(Open)SSH as a TOTP *Token*?

Jochen Bern Jochen.Bern at binect.de
Wed Feb 15 20:46:48 AEDT 2023

A quick question, if I may: Today, I heard a rumour that "ssh" can be 
used as a TOTP *token* (i.e., accept or generate a secret for a 
configuration and generate TOTP codes from there on out, to be entered 
into some *other* software requesting them for 2FA).

All I could find on the web so far are how-tos to a) make ssh*d* request 
and verify TOTP codes (usually with the help of PAM) or b) automate 
passing TOTP codes into a CLI ssh (e.g., generated by Vault and injected 
with sshpass).

Am I correct to assume that someone got the participants in a TOTP setup 
mixed up there?

Kind regards,
Jochen Bern

Binect GmbH

More information about the openssh-unix-dev mailing list