1.\" $NetBSD: skey.1,v 1.22 2005/09/11 23:25:32 wiz Exp $ 2.\" 3.\" from: @(#)skey.1 1.1 10/28/93 4.\" 5.Dd July 25, 2001 6.Dt SKEY 1 7.Os 8.Sh NAME 9.Nm skey 10.Nd respond to an OTP challenge 11.Sh SYNOPSIS 12.Nm 13.Op Fl n Ar count 14.Op Fl p Ar password 15.Op Fl t Ar hash 16.Op Fl x 17.Ar sequence# 18.Op / 19.Ar key 20.Sh DESCRIPTION 21.Em S/Key 22is a One Time Password (OTP) authentication system. 23It is intended to be used when the communication channel between 24a user and host is not secure (e.g. not encrypted or hardwired). 25Since each password is used only once, even if it is "seen" by a 26hostile third party, it cannot be used again to gain access to the host. 27.Pp 28.Em S/Key 29uses 64 bits of information, transformed by the 30.Tn MD4 31algorithm into 6 English words. 32The user supplies the words to authenticate himself to programs like 33.Xr login 1 34or 35.Xr ftpd 8 . 36.Pp 37Example use of the 38.Em S/Key 39program 40.Nm : 41.Bd -literal -offset indent 42% skey 99 th91334 43Enter password: \*[Lt]your secret password is entered here\*[Gt] 44OMEN US HORN OMIT BACK AHOY 45% 46.Ed 47.Pp 48The string that is given back by 49.Nm 50can then be used to log into a system. 51.Pp 52The programs that are part of the 53.Em S/Key 54system are: 55.Bl -tag -width skeyauditxxx 56.It Xr skeyinit 1 57used to set up your 58.Em S/Key . 59.It Nm 60used to get the one time password(s). 61.It Xr skeyinfo 1 62used to initialize the 63.Em S/Key 64database for the specified user. 65It also tells the user what the next challenge will be. 66.It Xr skeyaudit 1 67used to inform users that they will soon have to rerun 68.Xr skeyinit 1 . 69.El 70.Pp 71When you run 72.Xr skeyinit 1 73you inform the system of your 74secret password. 75Running 76.Nm 77then generates the 78one-time password(s), after requiring your secret password. 79If however, you misspell your secret password that you have given to 80.Xr skeyinit 1 81while running 82.Nm 83you will get a list of passwords 84that will not work, and no indication about the problem. 85.Pp 86Password sequence numbers count backward from 99. 87You can enter the passwords using small letters, even though 88.Nm 89prints them capitalized. 90.Pp 91The 92.Fl n Ar count 93argument asks for 94.Ar count 95password sequences to be printed out ending with the requested 96sequence number. 97.Pp 98The hash algorithm is selected using the 99.Fl t Ar hash 100option, possible choices here are md4, md5 or sha1. 101.Pp 102The 103.Fl p Ar password 104allows the user to specify the 105.Em S/Key 106password on the command line. 107.Pp 108To output the S/Key list in hexadecimal instead of words, 109use the 110.Fl x 111option. 112.Sh EXAMPLES 113Initialize generation of one time passwords: 114.Bd -literal -offset indent 115host% skeyinit 116Password: \*[Lt]normal login password\*[Gt] 117[Adding username] 118Enter secret password: \*[Lt]new secret password\*[Gt] 119Again secret password: \*[Lt]new secret password again\*[Gt] 120ID username s/key is 99 host12345 121Next login password: SOME SIX WORDS THAT WERE COMPUTED 122.Ed 123.Pp 124Produce a list of one time passwords to take with to a conference: 125.Bd -literal -offset indent 126host% skey -n 3 99 host12345 127Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt] 12897: NOSE FOOT RUSH FEAR GREY JUST 12998: YAWN LEO DEED BIND WACK BRAE 13099: SOME SIX WORDS THAT WERE COMPUTED 131.Ed 132.Pp 133Logging in to a host where 134.Nm 135is installed: 136.Bd -literal -offset indent 137host% telnet host 138 139login: \*[Lt]username\*[Gt] 140Password [s/key 97 host12345]: 141.Ed 142.Pp 143Note that the user can use either his/her 144.Em S/Key 145password at the prompt but also the normal one unless the 146.Fl s 147flag is given to 148.Xr login 1 . 149.Sh SEE ALSO 150.Xr login 1 , 151.Xr skeyaudit 1 , 152.Xr skeyinfo 1 , 153.Xr skeyinit 1 , 154.Xr ftpd 8 155.Pp 156.Em RFC 2289 157.Sh TRADEMARKS AND PATENTS 158.Em S/Key 159is a trademark of 160.Tn Bellcore . 161.Sh AUTHORS 162.An Phil Karn 163.An Neil M. Haller 164.An John S. Walden 165.An Scott Chasin 166