1.\" $OpenBSD: skey.1,v 1.37 2022/03/31 17:27:27 naddy Exp $ 2.\" @(#)skey.1 1.1 10/28/93 3.\" 4.Dd $Mdocdate: March 31 2022 $ 5.Dt SKEY 1 6.Os 7.Sh NAME 8.Nm skey , otp-md5 , otp-rmd160 , otp-sha1 9.Nd respond to an OTP challenge 10.Sh SYNOPSIS 11.Nm skey 12.Op Fl x 13.Oo 14.Fl md5 | rmd160 | sha1 15.Oc 16.Op Fl n Ar count 17.Op Fl p Ar passphrase 18.Ao Ar sequence# Ac Op / 19.Ar key 20.Sh DESCRIPTION 21.Nm S/Key 22is a procedure for using one-time passwords to authenticate access to 23computer systems. 24It uses 64 bits of information transformed by the 25MD5, RIPEMD-160, or SHA1 algorithms. 26The user supplies the 64 bits 27in the form of 6 English words that are generated by a secure computer. 28This implementation of 29.Nm S/Key 30is RFC 2289 compliant. 31.Pp 32Before using 33.Nm skey , 34the system needs to be initialized using 35.Xr skeyinit 1 ; 36this will establish a secret passphrase. 37After that, one-time passwords can be generated using 38.Nm skey , 39which will prompt for the secret passphrase. 40After a one-time password has been used to log in, it can no longer be used. 41.Pp 42When 43.Nm skey 44is invoked as 45.Nm otp-method , 46.Nm skey 47will use 48.Ar method 49as the hash function where 50.Ar method 51is currently one of md5, rmd160, or sha1. 52.Pp 53If you misspell your secret passphrase while running 54.Nm skey , 55you will get a list of one-time passwords 56that will not work, and no indication of the problem. 57.Pp 58Password sequence numbers count backwards. 59You can enter the passwords using small letters, even though 60.Nm skey 61prints them capitalized. 62.Pp 63The options are as follows: 64.Bl -tag -width Ds 65.It Fl md5 | rmd160 | sha1 66Selects the hash algorithm: 67MD5, RMD-160 (160-bit Ripe Message Digest), 68or SHA1 (NIST Secure Hash Algorithm Revision 1). 69.It Fl n Ar count 70Prints out 71.Ar count 72one-time passwords. 73The default is to print one. 74.It Fl p Ar passphrase 75Uses 76.Ar passphrase 77as the secret passphrase. 78Use of this option is discouraged as 79your secret passphrase could be visible in a process listing. 80.It Fl x 81Causes output to be in hexadecimal instead of ASCII. 82.El 83.Sh EXAMPLES 84.Bd -literal -offset indent 85$ skey 99 th91334 86Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt 87OMEN US HORN OMIT BACK AHOY 88$ 89.Ed 90.Sh SEE ALSO 91.Xr login 1 , 92.Xr skeyaudit 1 , 93.Xr skeyinfo 1 , 94.Xr skeyinit 1 , 95.Xr skey 5 , 96.Xr skeyprune 8 97.Sh STANDARDS 98.Rs 99.%A N. Haller 100.%A C. Metz 101.%A P. Nesser 102.%A M. Straw 103.%D February 1998 104.%R RFC 2289 105.%T A One-Time Password System 106.Re 107.Sh TRADEMARKS AND PATENTS 108S/Key is a Trademark of Bellcore. 109.Sh AUTHORS 110.An Phil Karn 111.An Neil M. Haller 112.An John S. Walden 113.An Scott Chasin 114