Login script for SSH that uses TOTP
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 2 commits ahead, 3 commits behind ghewgill:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This program offers ssh logins an optional authentication code (TOTP, compatible with Google Authenticator mobile apps). It is based on a ruby implementation by Richard Taylor.

Using this authentication code requires using SSH keys. Change your authorized_keys file to add a command= argument:

command="/usr/bin/ssh-otp 4rr7kc47sc5a2fgt" ssh-dsa AAA...

Modify the path for ssh-otp as appropriate.

The 4rr7kc47sc5a2fgt is a secret key that you should generate yourself (obviously, don't use this one). If you like, you can generate a new secret key at random.org, or use any other method you trust. They key is a 16-character base32 (a-z2-7) string, so if you're using random.org, substitute any other letters or numbers for 0, 1, 8, and 9.

Configure your Google Authenticator mobile app by adding a new entry with the same secret key. Be sure the clock on your mobile device is reasonably synchronised with your ssh server.