On 2023/02/20 23:59, Darren Tucker wrote: > On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern@xxxxxxxxx> wrote: > > A quick question, if I may: Today, I heard a rumour that "ssh" can be > > used as a TOTP *token* (i.e., accept or generate a secret for a > > configuration and generate TOTP codes from there on out, to be entered > > into some *other* software requesting them for 2FA). > > I'm not aware of any way that ssh(1) can act as a TOTP (ie RFC6238 or > similar). As you point out sshd can use TOTP to authenticate via a > couple of different mechanisms that implement TOTP. > > > Am I correct to assume that someone got the participants in a TOTP setup > > mixed up there? > > That would be my guess. Maybe they meant openssl? That would at > least have the primitives needed to implement TOTP. There's no support for this in the openssl command-line tool. FWIW oathtool (in oath-toolkit) can do it, as can various password managers (including gopass). _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
