2005-09-12 03:25:32 +04:00
|
|
|
.\" $NetBSD: skey.1,v 1.22 2005/09/11 23:25:32 wiz Exp $
|
1996-09-19 23:39:36 +04:00
|
|
|
.\"
|
|
|
|
.\" from: @(#)skey.1 1.1 10/28/93
|
1994-05-24 10:47:42 +04:00
|
|
|
.\"
|
2001-07-25 03:53:25 +04:00
|
|
|
.Dd July 25, 2001
|
1994-05-24 10:47:42 +04:00
|
|
|
.Dt SKEY 1
|
1999-03-22 21:16:34 +03:00
|
|
|
.Os
|
1994-05-24 10:47:42 +04:00
|
|
|
.Sh NAME
|
1997-07-17 21:08:34 +04:00
|
|
|
.Nm skey
|
2000-07-07 19:18:14 +04:00
|
|
|
.Nd respond to an OTP challenge
|
1997-10-20 03:20:15 +04:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm
|
1997-07-17 21:08:34 +04:00
|
|
|
.Op Fl n Ar count
|
|
|
|
.Op Fl p Ar password
|
2000-07-07 19:18:14 +04:00
|
|
|
.Op Fl t Ar hash
|
|
|
|
.Op Fl x
|
1997-07-17 21:08:34 +04:00
|
|
|
.Ar sequence#
|
|
|
|
.Op /
|
|
|
|
.Ar key
|
1994-05-24 10:47:42 +04:00
|
|
|
.Sh DESCRIPTION
|
1998-08-05 03:17:49 +04:00
|
|
|
.Em S/Key
|
|
|
|
is a One Time Password (OTP) authentication system.
|
|
|
|
It is intended to be used when the communication channel between
|
|
|
|
a user and host is not secure (e.g. not encrypted or hardwired).
|
|
|
|
Since each password is used only once, even if it is "seen" by a
|
|
|
|
hostile third party, it cannot be used again to gain access to the host.
|
|
|
|
.Pp
|
|
|
|
.Em S/Key
|
|
|
|
uses 64 bits of information, transformed by the
|
|
|
|
.Tn MD4
|
|
|
|
algorithm into 6 English words.
|
|
|
|
The user supplies the words to authenticate himself to programs like
|
|
|
|
.Xr login 1
|
|
|
|
or
|
|
|
|
.Xr ftpd 8 .
|
|
|
|
.Pp
|
1997-10-20 03:20:15 +04:00
|
|
|
Example use of the
|
1998-08-05 03:17:49 +04:00
|
|
|
.Em S/Key
|
1997-10-20 03:20:15 +04:00
|
|
|
program
|
2003-02-25 13:34:36 +03:00
|
|
|
.Nm :
|
1998-08-05 03:17:49 +04:00
|
|
|
.Bd -literal -offset indent
|
|
|
|
% skey 99 th91334
|
2002-02-08 04:36:18 +03:00
|
|
|
Enter password: \*[Lt]your secret password is entered here\*[Gt]
|
1998-08-05 03:17:49 +04:00
|
|
|
OMEN US HORN OMIT BACK AHOY
|
|
|
|
%
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
The string that is given back by
|
|
|
|
.Nm
|
|
|
|
can then be used to log into a system.
|
1994-05-24 10:47:42 +04:00
|
|
|
.Pp
|
1997-10-20 03:20:15 +04:00
|
|
|
The programs that are part of the
|
|
|
|
.Em S/Key
|
|
|
|
system are:
|
2001-12-08 22:15:32 +03:00
|
|
|
.Bl -tag -width skeyauditxxx
|
1994-05-24 11:08:43 +04:00
|
|
|
.It Xr skeyinit 1
|
2003-05-14 16:22:56 +04:00
|
|
|
used to set up your
|
1998-08-05 03:17:49 +04:00
|
|
|
.Em S/Key .
|
1997-10-20 03:20:15 +04:00
|
|
|
.It Nm
|
1998-08-05 03:17:49 +04:00
|
|
|
used to get the one time password(s).
|
1994-06-24 12:06:23 +04:00
|
|
|
.It Xr skeyinfo 1
|
1998-08-05 03:17:49 +04:00
|
|
|
used to initialize the
|
|
|
|
.Em S/Key
|
|
|
|
database for the specified user.
|
|
|
|
It also tells the user what the next challenge will be.
|
|
|
|
.It Xr skeyaudit 1
|
|
|
|
used to inform users that they will soon have to rerun
|
|
|
|
.Xr skeyinit 1 .
|
1994-05-24 11:08:43 +04:00
|
|
|
.El
|
1994-05-24 10:47:42 +04:00
|
|
|
.Pp
|
1994-05-24 11:08:43 +04:00
|
|
|
When you run
|
|
|
|
.Xr skeyinit 1
|
|
|
|
you inform the system of your
|
1998-08-05 03:17:49 +04:00
|
|
|
secret password.
|
|
|
|
Running
|
|
|
|
.Nm
|
1994-05-24 11:08:43 +04:00
|
|
|
then generates the
|
1998-08-05 03:17:49 +04:00
|
|
|
one-time password(s), after requiring your secret password.
