(Open)SSH as a TOTP *Token*?

Darren Tucker dtucker at dtucker.net
Mon Feb 20 23:59:21 AEDT 2023

On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote:
> A quick question, if I may: Today, I heard a rumour that "ssh" can be
> used as a TOTP *token* (i.e., accept or generate a secret for a
> configuration and generate TOTP codes from there on out, to be entered
> into some *other* software requesting them for 2FA).

I'm not aware of any way that ssh(1) can act as a TOTP (ie RFC6238 or
similar).  As you point out sshd can use TOTP to authenticate via a
couple of different mechanisms that implement TOTP.

> Am I correct to assume that someone got the participants in a TOTP setup
> mixed up there?

That would be my guess.  Maybe they meant openssl?  That would at
least have the primitives needed to implement TOTP.

Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list