{ "content": [ { "type": "text", "text": "# google-authenticator (man)\n\n## NAME\n\ngoogle-authenticator - initialize one-time passcodes for the current user\n\n## SYNOPSIS\n\ngoogle-authenticator [options]\nIf no option is provided on the command line, google-authenticator(1) will ask interactively\nthe user for the more important options.\n\n## DESCRIPTION\n\nThe google-authenticator(1) command creates a new secret key in the current user's home di‐\nrectory. By default, this secret key and all settings will be stored in ~/.googleauthenti‐\ncator.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **OPTIONS** (20 subsections)\n- **SEE ALSO**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "google-authenticator", "section": "", "mode": "man", "summary": "google-authenticator - initialize one-time passcodes for the current user", "synopsis": "google-authenticator [options]\nIf no option is provided on the command line, google-authenticator(1) will ask interactively\nthe user for the more important options.", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [ { "flag": "-c", "long": "--counter-based", "arg": null, "description": "Set up counter-based verification." }, { "flag": "-t", "long": "--time-based", "arg": null, "description": "Set up time-based verification. From this choice depends the available options." }, { "flag": "-w", "long": null, "arg": null, "description": "Set window of concurrently valid codes. By default, three tokens are valid at any one time. This accounts for generat‐ ed-but-not-used tokens and failed login attempts. In order to decrease the likelihood of synchronization problems, this window can be increased from its default size of 3. The window size must be between 1 and 21." }, { "flag": "-W", "long": "--minimal-window", "arg": null, "description": "Disable window of concurrently valid codes." }, { "flag": "-d", "long": "--disallow-reuse", "arg": null, "description": "(Dis)allow multiple uses of the same authentication token. This restricts the user to one login about every 30 seconds, but it increases the chances to notice or even prevent man-in-the-middle attacks." }, { "flag": "-w", "long": null, "arg": null, "description": "Set window of concurrently valid codes. By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client. For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes be‐ tween client and server. The window size must be between 1 and 21." }, { "flag": "-W", "long": "--minimal-window", "arg": null, "description": "Disable window of concurrently valid codes." }, { "flag": "-S", "long": null, "arg": null, "description": "Set interval between token refreshes to S seconds. By default, time-based tokens are generated every 30 seconds. A non-standard value can be configured in case a different time-step value must be used. The time interval must be between 1 and 60 seconds." }, { "flag": "-s", "long": null, "arg": null, "description": "Specify a non-standard file location for the secret key and settings." }, { "flag": "-f", "long": "--force", "arg": null, "description": "Write secret key and settings without first confirming with user." }, { "flag": "-l", "long": null, "arg": null, "description": "Override the default label in otpauth:// URL." }, { "flag": "-i", "long": null, "arg": null, "description": "Override the default issuer in otpauth:// URL." }, { "flag": "-Q", "long": null, "arg": null, "description": "QRCode output mode. Suppress the QRCode output (none), or output QRCode using either ANSI colors (ansi), or Unicode block elements (utf8). Unicode block elements makes the QRCode much smaller, which is often easier to scan. Unfortunately, many terminal emulators do not display these Unicode characters proper‐ ly." }, { "flag": "-u", "long": "--no-rate-limit", "arg": null, "description": "Disable rate-limiting, or limit logins to N per every M seconds. If the system isn't hardened against brute-force login attempts, rate-limiting can be enabled for the authentication module: no more than N login attempts every M seconds. The rate limit must be between 1 and 10 attempts. The rate time must be between 15 and 600 seconds." }, { "flag": "-e", "long": null, "arg": null, "description": "Generate N emergency codes. A maximum of 10 emergency codes can