Last active
April 20, 2016 17:14
-
-
Save ervinb/cdb3d63da91876f1e5be700b0ffa9135 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env expect -f | |
set otc_pattern "(\d){6}" | |
set name [lindex $argv 0] | |
set server [lindex $argv 1] | |
set secret $env(MFA_SECRET) | |
spawn oathtool --totp -b "$secret" | |
expect otc_pattern | |
set otc $expect_out(buffer) | |
send_user "SSH user: $name\n" | |
send_user "SSH server: $server\n" | |
send_user "Your one-time code is: $otc" | |
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $name\@$server | |
expect "Verification code:" | |
send "$otc\r" | |
interact |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Setting up Google Authenticator (on the server)
MFA_SECRET
environment variable on the clientGenerate one-time code (on the client)
oathtool
andexpect
MFA_SECRET
export MFA_SECRET=mys3cr37
~/.ssh/authorized_keys
on the server, which enables passwordless SSH logins