Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SKEY(1)			  BSD General Commands Manual		       SKEY(1)

NAME
     skey -- respond to	an OTP challenge

SYNOPSIS
     skey [-n count] [-p password] [-t hash] [-x] sequence# [/]	key

DESCRIPTION
     S/Key is a	One Time Password (OTP)	authentication system.	It is intended
     to	be used	when the communication channel between a user and host is not
     secure (e.g. not encrypted	or hardwired).	Since each password is used
     only once,	even if	it is "seen" by	a hostile third	party, it cannot be
     used again	to gain	access to the host.

     S/Key uses	64 bits	of information,	transformed by the MD4 algorithm into
     6 English words.  The user	supplies the words to authenticate himself to
     programs like login(1) or ftpd(8).

     Example use of the	S/Key program skey:

	   % skey  99  th91334
	   Enter password: <your secret	password is entered here>
	   OMEN	US HORN	OMIT BACK AHOY
	   %

     The string	that is	given back by skey can then be used to log into	a sys-
     tem.

     The programs that are part	of the S/Key system are:

     skeyinit(1)   used	to set up your S/Key.

     skey	   used	to get the one time password(s).

     skeyinfo(1)   used	to initialize the S/Key	database for the specified
		   user.  It also tells	the user what the next challenge will
		   be.

     skeyaudit(1)  used	to inform users	that they will soon have to rerun
		   skeyinit(1).

     When you run skeyinit(1) you inform the system of your secret password.
     Running skey then generates the one-time password(s), after requiring
     your secret password.  If however,	you misspell your secret password that
     you have given to skeyinit(1) while running skey you will get a list of
     passwords that will not work, and no indication about the problem.

     Password sequence numbers count backward from 99.	You can	enter the
     passwords using small letters, even though	skey prints them capitalized.

     The -n count argument asks	for count password sequences to	be printed out
     ending with the requested sequence	number.

     The hash algorithm	is selected using the -t hash option, possible choices
     here are md4, md5 or sha1.

     The -p password allows the	user to	specify	the S/Key password on the com-
     mand line.

     To	output the S/Key list in hexadecimal instead of	words, use the -x op-
     tion.

EXAMPLES
     Initialize	generation of one time passwords:

	   host% skeyinit
	   Password: <normal login password>
	   [Adding username]
	   Enter secret	password: <new secret password>
	   Again secret	password: <new secret password again>
	   ID username s/key is	99 host12345
	   Next	login password:	SOME SIX WORDS THAT WERE COMPUTED

     Produce a list of one time	passwords to take with to a conference:

	   host% skey -n 3 99 host12345
	   Enter secret	password: <secret password as used with	skeyinit>
	   97: NOSE FOOT RUSH FEAR GREY	JUST
	   98: YAWN LEO	DEED BIND WACK BRAE
	   99: SOME SIX	WORDS THAT WERE	COMPUTED

     Logging in	to a host where	skey is	installed:

	   host% telnet	host

	   login: <username>
	   Password [s/key 97 host12345]:

     Note that the user	can use	either his/her S/Key password at the prompt
     but also the normal one unless the	-s flag	is given to login(1).

SEE ALSO
     login(1), skeyaudit(1), skeyinfo(1), skeyinit(1), ftpd(8)

     RFC 2289

TRADEMARKS AND PATENTS
     S/Key is a	trademark of Bellcore.

AUTHORS
     Phil Karn
     Neil M. Haller
     John S. Walden
     Scott Chasin

BSD				 July 25, 2001				   BSD

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | TRADEMARKS AND PATENTS | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=skey&sektion=1&manpath=NetBSD+6.0>

home | help