SKEY(1) | General Commands Manual | SKEY(1) |
skey
, otp-md5
,
otp-rmd160
, otp-sha1
— respond to an OTP challenge
skey |
[-x ] [-md5 |
-rmd160 | -sha1 ]
[-n count]
[-p passphrase]
⟨sequence#⟩ [/]
key |
S/Key
is a procedure for using one-time
passwords to authenticate access to computer systems. It uses 64 bits of
information transformed by the MD5, RIPEMD-160, or SHA1 algorithms. The user
supplies the 64 bits in the form of 6 English words that are generated by a
secure computer. This implementation of S/Key
is RFC
2289 compliant.
Before using skey
the system needs to be
initialized using
skeyinit(1); this will
establish a secret passphrase. After that, one-time passwords can be
generated using skey
, which will prompt for the
secret passphrase. After a one-time password has been used to log in, it can
no longer be used.
When skey
is invoked as
otp-method
, skey
will use
method as the hash function where
method is currently one of md5, rmd160, or sha1.
If you misspell your secret passphrase while running
skey
, you will get a list of one-time passwords that
will not work, and no indication of the problem.
Password sequence numbers count backwards. You can enter the
passwords using small letters, even though skey
prints them capitalized.
The options are as follows:
-md5
|
-rmd160
|
-sha1
-n
count-p
passphrase-x
$ skey 99 th91334 Enter secret passphrase: <your secret passphrase is entered here> OMEN US HORN OMIT BACK AHOY $
login(1), skeyaudit(1), skeyinfo(1), skeyinit(1), skey(5), skeyprune(8)
N. Haller, C. Metz, P. Nesser, and M. Straw, A One-Time Password System, RFC 2289, February 1998.
S/Key is a Trademark of Bellcore.
Phil Karn
Neil M. Haller
John S. Walden
Scott Chasin
October 9, 2015 | OpenBSD-7.0 |