be generated." }, { "flag": "-q", "long": "--quiet", "arg": null, "description": "Quiet mode." }, { "flag": "-h", "long": "--help", "arg": null, "description": "Print the help message." } ], "examples": [], "see_also": [ { "name": "GOOGLE-AUTHENTICATOR", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/GOOGLE-AUTHENTICATOR/1/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 5, "subsections": [] }, { "name": "DESCRIPTION", "lines": 21, "subsections": [] }, { "name": "OPTIONS", "lines": 3, "subsections": [ { "name": "-c, --counter-based", "lines": 2, "flag": "-c", "long": "--counter-based" }, { "name": "-t, --time-based", "lines": 4, "flag": "-t", "long": "--time-based" }, { "name": "Counter-based specific options", "lines": 2 }, { "name": "-w, --window-size=", "lines": 8, "flag": "-w" }, { "name": "-W, --minimal-window", "lines": 2, "flag": "-W", "long": "--minimal-window" }, { "name": "Time-based specific options", "lines": 2 }, { "name": "-D, --allow-reuse, -d, --disallow-reuse", "lines": 5, "flag": "-d", "long": "--disallow-reuse" }, { "name": "-w, --window-size=", "lines": 15, "flag": "-w" }, { "name": "-W, --minimal-window", "lines": 2, "flag": "-W", "long": "--minimal-window" }, { "name": "-S, --step-size=", "lines": 7, "flag": "-S" }, { "name": "General options", "lines": 1 }, { "name": "-s, --secret=", "lines": 2, "flag": "-s" }, { "name": "-f, --force", "lines": 2, "flag": "-f", "long": "--force" }, { "name": "-l, --label=", "lines": 2, "flag": "-l" }, { "name": "-i, --issuer=", "lines": 2, "flag": "-i" }, { "name": "-Q, --qr-mode=", "lines": 9, "flag": "-Q" }, { "name": "-r, --rate-limit= -R, --rate-time= -u, --no-rate-limit", "lines": 8, "flag": "-u", "long": "--no-rate-limit" }, { "name": "-e, --emergency-codes=", "lines": 4, "flag": "-e" }, { "name": "-q, --quiet", "lines": 2, "flag": "-q", "long": "--quiet" }, { "name": "-h, --help", "lines": 2, "flag": "-h", "long": "--help" } ] }, { "name": "SEE ALSO", "lines": 6, "subsections": [] } ], "sections": { "NAME": { "content": "google-authenticator - initialize one-time passcodes for the current user\n", "subsections": [] }, "SYNOPSIS": { "content": "google-authenticator [options]\n\nIf no option is provided on the command line, google-authenticator(1) will ask interactively\nthe user for the more important options.\n", "subsections": [] }, "DESCRIPTION": { "content": "The google-authenticator(1) command creates a new secret key in the current user's home di‐\nrectory. By default, this secret key and all settings will be stored in ~/.googleauthenti‐\ncator.\n\nIf the system supports the libqrencode library, a QRCode will be shown, that can be scanned\nusing the Android Google Authenticator application. If the system does not have this li‐\nbrary, google-authenticator(1) outputs an URL that can be followed using a web browser. Al‐\nternatively, the alphanumeric secret key is also outputted and thus can be manually entered\ninto the Android Google Authenticator application.\n\nIn either case, after the key has been added, the verification value should be checked. To\ndo that, the user must click-and-hold the added entry on its Android system until the context\nmenu shows. Then, the user checks that the displayed key's verification value matches the\none provided by google-authenticator(1). Please note that this feature might not be avail‐\nable in all builds of the Android application.\n\nEach time the user logs into the system, he will now be prompted for the TOTP code (time\nbased one-time-password) or HOTP (counter-based one-time-password), depending on options giv‐\nen to google-authenticator(1), after having entered its normal user id and its normal UNIX\naccount password.\n", "subsections": [] }, "OPTIONS": { "content": "The main option consists of choosing the authentication token type: either time based or\ncounter-based.\n", "subsections": [ { "name": "-c, --counter-based", "content": "Set up counter-based verification.\n", "flag": "-c", "long": "--counter-based" }, { "name": "-t, --time-based", "content": "Set up time-based verification.\n\nFrom this choice depends the available options.\n", "flag": "-t", "long": "--time-based" }, { "name": "Counter-based specific options", "content": "Those settings are only relevant for counter-based one-time-password (HOTP):\n" }, { "name": "-w, --window-size=", "content": "Set window of concurrently valid codes.