One-time login for cloud instances.
Generate a temporary one-time login password.
Because cloud instances use SSH keys but web sites require passwords.
SSH to your cloud instance with your key and run otl:
$ ssh -i instance.key user@instance otl
VERYEXTREMELYREALLYLONGLONGLONGSECUREHASHEDGENERATEDPASSWORDUse the returned password with the web site hosted on the instance:
<insert screenshot/video here>
This works for any website that uses locally defined users or any user authentication method that passes through PAM.
The password is valid for one successful login and only for 3 minutes.
otl doesn't support SELINUX at the moment, so it should be disabled or switched to permissive mode.
For example, if used with Cockpit, run the following:
semanage permissive -a cockpit_session_t- libpam-devel
- libsodium-devel
For Debian/Ubuntu:
$ sudo apt-get install -y libpam0g-dev libsodium-devFor Fedora/CentOS:
$ sudo yum install -y pam-devel libsodium-devel$ makeInstall manually by running:
$ sudo cp otl /usr/bin/
$ sudo cp pam_otl.so /usr/lib64/security/(make install soon to come...)
otl authentication is implemented as a PAM (Pluggable Authentication Modules for Linux) module.
To install it, add:
auth sufficient pam_otl.so
to /etc/pam.d/password-auth after the "auth sufficient pam_unix.so" line.
MIT, See LICENSE
See TODO