HOTP Support
Comments
-
a vote for HOTP (Duo Mobile 2FA) support
0 -
Hi @Dave_1P,
Thank you for your interest. Answering your question, this is more likely the second, namely, I would like to see support for HOTP - Hash -based One-Time Password in 1Password to pass Cisco Duo Passcodes.
To say the truth, I already got out. I'm using Duo HOTP Python3 lib for that. In part, I also refer to the article by Shreyas Minocha
So by the help 1Password CLI i get password for VPN client and HOTP duo passcode with duo-hotp lib.!/usr/bin/env bash get_pw () { /usr/local/bin/op read op://Private/'id'/password } get_pw_keychain () { security 2>&1 >/dev/null find-generic-password -ga domain-tld-vpn \ |ruby -e 'print $1 if STDIN.gets =~ /^password: "(.*)"$/' } get_passcode () { /usr/bin/python3 ~/duo.py next -s ~/.duo-hotp } ADDR=domain-tld-vpn USER=username PASSWORD=$(get_pw) if [[ ! -z "$PASSWORD" ]] && [[ "{$(/opt/cisco/anyconnect/bin/vpn status)[0]}" == *"Disconnected"* ]]; then killall -kill "Cisco AnyConnect Secure Mobility Client" >/dev/null 2>&1 PASSCODE=$(get_passcode) if [[ -z "$PASSCODE" ]]; then echo "Error getting DUO HOTP Passcode!" exit 1 fi /usr/bin/expect -f - <<EOD set timeout 10 spawn /opt/cisco/anyconnect/bin/vpn connect $ADDR send -- "5\r" expect "\r\nUsername:*" {send -- "$USER\r"} expect "Passcode: " {send -- "$PASSWORD,$PASSCODE\r"} expect "Connected" EOD else echo "Seems to be already connected or no credentials were provided!" /opt/cisco/anyconnect/bin/vpn state /opt/cisco/anyconnect/bin/vpn stats fiBtw, HOTP implemented by Google Authenticator.
0 -
Interesting read!
Does anyone know about something similar for Ping Identity?
https://www.pingidentity.com/en/platform/capabilities/multi-factor-authentication/pingid.html
(I’d love to use 1Password instead of their ugly App…)
0
