549
Google     453564 477615 356846
Github     911264 548790 784099
[=======                      ]

Solution 3:

There's many 3rd party Authenticator implementations. Check out the list on the wikipedia page. For instance, you may be able to use onetimepass (which is written in Python) for command line usage.

Solution 4:

As far as I'm aware Google only releases the Authenticator application for phones (iOS, Android).
(This poses a problem for paranoid folks like me, who don't really trust Google's history of discontinuing services with little notice, and would prefer a token generator we can see inside of.)

You could consider other alternatives, like a one-time password pad system.

Honestly, getting the verification code from your laptop kind of defeats the two-factor authentication aspect (anyone who captures the laptop now has the code generator - that's part of what Authenticator is supposed to protect against).

Solution 5:

You could try http://soundly.me/oathplus

This is a tool I developed on top of the venerable oathtool, that lets you read QR codes, and stash OTP account info for later use. You can think of it as Google Authenticator for the command-line, since it can download and read QR codes, and consume otpauth:// URIs. (OSX only atm.)

Related

Dnsmasq server does not work when configured as the primary DNS in my router
Changes in compression rate
Helm: how to add elements to a list of default values?
Windows CLI way to copy to the same directory and only change the case of the filename?
Certbot https not working for example.com, only for www.example.com
Any reason not to use 512-bytes clusters for NTFS?
SQL developer refine connections view
Eclipse always Building workspace
What are Solidity Events
Pause an outlook vba code for 5-10 seconds and after run the script
Nginx gzip compression not working despite following official Nginx documentation / online research
How do I make a collision in pygame with 2 images? [duplicate]