NetBSD/usr.bin/skey/skey.1

166 lines
3.6 KiB
Groff
Raw Normal View History

.\" $NetBSD: skey.1,v 1.18 2002/02/08 01:36:32 ross Exp $
1996-09-19 23:39:36 +04:00
.\"
.\" from: @(#)skey.1 1.1 10/28/93
1994-05-24 10:47:42 +04:00
.\"
.Dd July 25, 2001
1994-05-24 10:47:42 +04:00
.Dt SKEY 1
.Os
1994-05-24 10:47:42 +04:00
.Sh NAME
.Nm skey
.Nd respond to an OTP challenge
.Sh SYNOPSIS
.Nm
.Op Fl n Ar count
.Op Fl p Ar password
.Op Fl t Ar hash
.Op Fl x
.Ar sequence#
.Op /
.Ar key
1994-05-24 10:47:42 +04:00
.Sh DESCRIPTION
1998-08-05 03:17:49 +04:00
.Em S/Key
is a One Time Password (OTP) authentication system.
It is intended to be used when the communication channel between
a user and host is not secure (e.g. not encrypted or hardwired).
Since each password is used only once, even if it is "seen" by a
hostile third party, it cannot be used again to gain access to the host.
.Pp
.Em S/Key
uses 64 bits of information, transformed by the
.Tn MD4
algorithm into 6 English words.
The user supplies the words to authenticate himself to programs like
.Xr login 1
or
.Xr ftpd 8 .
.Pp
Example use of the
1998-08-05 03:17:49 +04:00
.Em S/Key
program
.Nm "" :
1998-08-05 03:17:49 +04:00
.Bd -literal -offset indent
% skey 99 th91334
Enter password: \*[Lt]your secret password is entered here\*[Gt]
1998-08-05 03:17:49 +04:00
OMEN US HORN OMIT BACK AHOY
%
.Ed
.Pp
The string that is given back by
.Nm
can then be used to log into a system.
1994-05-24 10:47:42 +04:00
.Pp
The programs that are part of the
.Em S/Key
system are:
2001-12-08 22:15:32 +03:00
.Bl -tag -width skeyauditxxx
1994-05-24 11:08:43 +04:00
.It Xr skeyinit 1
1998-08-05 03:17:49 +04:00
used to setup your
.Em S/Key .
.It Nm
1998-08-05 03:17:49 +04:00
used to get the one time password(s).
1994-06-24 12:06:23 +04:00
.It Xr skeyinfo 1
1998-08-05 03:17:49 +04:00
used to initialize the
.Em S/Key
database for the specified user.
It also tells the user what the next challenge will be.
.It Xr skeyaudit 1
used to inform users that they will soon have to rerun
.Xr skeyinit 1 .
1994-05-24 11:08:43 +04:00
.El
1994-05-24 10:47:42 +04:00
.Pp
1994-05-24 11:08:43 +04:00
When you run
.Xr skeyinit 1
you inform the system of your
1998-08-05 03:17:49 +04:00
secret password.
Running
.Nm
1994-05-24 11:08:43 +04:00
then generates the
1998-08-05 03:17:49 +04:00
one-time password(s), after requiring your secret password.
If however, you misspell your secret password that you have given to
.Xr skeyinit 1
1994-05-24 11:08:43 +04:00
while running
1998-08-05 03:17:49 +04:00
.Xr skey 1
1994-05-24 11:08:43 +04:00
you will get a list of passwords
1994-05-24 10:47:42 +04:00
that will not work, and no indication about the problem.
.Pp
1994-05-24 11:08:43 +04:00
Password sequence numbers count backward from 99.
You can enter the passwords using small letters, even though
.Xr skey 1
prints them capitalized.
.Pp
The
.Fl n Ar count
1998-08-05 03:17:49 +04:00
argument asks for
.Ar count
password sequences to be printed out ending with the requested
sequence number.
.Pp
The hash algorithm is selected using the
.Fl t Ar hash
option, possible choices here are md4, md5 or sha1.
.Pp
The
.Fl p Ar password
1998-08-05 03:17:49 +04:00
allows the user to specify the
.Em S/Key
password on the command line.
.Pp
To output the S/Key list in hexadecimal instead of words,
use the
.Fl x
option.
2001-12-08 22:15:32 +03:00
.Sh EXAMPLES
1998-08-05 03:17:49 +04:00
Initialize generation of one time passwords:
.Bd -literal -offset indent
1998-08-11 13:07:15 +04:00
host% skeyinit
Password: \*[Lt]normal login password\*[Gt]
1998-08-05 03:17:49 +04:00
[Adding username]
Enter secret password: \*[Lt]new secret password\*[Gt]
Again secret password: \*[Lt]new secret password again\*[Gt]
1998-08-05 03:17:49 +04:00
ID username s/key is 99 host12345
Next login password: SOME SIX WORDS THAT WERE COMPUTED
.Ed
.Pp
Produce a list of one time passwords to take with to a conference:
.Bd -literal -offset indent
host% skey -n 3 99 host12345
Enter secret password: \*[Lt]secret password as used with skeyinit\*[Gt]
1998-08-05 03:17:49 +04:00
97: NOSE FOOT RUSH FEAR GREY JUST
98: YAWN LEO DEED BIND WACK BRAE
99: SOME SIX WORDS THAT WERE COMPUTED
.Ed
.Pp
Logging in to a host where
.Nm
is installed:
.Bd -literal -offset indent
host% telnet host
login: \*[Lt]username\*[Gt]
1998-08-05 03:17:49 +04:00
Password [s/key 97 host12345]:
.Ed
.Pp
Note that the user can use either his/her
.Em S/Key
password at the prompt but also the normal one unless the
.Fl s
flag is given to
.Xr login 1 .
1994-05-24 10:47:42 +04:00
.Sh SEE ALSO
2001-12-08 22:15:32 +03:00
.Xr login 1 ,
1997-10-20 03:22:17 +04:00
.Xr skeyaudit 1 ,
.Xr skeyinfo 1 ,
1998-07-29 11:43:21 +04:00
.Xr skeyinit 1 ,
.Xr ftpd 8
.Pp
.Em RFC2289
1998-07-29 11:43:21 +04:00
.Sh TRADEMARKS AND PATENTS
1998-08-05 03:17:49 +04:00
.Em S/Key
is a trademark of
.Tn Bellcore .
1994-05-24 10:47:42 +04:00
.Sh AUTHORS
1998-08-05 03:17:49 +04:00
Phil Karn,
Neil M. Haller,
John S. Walden,
Scott Chasin