SKEYINIT(1) BSD General Commands Manual SKEYINIT(1)NAME
skeyinit -- change password or add user to S/Key authentication system
SYNOPSIS
skeyinit [-sxz] [-k passphrase] [-n count] [-p password] [-t hash] [user]
DESCRIPTION
skeyinit initializes the system so you can use S/Key one-time passwords to login. The program will ask you to enter a secret pass phrase;
enter a phrase of several words in response. After the S/Key database has been updated you can login using either your regular password or
using S/Key one-time passwords.
skeyinit requires you to type a secret password, so it should be used only on a secure terminal.
OPTIONS -k passphrase
Use pass phrase passphrase instead of asking for one to be entered.
-n count
Start the skey(1) sequence at count (default is 100).
-p password
Use password password instead of asking for one to be entered.
-s allows the user to set the seed and count for complete control of the parameters. To do this run skeyinit in one window and put in
your count and seed; then run skey(1) in another window to generate the correct 6 english words for that count and seed. You can
then ``cut-and-paste'' or type the words into the skeyinit window.
-t hash
Selects the hash algorithm to use. Available choices are md4 (the default), md5, or sha1.
-x Displays one-time password in hexadecimal instead of ASCII.
-z Allows the user to zero their S/Key entry.
user The username to be changed/added. By default the current user is operated on, only root may change other user's entries.
FILES
/etc/skeykeys database of information for the S/Key system.
SEE ALSO skey(1), skeyaudit(1), skeyinfo(1)AUTHORS
Phil Karn
Neil M. Haller
John S. Walden
Scott Chasin
BSD September 19, 2005 BSD
Check Out this Related Man Page
OPIEKEY(1) General Commands Manual OPIEKEY(1)NAME
opiekey, otp-md4, otp-md5 - Programs for computing responses to OTP challenges.
SYNOPSIS
opiekey | otp-md4 | otp-md5 [-v] [-h] [-f] [-x]
[-t type ] [-4|-5] [-a] [-n count ] sequence_number seed
DESCRIPTION
opiekey takes the optional count of the number of responses to print along with a (maximum) sequence number and seed as command line args.
It prompts for the user's secret pass phrase and produces an OPIE response as six words. If compiled to do so, it can prompt for the user's
secret pass phrase twice to help reduce errors due to mistypes. The second password entry can be circumvented by entering only an end of
line. opiekey is downward compatible with the key(1) program from the Bellcore S/Key Version 1 distribution and several of its variants.
OPTIONS -v Display the version number and compile-time options, then exit.
-h Display a brief help message and exit.
-4, -5 Selects MD4 or MD5, respectively, as the response generation algorithm. The default for otp-md4 is MD4 and the default for opie-md5
is MD5. The default for opiekey depends on compile-time configuration, but should be MD5. MD4 is compatible with the Bellcore S/Key
Version 1 distribution.
-f Force opiekey to continue, even where it normally shouldn't. This is currently used to force opiekey to operate in even from termi-
nals it believes to be insecure. It can also allow users to disclose their secret pass phrases to attackers. Use of the -f flag
may be disabled by compile-time option in your particular build of OPIE.
-a Allows you to input an arbitrary secret pass phrase, instead of running checks against it. Arbitrary currently does not include '�'
or '
' characters. This can be used for backwards compatibility with key generators that do not check passwords.
-n <count>
the number of one time access passwords to print. The default is one.
-x Output the OTPs as hexadecimal numbers instead of six words.
-t <type>
Generate an extended response of the specified type. Supported types are:
word six-word
hex hexadecimal
init hexadecimal re-initialization
init-word six-word re-initialization
The re-initialization responses always generate the simple active attack protection.
EXAMPLE
wintermute$ opiekey -5 -n 5 495 wi01309
Using MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
491: HOST VET FOWL SEEK IOWA YAP
492: JOB ARTS WERE FEAT TILE IBIS
493: TRUE BRED JOEL USER HALT EBEN
494: HOOD WED MOLT PAN FED RUBY
495: SUB YAW BILE GLEE OWE NOR
wintermute$
BUGS opiekey(1) can lull a user into revealing his/her password when remotely logged in, thus defeating the purpose of OPIE. This is especially
a problem with xterm. opiekey(1) implements simple checks to reduce the risk of a user making this mistake. Better checks are needed.
SEE ALSO ftpd(8), login(1), opie(4), opiepasswd(1), opieinfo(1), opiekeys(5), opieaccess(5), su(1)AUTHOR
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan
McDonald, and Craig Metz.
S/Key is a trademark of Bell Communications Research (Bellcore).
CONTACT
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join, send an email request to:
skey-users-request@thumper.bellcore.com
7th Edition February 20, 1996 OPIEKEY(1)