File tree Expand file tree Collapse file tree 2 files changed +59
-6
lines changed Expand file tree Collapse file tree 2 files changed +59
-6
lines changed Original file line number Diff line number Diff line change @@ -41,6 +41,19 @@ lazy-connect - Shell function to fuzzy search an IPSec VPN by name
4141-h - Show this help
4242```
4343
44+ ### YubiKey Support
45+
46+ #### Prerequisite
47+
48+ 1 . [ yubikey-manager] ( https://github.com/Yubico/yubikey-manager )
49+
50+ To use ` TOTP ` from YubiKey set the following environment variable
51+
52+ ``` sh
53+ export LAZY_CONNECT_TOTP_GENERATOR=yubikey
54+ export LAZY_CONNECT_TOTP_QUERY=< name of the issuer>
55+ ```
56+
4457### Warning
4558
4659- The secret key to generate TOTP is stored as plain text in ` ~/.config/lazy-connect/secret `
Original file line number Diff line number Diff line change 11#! /bin/bash
22
3+ TOTP_MODE=${LAZY_CONNECT_TOTP_GENERATOR:- oathtool}
4+
35_lazy_connect_config_dir=~ /.config/lazy-connect
46_lazy_connect_project_dir=~ /.lazy-connect
57
68function _lazy_connect_init() {
7- echo -n " Secret Key: "
8- read -s secret_key
9- echo " **********"
10- echo $secret_key > $_lazy_connect_config_dir /secret
9+ case $TOTP_MODE in
10+ oathtool)
11+ echo -n " Secret Key: "
12+ read -s secret_key
13+ echo " **********"
14+ echo $secret_key > $_lazy_connect_config_dir /secret
15+ ;;
16+ esac
1117 _lazy_connect_vpn_refresh
1218}
1319
@@ -60,10 +66,44 @@ lazy-connect - Shell function to fuzzy search an IPSec VPN by name
6066EOF
6167}
6268
69+ function _lazy_connect_get_totp() {
70+ secret_key=$1
71+ case $TOTP_MODE in
72+ oathtool)
73+ password=$( oathtool --totp --base32 $secret_key )
74+ return 0
75+ ;;
76+ yubikey)
77+ if ! [ -x " $( command -v ykman) " ; then
78+ echo ' Error: ykman tool not installed.' >&2
79+ exit 1
80+ fi
81+ if [ -z " $LAZY_CONNECT_TOTP_QUERY " ; then
82+ echo " Error: LAZY_CONNECT_TOTP_QUERY not set"
83+ exit 1
84+ else
85+ password=$( ykman oath code $LAZY_CONNECT_TOTP_QUERY 2> /dev/null | awk ' {print $2}' )
86+ fi
87+ ;;
88+ esac
89+ }
90+
6391function _lazy_connect() {
6492 vpn_name=$1
65- secret_key=$2
66- password=$( oathtool --totp --base32 $secret_key )
93+ _lazy_connect_get_totp $2
94+
95+ if [ -z " $password " ; then
96+ case $TOTP_MODE in
97+ oathtool)
98+ echo " Error: Unable to generate otp using oathtool"
99+ return 1
100+ ;;
101+ yubikey)
102+ echo " Error: No YubiKey found"
103+ return 1
104+ ;;
105+ esac
106+ fi
67107
68108 osascript << EOF
69109 on connectVpn(vpnName, password)
You can’t perform that action at this time.
0 commit comments