$ oathtool -c COUNTER SEEDAnd for TOTP:
$ oathtool --totp SEEDThe package also provides library and header files and more complex applications/GUIs can be easily based on it. There is also PAM module included that allows you to use your HOTP/TOTP HW/SW token for authentication against your machines (e.g. sshd). To enable it for sshd add the following line to the top of your /etc/pam.d/sshd:
auth sufficient pam_oath.so usersfile=/etc/users.oath window=20 digits=6This will setup the SSH for 6 digits HOTP/TOTP and will check through the 20 values (the tolerance). Then create the /etc/users.oath file and add there a list of allowed users together with their prefix passwords (PINs) and seeds, e.g.:
HOTP/T30 root pw 00 HOTP user1 - 01In the example above, the user root is configured for 30 seconds TOTP with the prefix password (PIN) pw and seed 00, the user user1 has no prefix password and uses the seed 01. As the file contains seeds and plain text PINs, do not forget to chown it to root:root and chmod it to 600. For correct function the "UsePAM yes" and "PasswordAuthentication yes" also needs to be specified in your /etc/ssh/sshd_config. Currently it may not work correctly with the SELinux (for details see the merge review).