Add one-time password authentication to your SSH server.
user@localhost:~$ ssh server Enter passphrase for key '/home/user/.ssh/id_rsa': One-time password: 123456 Incorrect code. Please try again. One-time password: 653794 user@server:~$
The following instructions are based on ubuntu, but they can be adapted for other Linux distributions.
sudo mkdir -p /usr/local/bin sudo cp ssh-otp
Add the following line in your
ForceCommand /usr/local/bin/ssh-otp login
And restart sshd:
sudo restart ssh
Generate one-time password secret for current user:
You will need to set up your authenticator using the QR code link and type in the displayed code on your authenticator to actually enable one-time password authentication on SSH conneciton.
You can find the configuration file at:
To disable otp for the current user:
To use commands like
scp, you need to pass in the one-time password
OTP environment variable.
OTP to the list of
On the client machine, instruct ssh to send the
OTP environment by adding
the following in your
Host * SendEnv OTP
Now set the
OTP environment before sending the command over ssh:
OTP="123456" scp server:~/.ssh/authorized_key .