Linux
Here are some example variants explained, depending on the distribution and
version, this may of course vary slightly.
Don't forget to verify the token
(see
step 8 in the description
for mobile devices), otherwise the generated codes will not work!
Variant 1
Under Debian/Ubuntu/… there is the tool
"
OTPClient",
which can be installed via
apt install otpclient
Variant 2
If you want to work from the
CLI, the following variant
works, but you have to
make sure that the secret is
stored really secure (e. g. in a password manager):
-
Install the tool oathtool via
apt install oathtool
-
Enroll a new TOTP token via privacyidea.tugraz.at.
-
When the QR code is displayed
copy the target of the link "here":
otpauth://totp/TOTP01280DE7%20USERNAME%40privacyIDEA?secret=xxx…xxx&algorithm=sha256&period=60&digits=6&issuer=ZID%20TU%20Graz
-
Then use the value of the secret (xxx…xxx) to generate the
code:
oathtool -b --totp=sha256 "xxx…xxx" -s 60
-
It is best to store this complete command in the password manager.
Variant 3
If you already use the password manager "pass", you could also install the
OTP extension from it (Debian/Ubuntu):
apt install pass-extension-otp
Thus, the otpauth URL already mentioned in variant 2 could be passed (twice):
pass otp insert
Enter otpauth:// URI for this token:
This creates a subfolder in the password manager with the name of the issuer
and an entry in it with the serial number of the token including the username,
e. g.:
ZID TU Graz
TOTP00268D1C testerl@privacyIDEA
The OTP can then be generated in this case as follows:
pass otp code "ZID TU Graz/TOTP00268D1C testerl@privacyIDEA"
It makes sense to set up an alias for this, e. g. like this:
alias tug-otp='pass otp code "ZID TU Graz/TOTP00268D1C testerl@privacyIDEA"'
Thus, you only need to remember one command.
