由于jumpserver使用了Google auth认证，登录终端需要使用秘钥登录，比较繁琐，因此编写了简化代码

# 1、mac下,将秘钥存储到python脚本
cat ~/ga.py
#!/usr/bin/python
import hmac, base64, struct, hashlib, time

secretKey = '私钥'

def cal_google_code(secret_key):
    input = int(time.time())//30
    key = base64.b32decode(secret_key)  # length of the key must be a multiplier of eight
    msg = struct.pack(">Q", input)
    google_code = hmac.new(key, msg, hashlib.sha1).digest()
    try:
    	o = google_code[19] & 15
    except:
    	o = ord(google_code[19]) & 15
    google_code = str((struct.unpack(">I", google_code[o:o+4])[0] & 0x7fffffff) % 1000000)
    if len(google_code) == 5:
        google_code = '0' + google_code
    if len(google_code) == 4:
        google_code = '00' + google_code
    return google_code

print(cal_google_code(secretKey))

# 2、mac下,直接将文件存储到可执行目录[必须添加sleep，否则在item2下会出错误]
cat /usr/local/bin/jumpserver
#!/usr/bin/expect -f

set nickNamePY "你的花名拼音"
set gaCode [exec sh -c {python ~/ga.py}]
 
spawn ssh $nickNamePY@jumpserver.010sec.com
 
expect {
    "MFA" {
        sleep 0.3
        send "$gaCode\n"
        expect "Opt>" {
            send "\n"
        }
    }
    "Opt>" {
        send "\n"
    }
}
interact


# 赋予可执行权限
chmod +x /usr/local/bin/jumpserver

# 这样就可以实现简单化的登录方案

http://www.10qianwan.com/articledetail/329157.html  time-based基于google key生成6位验证码（google authenticator）
https://github.com/grahammitchell/google-authenticator/blob/master/google-authenticator.py