2FA on the command line.

There is no shortage of OTP 2FA apps availiable for your phone, such as Google Authenticator or Duo Mobile. These apps take an initial secret code, and create a TOTP anytime you need a 2FA code for login. It's also possible to do 2FA on the CLI. Some advantages:

  1. Easy to add, maintain, and backup with a simple key=val text file
  2. Copy/Paste is easier than typing digits displayed on your phone
  3. No issues with being locked out due to dead/lost/new phones

This is accomplised with a utility named oathtool. It can be installed on Debian/Ubuntu via: apt install oathtool. I use a helper script as well as a file of initial secrets.


#!/usr/bin/env bash
if [ -z $1 ]; then
  echo "Usage:"
  echo "   otp google"
  echo "Configuration: $HOME/.otpkeys"
  echo "Format: name=key"
OTPKEY="$(sed -n "s/${1}=//p" $HOME/.otpkeys)"
if [ -z "$OTPKEY" ]; then
  echo "$(basename $0): Bad Service Name '$1'"
oathtool --totp -b "$OTPKEY"


aws={secret code}
google={secret code}

Getting a 2FA code:

$ otp aws

Add a comment


I extended your script such that the secrets are encrypted and decrypted on-the-fly using GnuPG: https://karl-voit.at/2019/03/03/oathtool-otp/
Written on Sun, 03 Mar 2019 10:46:04 by Karl Voit
keys may contain space, you should escape the variable. if [ -z "$OTPKEY" ]; then echo "$(basename $0): Bad Service Name '$1'" $0 exit fi oathtool --totp -b "$OTPKEY"
Written on Fri, 01 Mar 2019 02:53:50 by jderusse
I use Unix Password Store https://www.passwordstore.org/ for this. It has an OTP plugin and all my values are encrpted with my PGP key. It integrates with dmenu for my i3 sessions too.
Written on Thu, 28 Feb 2019 15:30:35 by Patrick S Kelso
As of point #2 KDEConnect can share your clipboard between phone and computer. With FreeOTP on Android, it's a two stage operation; 1) generate the TOTP on the phone 2) C-v on your computer 3) youre done
Written on Thu, 28 Feb 2019 14:34:33 by yeep
Hi, I'd suggest to encrypt the ~/.otpkeys file with pgp :-)
Written on Thu, 28 Feb 2019 13:13:09 by Marco

Previous Post