Gauth and oathtool : Authenticator (2FA) for GNU/Linux

Hello everyone

Same as many people I was looking for a tiny software for GNU/Linux such as Google Authenticator for Android or WinAuth for Windows. Finally after quite many queries on Google I find out 2 softwares good enough as an alternative.

First alternative : Gauth (graphical software)

This tiny software is in fact an extension for your browser Firefox or Chrome.

You can find out this open source software at this address : https://5apps.com/gbraad/gauth

You also can download the source files on GitHub at this address : https://github.com/gbraad/gauth

The software looks like this inside your browser:

gauth

I just want to say thanks to the developer Gerard Braad for his work and the share of the code.

Second alternative : oathtool (my preferred solution)

This little golden software allow you to generate HOTP and TOTP codes from your preferred terminal 🙂

You would be able to generate the codes for your Two-Factor Authentication for the accounts such as : Google, Microsoft, Dropbox, Facebook and also Battlenet !

Here is the way to create a script to generate your codes:

  1. Install the software with the command : apt-get install oathtool
  2. Create a bash/shell file, per example, authenticator.sh wherever you want to have it on your system. In this example, the file will be on:
    /home/username/scripts/authenticator.sh
  3. Add the code below inside your file authenticator.sh
#!/bin/bash
 OPTIONS="Google Microsoft Dropbox Battlenet Facebook Quit"
 select opt in $OPTIONS; do
 if [ "$opt" = "Google" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Microsoft" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Dropbox" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Battlenet" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 8
 elif [ "$opt" = "Facebook" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Quit" ]; then
 exit
 else
 clear
 echo "Choose an available option."
 fi
done

Blue color : your account’s names. You can type whatever you want to.
Red color : your secret keys that you get from each one of your service provider and also the number of character (usually 6 or 8) to show. 8 for Battlenet in this example.

4) Change the file permissions to make it executable with the command:
chmod +x authenticator.sh

5) If you want to access to your script by only typing its name “authenticator.sh“. You have to add the path of your script to the system variable PATH in your .bashrc file inside your home directory : /home/username/.bashrc

You should have a line like this :
export PATH=/usr/local/bin:/usr/bin:/bin:/home/username/scripts

After doing this modification you should be able to run your script with the name of your file : authenticator.sh from the terminal.
Another way is to type the full path: /home/username/scripts/authenticator.sh
or a third way is to go into the folder (/home/username/scripts) where your script is and to type: ./authenticator.sh or sh authenticator.sh

A little print screen to show you how the script result looks like. The script purposes you to type a number from 1 to 5 to generate a code or 6 to quit the application. Here I press 1 to get my Google account code for the two factor authentication.

oathtool_authenticator

IMPORTANT : your script file contains your secret key for your accounts (Google, Dropbox…) so you have to choose the correct permissions to limit the access to it. Don’t let non authorized people read the content of this file.

I hope you appreciate this article.

The knowledge is the result of all of us, share it !
Didier

P.S I am not an English native speaker so if you realize some big mistakes about grammar or vocabulary don’t hesitate to send me a tiny comment to help me to learn and to fix my mistakes, thanks 🙂

About

View all posts by

8 thoughts on “Gauth and oathtool : Authenticator (2FA) for GNU/Linux

  1. Hi, thanks for your post! But sorry for my stupid question: how I get the “SECRETKEY”. Is it possible to use it on different google autth accounts? Thanks for help!

    1. Hi Digg. You get your secret key from the provider (Google, Dropbox,…) who provides the 2FA. Usually you can see it when the system ask you to scan a QR code. It’s a “secretkey” per account.

  2. Thanks for recommending oauthtool and sharing detailed instructions on your casual setup. That’s exactly what I needed. Keep hacking!

  3. I have spent hours trying to a) understand how 2FA works and b) what to use to just generate me the codes on my laptop. Turns out that you are the guy that actually wrote down what was needed. Thank you! This should be way easier to discover. In fact it would be nice if Google (or dropbox, or facebook) told you, but for some reason they are all obsessed with mobile phones, and don’t want to tell you how to use a different computer (phones are just computers – nothing very special about them).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.