How to Generate MFA Token like RSA SecurID Software Token on Ubuntu Linux?

I write this post to create a Telegram chatbot that can generate a token for Check Point Mobile VPN. Each time I need to login into a VPN account, I need to supply a token generated by RSA SecurID. The RSA SecurID Software Token is bound to a Device Serial Number on each installation on a specific device. Since we only have one person have one token RSA SecurID registered. Each time we need to connect to VPN, we need to contact him to get VPN token access. So I like to have automated.

Check Point Client which need to supply MFA token to login
Check Point Client which need to supply MFA token to login

I need to have how to generate MFA tokens like RSA SecurID Software Token in Linux. I tried to Google and found that we can use stoken to generate it.

stoken can be found in Github, or you can install on Ubuntu. You can install it with command:

sudo apt install stoken

After installed, import a token from a raw string or an “sdtid” XML file:

$ stoken import --file=tokenxml.sdtid --devid=4y7xxe00000y5z0xxx62
Enter new password:
Confirm new password:

In my case, I upload my sdtid XML file, and I need to supply the devid as Device ID or Device Serial Number as it is called on RSA SecurID Software Token. You also need to supply a password, so that your seed is encrypted on disk, but in my case, I don’t want a password, so I need to enter twice to create an empty password.

Next, use the CLI or GUI to show the current tokencode:

$ stoken tokencode
Enter password to decrypt token:
Enter PIN:

or if you not supply any password when import the “sdtid” XML file:

$ stoken tokencode --pin=0000

stoken also available in Kevin Cernekee’s Github and for manual can be found on Ubuntu man page.