3.2. Installing from APT repositories

The LinOTP components are available via apt repositories to install the server on Debian.


If you own an active support and subscription license, you will have received instructions to additional install options including access to our Smart Virtual Appliance, that includes all required repositories, packages and a preconfigured FreeRADIUS server.

3.2.1. Debian Buster

The public community repository is availble on linotp.org.


Only a minimal OS installation is required to install LinOTP.

Download the repository’s public key and store it in the APT trust database:

$ curl https://dist.linotp.org/debian/gpg-keys/linotp-archive-current.asc | sudo tee /etc/apt/trusted.gpg.d/linotp-archive-current.asc

Add the linotp.org repository to your APT setup:

$ echo 'deb http://dist.linotp.org/debian/linotp3 buster linotp' | sudo tee /etc/apt/sources.list.d/linotp.list


Feel free to use https://… since the repository is also available via HTTPS.

Install the MariaDB database (other database servers, as well as external databases, may be used but that requires additional configuration):

$ sudo apt-get update
$ sudo apt-get install mariadb-server
$ sudo mysql_secure_installation</code></pre>

Next install LinOTP and the linotp.org keyring package:

$ sudo apt-get install linotp-archive-keyring linotp

Some configuration screens will pop up, when installing the LinOTP package. This configuration will take care of creating the logging directory /var/log/linotp, setting up the webserver, configureing the Database, and generating an encryption key at /etc/linotp/encKey.

If you install the database after LinOTP or if you would like to change the used database type you can reinitialize the setup procedure with:

$ sudo dpkg-reconfigure linotp


During reconfiguration you are asked, if you want to create a new encryption key. If you do so, you will not be able to read your old data in the token database. But the encryption key is backed up to /etc/linotp2/encKey.old.