Objective: Generate TOTP (Time-based One-Time Password) one-time passwords on Linux.
On mobile phones, apps like Google Authenticator or Authy can be used to generate 2-step verification codes. To generate the same verification codes on Linux, you can use an utility called
oathtool, use one of the following commands based on your distro.
On Debian based systems:
# sudo apt-get install oathtool
On RedHat based systems:
# sudo yum install oathtool
To generate the one-time password, you will need the shared secret key of the account that you are generating the password for. TOTP urls are of the following format:
The secret key is
KY3OUPMUYWCKS53F for the above URL. It is
base32 encoded by default. You will be able to get the URL by using a QR code scanner during 2-step verification setup.
Once you have the secret key, use
oathtool using the following command syntax.
# oathtool --totp -b -d 6 KY3OUPMUYWCKS53F
The above command will switch
oathtool to TOTP mode, use
base32 encoding for the key and display 6 digits for the OTP password.
Since TOTP codes are generated based on current timestamp, the system time must be accurate in order for
oathtool to generate valid verification codes. If
oathtool is generating invalid codes, check your system time.