For ssh servers with 2FA, with a normal password and time-based one time password.
Use security to store and access the password and TOTP secret into keychain.
security add-generic-password -a $LOGNAME -s "pass" -w
security add-generic-password -a $LOGNAME -s "totp" -w
When using sshpass, you can use -C or -c to invoke security command to input the password and TOTP token.
sshpass \
-C "security find-generic-password -w -a $LOGNAME -s pass" \
-c "security find-generic-password -w -a $LOGNAME -s totp \
| oathtool -b --totp -" \
ssh [email protected]
You can use -v parameter if something wrong.
Similar to MacOS, you could choose to use pass as your password manager.
You can use sshpass and ssh as a proxy command for connecting beyond severs. Edit your ~/.ssh/config:
Host beyond
ProxyCommand sshpass -f ~/.ssh/pw -c ~/.ssh/totp ssh bastion -qW %h:%p
Then run ssh.
ssh beyond
Added parameters:
-o OTP One time password
-C command Command for printing password
-c command executable file name printing TOTP token
-O OTP prompt Which string should sshpass search for the one time password prompt
-O option's default is Verification code:.
./bootstrap
./configure
make
You might need installing autoconf and automake.
This is a fork from the sourceforge project "sshpass".
https://sourceforge.net/projects/sshpass/
I used git-svn to create "sourceforge" branch in my github repository.
https://zhuanlan.zhihu.com/p/362783435