Login script for SSH that uses TOTP
C Makefile
Switch branches/tags
Nothing to show
Latest commit f9ebccf Feb 15, 2017 @ghewgill committed on GitHub Merge pull request #1 from vivia/master
Option to read token from OTP_TOKEN env var
Failed to load latest commit information.
.gitignore reimplement in plain C Sep 26, 2011
Makefile reimplement in plain C Sep 26, 2011
README.md reimplement in plain C Sep 26, 2011
ssh-otp.c Added ctype.h include Feb 14, 2017



This program offers ssh logins an optional authentication code (TOTP, compatible with Google Authenticator mobile apps). It is based on a ruby implementation by Richard Taylor.

Using this authentication code requires using SSH keys. Change your authorized_keys file to add a command= argument:

command="/usr/bin/ssh-otp 4rr7kc47sc5a2fgt" ssh-dsa AAA...

Modify the path for ssh-otp as appropriate.

The 4rr7kc47sc5a2fgt is a secret key that you should generate yourself (obviously, don't use this one). If you like, you can generate a new secret key at random.org, or use any other method you trust. They key is a 16-character base32 (a-z2-7) string, so if you're using random.org, substitute any other letters or numbers for 0, 1, 8, and 9.

Configure your Google Authenticator mobile app by adding a new entry with the same secret key. Be sure the clock on your mobile device is reasonably synchronised with your ssh server.