One-Time Password generator for CLI using bash, oathtool.
Automatically copys the token into your computer's copy buffer (MacOS only atm)
This is basically "Authy for the CLI"
This script supports both encrypted and plain-text token files, but my reccomendation is to use encryption.
- oathtool (http://www.nongnu.org/oath-toolkit/)
- OpenSSL
- sshpass
Set of bash shell scripts to generate OTP value from token using TOTP.
You should run setup.sh to install required tools (Linux)
./setup.sh
- You should get your "secret"(token) from Non-LBL token management page following this instruction from step 11 to 19. Please ignore the other steps.
It should be noted that you don't need to download Authy, getting the secret(token) is enough.
First ensure that there is a directory "tokenfiles" in the main dir where the script resides. Second ensure that there is a directory "keys" in the main dir where the script resides.
- Create token file and encrypt it. Resulting file, "tokenfiles/tokenname.enc", is an encrypted file containing the token
- Put your secret(token) in a plaintext file in the tokenfiles/ directory:
$ echo "1234567890abcdef" > tokenfiles/tokenname- Encrypt the file with the included shell script:
$ ./otp-lockfile.sh tokenfiles/tokenname
Password: (enter a good password)You can choose to be lazy but insecure and not encrypt these files so that you don't need to type in the password
- Confirm it worked:
$ ls tokenfiles/
tokenname.enc- You should do the same for your account name and your plain password of your account on the Savio cluster. (Without One Time Passcode) store it in "keys/tokenname" in the first two lines like:
echo "yourusername" > keys/tokenname
echo "yourpassword" >> keys/tokenname
It should be noted that the file name of your password can be the same as the token If you use different names, password file name needs to be specified after tokenname
- Run otp.sh; will produce roughly the following output:
$ ./otp.sh tokenname [passwordname]
Password for secret(token):
Password for Savio cluster:
You might be asked for password if you have encrypted your files. Otherwise, you should log in to the cluster right away.
Please do NOT frequently log in using this method! You can only use the one time passcode once and it only gets renewed every 30 seconds! If you log in multiple time with the used one time passcode, your account might be locked!
- Script to do the actual value generation
- Script to encrypt the token in a file
- Script to decrypt same
- Empty "tokenfiles/" directory