👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for skey (netbsd section 1)

SKEY(1) 			   BSD General Commands Manual				  SKEY(1)

NAME
     skey -- respond to an OTP challenge

SYNOPSIS
     skey [-n count] [-p password] [-t hash] [-x] sequence# [/] key

DESCRIPTION
     S/Key is a One Time Password (OTP) authentication system.	It is intended to be used when
     the communication channel between a user and host is not secure (e.g. not encrypted or hard-
     wired).  Since each password is used only once, even if it is "seen" by a hostile third
     party, it cannot be used again to gain access to the host.

     S/Key uses 64 bits of information, transformed by the MD4 algorithm into 6 English words.
     The user supplies the words to authenticate himself to programs like login(1) or ftpd(8).

     Example use of the S/Key program skey:

	   % skey  99  th91334
	   Enter password: <your secret password is entered here>
	   OMEN US HORN OMIT BACK AHOY
	   %

     The string that is given back by skey can then be used to log into a system.

     The programs that are part of the S/Key system are:

     skeyinit(1)   used to set up your S/Key.

     skey	   used to get the one time password(s).

     skeyinfo(1)   used to initialize the S/Key database for the specified user.  It also tells
		   the user what the next challenge will be.

     skeyaudit(1)  used to inform users that they will soon have to rerun skeyinit(1).

     When you run skeyinit(1) you inform the system of your secret password.  Running skey then
     generates the one-time password(s), after requiring your secret password.	If however, you
     misspell your secret password that you have given to skeyinit(1) while running skey you will
     get a list of passwords that will not work, and no indication about the problem.

     Password sequence numbers count backward from 99.	You can enter the passwords using small
     letters, even though skey prints them capitalized.

     The -n count argument asks for count password sequences to be printed out ending with the
     requested sequence number.

     The hash algorithm is selected using the -t hash option, possible choices here are md4, md5
     or sha1.

     The -p password allows the user to specify the S/Key password on the command line.

     To output the S/Key list in hexadecimal instead of words, use the -x option.

EXAMPLES
     Initialize generation of one time passwords:

	   host% skeyinit
	   Password: <normal login password>
	   [Adding username]
	   Enter secret password: <new secret password>
	   Again secret password: <new secret password again>
	   ID username s/key is 99 host12345
	   Next login password: SOME SIX WORDS THAT WERE COMPUTED

     Produce a list of one time passwords to take with to a conference:

	   host% skey -n 3 99 host12345
	   Enter secret password: <secret password as used with skeyinit>
	   97: NOSE FOOT RUSH FEAR GREY JUST
	   98: YAWN LEO DEED BIND WACK BRAE
	   99: SOME SIX WORDS THAT WERE COMPUTED

     Logging in to a host where skey is installed:

	   host% telnet host

	   login: <username>
	   Password [s/key 97 host12345]:

     Note that the user can use either his/her S/Key password at the prompt but also the normal
     one unless the -s flag is given to login(1).

SEE ALSO
     login(1), skeyaudit(1), skeyinfo(1), skeyinit(1), ftpd(8)

     RFC 2289

TRADEMARKS AND PATENTS
     S/Key is a trademark of Bellcore.

AUTHORS
     Phil Karn
     Neil M. Haller
     John S. Walden
     Scott Chasin

BSD					  July 25, 2001 				      BSD


All times are GMT -4. The time now is 11:45 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password