Alpine based image provides ssh client, oathtool (for generating TOTP tokens) and sshpass (a noninteractive ssh password provider) for automated ssh logins. Provides optional login using time-based one-time password authentication.
| Var | Description |
|---|---|
| OTP_SECRET Optional |
TOTP seecret (SHA) |
| OTP_PREFIX Optional |
Prefix for SSHPASS |
| OTP_SUFFIX Optional |
Suffix for SSHPASS |
| SSHPASS Optional |
Generated in entrypoint, if OTP_SECRET is defined. To be used with sshpass -e |
| NTP_SERVER Optional |
Defaults to time.google.com |
| NTP_MAXOFFSET Optional |
Exit if time offset is > NTP_MAXOFFSET (ms). Set to Zero to disable ntp time comparison. Default: 20000 |
Run ssh client with disabled time drift detection:
docker run \
--rm \
-e NTP_MAXOFFSET="0" \
ghcr.io/jbrunner/sshpass-oathtool:latest \
ssh user@host <command>
Login with TOTP token as Password:
docker run \
--rm \
-e OTP_SECRET="Your secret here" \
ghcr.io/jbrunner/sshpass-oathtool:latest \
sshpass -e ssh user@host <command>