Look into oathtool: https://www.nongnu.org/oath-toolkit/
You don't say what you want to use 2FA for but here's an example for SSH:
First install libpam-oath and oathtool.
A seed is needed. The seed should be unique for every user. One way to make a
seed: head -10 /dev/urandom | sha512sum | cut -b 1-30
Edit or create /etc/users.oath and put in something like this using the seed
from the previous step:
HOTP/T30/6 myusername - d1da273d1e26613289efb82bca8a9b
Edit /etc/ssh/sshd_config and edit or include these values:
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
Edit /etc/pam.d/sshd
Add the line:
auth required pam_oath.so usersfile=/etc/users.oath window=30 digits=6
Comment out common-auth:
# Standard Un*x authentication.
@include common-auth
And after setting up the various machines you might, for example, run this:
oathtool --totp d1da273d1e26613289efb82bca8a9b
And get your 2FA code:
639420
Ta Da.
