I have the Steam app installed on my phone only because I need it for the steamguard OTP codes. I thought that was the only way to get the codes but I have now found steamguard-cli. This not only gives you a command line program to generate the mobile authenticator code so you don't need to get your phone, but it will also let you see the secret which can be used in other OTP software. steamguard-cli is written in Rust, and it's easy to grab it from github and build:

$ git clone https://github.com/dyc3/steamguard-cli.git
$ cd steamguard-cli/
$ cargo build --release

It will take a while, but the binary will end up in the target/release directory. You can run it directly from there, or optionally install it using by running:

$ cargo install --path .

This will install steamguard-cli to ~/.cargo/bin so you need to make sure that is in your $PATH.

To set up the authenticator on your Steam account you first need to make sure you have a mobile phone number linked to your account, this is required as Steam will send an SMS code to it during the setup. You also need to have access to the email address linked to your Steam account for another code. Just pass the setup option to steamguard_cli and it will ask you to provide your login details and the codes:

$ cd target/release
$ ./steamguard-cli setup

example output:

Would you like to create a manifest in /home/user/.config/steamguard-cli/maFiles ? [Yn] Log in to the account that you want to link to steamguard-cli
Username: steamuser
Password:
You should have received an email with a code.
Enter code: 3T6V8
Authenticator has not yet been linked. Before continuing with finalization, please take the time to write down your revocation code: R98273
Press any key to continue...
Enter SMS code: 47138
Authenticator finalized.

The first time I entered the email code I didn't use any CAPS and it failed, so make sure you type the code exactly as shown in the email. Also make sure you keep a note of your revocation code, this is important in case you need to remove the authenticator The current version of steamguard-cli acts a bit strange, it seemed to get stuck before asking for my username and I needed to press Enter first. Then when it had finished the setup it got stuck again and needed a CTRL-C to close it.

Now it's all setup and you should have the authentication files in ~/.config/steamguard-cli/maFiles. You can run the steamguard-cli command again without any arguments and it will print the current mobile authenticator code that you need to login to your Steam account.

example:

$ ./steamguard-cli
INFO - reading manifest from /home/user/.config/steamguard-cli/maFiles
8JBCP

I created a little script which I run with WIN+R (or SUPER+R, ALT+F2, whatever your system uses for the Run dialog) which will automatically type the code into the Steam Guard code box using xdotool

#!/bin/bash
export DISPLAY=:0
/home/user/.cargo/bin/steamguard-cli | xdotool type --delay 100 --file -
xdotool key Return

In this example I had installed it to ~/.cargo/bin so if you still have the binary in the source directory you will need to use that instead.

You can also add your authenticator secret to other OTP programs that support it. I use KeePassXC and just needed to find my secret from the otpauth:// uri in ~/.config/steamguard-cli/maFiles/steamuser.maFile. Then right click my Steam entry in KeePassXC and set up TOTP using Steam settings and the secret from the maFile.

Remember to make a backup of your maFiles!

Previous Post Next Post