|
|
|
|
If however, you misspell your secret password that you have given to
|
|
|
|
.Xr skeyinit 1
|
1994-05-24 11:08:43 +04:00
|
|
|
while running
|
2005-09-12 03:25:32 +04:00
|
|
|
.Nm
|
1994-05-24 11:08:43 +04:00
|
|
|
you will get a list of passwords
|
1994-05-24 10:47:42 +04:00
|
|
|
that will not work, and no indication about the problem.
|
|
|
|
.Pp
|
1994-05-24 11:08:43 +04:00
|
|
|
Password sequence numbers count backward from 99.
|
|
|
|
You can enter the passwords using small letters, even though
|
2005-09-12 03:25:32 +04:00
|
|
|
.Nm
|
1994-05-24 11:08:43 +04:00
|
|
|
prints them capitalized.
|
1997-07-17 21:08:34 +04:00
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fl n Ar count
|
1998-08-05 03:17:49 +04:00
|
|
|
argument asks for
|
1997-07-17 21:08:34 +04:00
|
|
|
.Ar count
|
|
|
|
password sequences to be printed out ending with the requested
|
|
|
|
sequence number.
|
|
|
|
.Pp
|
2000-07-07 19:18:14 +04:00
|
|
|
The hash algorithm is selected using the
|
|
|
|
.Fl t Ar hash
|
|
|
|
option, possible choices here are md4, md5 or sha1.
|
|
|
|
.Pp
|
1997-07-17 21:08:34 +04:00
|
|
|
The
|
|
|
|
.Fl p Ar password
|
1998-08-05 03:17:49 +04:00
|
|
|
allows the user to specify the
|
|
|
|
.Em S/Key
|
1997-07-17 21:08:34 +04:00
|
|
|
password on the command line.
|
2000-09-14 23:18:24 +04:00
|
|
|
.Pp
|
|
|
|
To output the S/Key list in hexadecimal instead of words,
|
2000-07-07 19:18:14 +04:00
|
|
|
use the
|
|
|
|
.Fl x
|
|
|
|
option.
|
2001-12-08 22:15:32 +03:00
|
|
|
.Sh EXAMPLES
|
1998-08-05 03:17:49 +04:00
|
|
|
Initialize generation of one time passwords:
|
|
|
|
.Bd -literal -offset indent
|
1998-08-11 13:07:15 +04:00
|
|
|
host% skeyinit
|
2002-02-08 04:36:18 +03:00
|
|
|
Password: \*[Lt]normal login password\*[Gt]
|
1998-08-05 03:17:49 +04:00
|
|
|
[Adding username]
|
2002-02-08 04:36:18 +03:00
|
|
|
Enter secret password: \*[Lt]new secret password\*[Gt]
|
|
|
|
Again secret password: \*[Lt]new secret password again\*[Gt]
|
1998-08-05 03:17:49 +04:00
|
|
|
ID username s/key is 99 host12345
|
|
|
|
Next login password: SOME SIX WORDS THAT WERE COMPUTED
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
Produce a list of one time passwords to take with to a conference:
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
host% skey -n 3 99 host12345
|
2002-02-08 04:36:18 +03:00
|
|
|
Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
|
1998-08-05 03:17:49 +04:00
|
|
|
97: NOSE FOOT RUSH FEAR GREY JUST
|
|
|
|
98: YAWN LEO DEED BIND WACK BRAE
|
|
|
|
99: SOME SIX WORDS THAT WERE COMPUTED
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
Logging in to a host where
|
|
|
|
.Nm
|
|
|
|
is installed:
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
host% telnet host
|
|
|
|
|
2002-02-08 04:36:18 +03:00
|
|
|
login: \*[Lt]username\*[Gt]
|
1998-08-05 03:17:49 +04:00
|
|
|
Password [s/key 97 host12345]:
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
Note that the user can use either his/her
|
|
|
|
.Em S/Key
|
|
|
|
password at the prompt but also the normal one unless the
|
|
|
|
.Fl s
|
|
|
|
flag is given to
|
|
|
|
.Xr login 1 .
|
1994-05-24 10:47:42 +04:00
|
|
|
.Sh SEE ALSO
|
2001-12-08 22:15:32 +03:00
|
|
|
.Xr login 1 ,
|
1997-10-20 03:22:17 +04:00
|
|
|
.Xr skeyaudit 1 ,
|
|
|
|
.Xr skeyinfo 1 ,
|
1998-07-29 11:43:21 +04:00
|
|
|
.Xr skeyinit 1 ,
|
|
|
|
.Xr ftpd 8
|
2000-07-07 19:18:14 +04:00
|
|
|
.Pp
|
2003-09-07 20:22:20 +04:00
|
|
|
.Em RFC 2289
|
1998-07-29 11:43:21 +04:00
|
|
|
.Sh TRADEMARKS AND PATENTS
|
1998-08-05 03:17:49 +04:00
|
|
|
.Em S/Key
|
|
|
|
is a trademark of
|
|
|
|
.Tn Bellcore .
|
1994-05-24 10:47:42 +04:00
|
|
|
.Sh AUTHORS
|
2005-09-12 03:25:32 +04:00
|
|
|
.An Phil Karn
|
|
|
|
.An Neil M. Haller
|
|
|
|
.An John S. Walden
|
|
|
|
.An Scott Chasin
|