TFA with OATH Hardware Token

May 16, 2019
Munich / Germany
Hello Proxmox Community,

I tried using TFA with andOTP and it works just fine.

But I want to use a hardware token. So I ordered one with the matching OATH specifications. running oathtool in the shell of my pve-host works just fine:

oathtool --totp --digits 6 -s 30 -w 2 -b 'DVA??????????????????????????TP3'
The questionmarks are not really questionmarks but are used to protect my seed

The numbers that are generated are working perfectly fine and DO match the numbers shown on the token.

Here comes the Problem:
The Input field in the TFA GUI is to short. If I try to enter my seed, I allways get a message, that the regex does not match an I cannot submit the form.
Trieing to manipulate /etc/pve/user.cfg (PAM user) does not work either.
I could not test with the pve-auth provider as I could not figure out how to inject the seed for such a user.

Is there a possibility to get my seed correctly into PVE?
Preferably via GUI, but if neccessarry I also can do it via bash.

Thank you very much in advance
Just wanted to provide Feedback in case anyone else want's to try this.

Works fine now, with the current PVE 6 Version, thanks for the quick fix :)

In case anyone want's to do a similar setup, the token I used is a Feitan OTP c200 with SHA1 Hash, 30 Second timeout and, of course 6 digit number.
  • Like
Reactions: t.lamprecht


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!