28
2FA on the Command Line
source link: https://www.tuicool.com/articles/hit/qeyeIvA
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
There is no shortage of OTP 2FA apps availiable for your phone, such as Google Authenticator
or Duo Mobile
. These apps take an initial secret code, and create a TOTP anytime you need a 2FA code for login. It's also possible to do 2FA on the CLI. Some advantages:
- Easy to add, maintain, and backup with a simple key=val text file
- Copy/Paste is easier than typing digits displayed on your phone
- No issues with being locked out due to dead/lost/new phones
This is accomplised with a utility named oathtool
. It can be installed on Debian/Ubuntu via: apt install oathtool
. I use a helper script as well as a file of initial secrets.
/usr/local/bin/otp
:
#!/usr/bin/env bash
if [ -z $1 ]; then
echo
echo "Usage:"
echo " otp google"
echo
echo "Configuration: $HOME/.otpkeys"
echo "Format: name=key"
exit
fi
OTPKEY=$(sed -n "s/${1}=//p" $HOME/.otpkeys)
if [ -z $OTPKEY ]; then
echo "$(basename $0): Bad Service Name '$1'"
$0
exit
fi
oathtool --totp -b $OTPKEY
~/.otpkeys
:
aws={secret code}
google={secret code}
Getting a 2FA code:
$ otp aws 310645
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK