I’ve played with FreeOTP for my own websites in the past, but here is a cleaned up version.
apt-get install qrencode oathtool
Using a webserver with php you can use below simple sniplet to restrict access.
<?PHP $output = shell_exec('oathtool --totp=sha256 --base32 ################PLACE-SECRET-OUTPUT-HERE-############'); $otp=$_POST["otp"]; $stripped = preg_replace('/\D/', '', $output); $strippedotp = preg_replace('/\D/', '', $otp); ?> <form action="" method="post"> OTP: <input type="text" name="otp"><br> <input type="submit"> </form> <?PHP if(strcmp("$strippedotp", "$stripped") == 0) { echo "Access"; } else { echo "No Access"; } ?>
bash script to generate secret and qrcode
#!/bin/bash secret=$(echo 1234567812345678 | base32) echo "Secret : (place in PHP file)" echo $secret qrencode -t ANSI256 -o - $(echo otpauth://totp/Mine:myname?secret=${secret}\&issuer=Mine\&algorithm=SHA256\&digits=6\&period=30) -o qrcode.png -t png -s 5
Above generates a QRcode you can import in FreeOTP