(Open)SSH as a TOTP *Token*?

Darren Tucker dtucker at dtucker.net
Mon Feb 20 23:59:21 AEDT 2023


On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote:
> A quick question, if I may: Today, I heard a rumour that "ssh" can be
> used as a TOTP *token* (i.e., accept or generate a secret for a
> configuration and generate TOTP codes from there on out, to be entered
> into some *other* software requesting them for 2FA).

I'm not aware of any way that ssh(1) can act as a TOTP (ie RFC6238 or
similar).  As you point out sshd can use TOTP to authenticate via a
couple of different mechanisms that implement TOTP.

> Am I correct to assume that someone got the participants in a TOTP setup
> mixed up there?

That would be my guess.  Maybe they meant openssl?  That would at
least have the primitives needed to implement TOTP.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list