\n\nBy default, three tokens are valid at any one time. This accounts for generat‐\ned-but-not-used tokens and failed login attempts. In order to decrease the likelihood\nof synchronization problems, this window can be increased from its default size of 3.\n\nThe window size must be between 1 and 21.\n", "flag": "-w" }, { "name": "-W, --minimal-window", "content": "Disable window of concurrently valid codes.\n", "flag": "-W", "long": "--minimal-window" }, { "name": "Time-based specific options", "content": "Those settings are only relevant for time-based one-time-password (TOTP):\n" }, { "name": "-D, --allow-reuse, -d, --disallow-reuse", "content": "(Dis)allow multiple uses of the same authentication token.\n\nThis restricts the user to one login about every 30 seconds, but it increases the\nchances to notice or even prevent man-in-the-middle attacks.\n", "flag": "-d", "long": "--disallow-reuse" }, { "name": "-w, --window-size=", "content": "Set window of concurrently valid codes.\n\nBy default, a new token is generated every 30 seconds by the mobile application. In\norder to compensate for possible time-skew between the client and the server, an extra\ntoken before and after the current time is allowed. This allows for a time skew of up\nto 30 seconds between authentication server and client.\n\nFor example, if problems with poor time synchronization are experienced, the window\ncan be increased from its default size of 3 permitted codes (one previous code, the\ncurrent code, the next code) to 17 permitted codes (the 8 previous codes, the current\ncode, and the 8 next codes). This will permit for a time skew of up to 4 minutes be‐\ntween client and server.\n\nThe window size must be between 1 and 21.\n", "flag": "-w" }, { "name": "-W, --minimal-window", "content": "Disable window of concurrently valid codes.\n", "flag": "-W", "long": "--minimal-window" }, { "name": "-S, --step-size=", "content": "Set interval between token refreshes to S seconds.\n\nBy default, time-based tokens are generated every 30 seconds. A non-standard value\ncan be configured in case a different time-step value must be used.\n\nThe time interval must be between 1 and 60 seconds.\n", "flag": "-S" }, { "name": "General options", "content": "" }, { "name": "-s, --secret=", "content": "Specify a non-standard file location for the secret key and settings.\n", "flag": "-s" }, { "name": "-f, --force", "content": "Write secret key and settings without first confirming with user.\n", "flag": "-f", "long": "--force" }, { "name": "-l, --label=", "content": "Override the default label in otpauth:// URL.\n", "flag": "-l" }, { "name": "-i, --issuer=", "content": "Override the default issuer in otpauth:// URL.\n", "flag": "-i" }, { "name": "-Q, --qr-mode=", "content": "QRCode output mode.\n\nSuppress the QRCode output (none), or output QRCode using either ANSI colors (ansi),\nor Unicode block elements (utf8).\n\nUnicode block elements makes the QRCode much smaller, which is often easier to scan.\nUnfortunately, many terminal emulators do not display these Unicode characters proper‐\nly.\n", "flag": "-Q" }, { "name": "-r, --rate-limit= -R, --rate-time= -u, --no-rate-limit", "content": "Disable rate-limiting, or limit logins to N per every M seconds.\n\nIf the system isn't hardened against brute-force login attempts, rate-limiting can be\nenabled for the authentication module: no more than N login attempts every M seconds.\n\nThe rate limit must be between 1 and 10 attempts. The rate time must be between 15\nand 600 seconds.\n", "flag": "-u", "long": "--no-rate-limit" }, { "name": "-e, --emergency-codes=", "content": "Generate N emergency codes.\n\nA maximum of 10 emergency codes can be generated.\n", "flag": "-e" }, { "name": "-q, --quiet", "content": "Quiet mode.\n", "flag": "-q", "long": "--quiet" }, { "name": "-h, --help", "content": "Print the help message.\n", "flag": "-h", "long": "--help" } ] }, "SEE ALSO": { "content": "The Google Authenticator source code and all documentation may be downloaded from\n.\n\n\n\nGoogle two-factor authentication user manual GOOGLE-AUTHENTICATOR(1)", "subsections": [] } } } }