| SKEY(1) |
AerieBSD 1.0 Refernce Manual |
SKEY(1) |
NAME
skey —
respond to an OTP challenge
SYNOPSIS
skey
[-x]
.Oo
-md4 | md5 | rmd160 | sha1
.Oc
[-n count]
[-p passphrase]
‹sequence#›[/]
key
DESCRIPTION
S/Key
is a procedure for using one-time passwords to authenticate access to
computer systems.
It uses 64 bits of information transformed by the
MD4, MD5, RIPEMD-160, or SHA1 algorithms.
The user supplies the 64 bits
in the form of 6 English words that are generated by a secure computer.
This implementation of
S/Key
is RFC 2289 compliant.
Before using
skey
the system needs to be initialized using
skeyinit(1);
this will establish a secret passphrase.
After that, one-time passwords can be generated using
skey,
which will prompt for the secret passphrase.
After a one-time password has been used to log in, it can no longer be used.
When
skey
is invoked as
otp-method,
skey
will use
method
as the hash function where
method
is currently one of md4, md5, rmd160, or sha1.
If you misspell your secret passphrase while running
skey,
you will get a list of one-time passwords
that will not work, and no indication of the problem.
Password sequence numbers count backwards.
You can enter the passwords using small letters, even though
skey
prints them capitalized.
The options are as follows:
- -md4 | md5 | rmd160 | sha1
-
Selects the hash algorithm:
MD4, MD5, RMD-160 (160-bit Ripe Message Digest),
or SHA1 (NIST Secure Hash Algorithm Revision 1).
- -n count
-
Prints out
count
one-time passwords.
The default is to print one.
- -p passphrase
-
Uses
passphrase
as the secret passphrase.
Use of this option is discouraged as
your secret passphrase could be visible in a process listing.
- -x
-
Causes output to be in hexadecimal instead of ASCII.
EXAMPLES
$ skey 99 th91334
Reminder - Do not use this program while logged in via telnet.
Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt
OMEN US HORN OMIT BACK AHOY
$
SEE ALSO
login(1),
skeyaudit(1),
skeyinfo(1),
skeyinit(1),
skey(5),
skeyprune(8)
.Rs
.%R RFC 2289
.%T "A One-Time Password System"
.%D 1998
.Re
TRADEMARKS AND PATENTS
S/Key is a Trademark of Bellcore.
AUTHORS
Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
| AerieBSD 1.0 Reference Manual |
August 26 2008 |
SKEY(1) |