This project is a very simple wrapper for the teleport tsh tool to programmatically supply the required time based otp codes.
Just clone the script, set up your secret file, set up the environment variables if needed and good to go.
tsh tool - Provided by your teleport installation
expect - Scripting to work with the tool interactively
$ apt-get install expect
$ pacman -S expect
openssl - Store the secret securely (Only if using the secret file)
$ apt-get install openssl
$ pacman -S openssl
The otp codes are based on a secret that is given to you when you get your account. Usually this secret is a QR code that you can read with your smartphone.
This QR has your secret and some other information, such as how often the otp code changes and how many digits it has.
If this secret file is available, it will be decrypted, if not, you will be prompted for the OTP code.
You need to read the QR and store the secret in an encrypted file.
To read it, you can use zbar:
$ zbarimg -q --raw qr.png | openssl aes-256-cbc -e -md sha256 -out secret.aes
don't forget to erase any traces of the qr from your system.
This script will decrypt the secret file using the password provided for tsh and try to extract the parameters secret digits and period as if the secret file stored an uri.
If secret or period fails, it will use the defaults (6 and 30), if it cannot find secret, it will use the whole file as the secret.
Uri example:
otpauth://totp/ACME:roadrunner@auth-acme?algorithm=SHA1&digits=6&issuer=ACME&period=30&secret=MYSECRET
You can set up the TSHWRAPPER_SECRET_PATH env var to point to your secret file or place it in ~/.tsh_otp_secret.aes
Set TSHWRAPPER_SILENT to 1 to have a very silent script
Set TSHWRAPPER_TSH_PATH to your runnable tsh tool
Have this script in your path with the name "tsh" (soft link, copy in ~/bin...)
Now you have a tsh tool that automatically injects the otp codes!
If you have other wrappers over tsh that output lines that begin with * , ERRO or
WARN, you can have this script ignore them setting the following env var:
TSHWRAPPER_IGNORE_FIRST_LINES="WARN.*\n|ERRO.*\n|\\*.*\n"
- Jose M Perez Ramos - Kuroneer
This project is ~400 lines long and thus it's released to the public domain. Check LICENSE for more information.