Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Login script for SSH that uses TOTP

branch: master


This program offers ssh logins an optional authentication code (TOTP, compatible with Google Authenticator mobile apps). It is based on a ruby implementation by Richard Taylor.

Using this authentication code requires using SSH keys. Change your authorized_keys file to add a command= argument:

command="/usr/bin/ssh-otp 4rr7kc47sc5a2fgt" ssh-dsa AAA...

Modify the path for ssh-otp as appropriate.

The 4rr7kc47sc5a2fgt is a secret key that you should generate yourself (obviously, don't use this one). If you like, you can generate a new secret key at, or use any other method you trust. They key is a 16-character base32 (a-z2-7) string, so if you're using, substitute any other letters or numbers for 0, 1, 8, and 9.

Configure your Google Authenticator mobile app by adding a new entry with the same secret key. Be sure the clock on your mobile device is reasonably synchronised with your ssh server.

Something went wrong with that request. Please try again.