from: @(#)skey.1 1.1 10/28/93
.Dd July 25, 2001 .Dt SKEY 1 .Os .Sh NAME .Nm skey .Nd respond to an OTP challenge .Sh SYNOPSIS .Nm .Op Fl n Ar count .Op Fl p Ar password .Op Fl t Ar hash .Op Fl x .Ar sequence# .Op / .Ar key .Sh DESCRIPTION .Em S/Key is a One Time Password (OTP) authentication system. It is intended to be used when the communication channel between a user and host is not secure (e.g. not encrypted or hardwired). Since each password is used only once, even if it is "seen" by a hostile third party, it cannot be used again to gain access to the host.
p .Em S/Key uses 64 bits of information, transformed by the .Tn MD4 algorithm into 6 English words. The user supplies the words to authenticate himself to programs like .Xr login 1 or .Xr ftpd 8 .
p Example use of the .Em S/Key program .Nm : d -literal -offset indent % skey 99 th91334 Enter password: <your secret password is entered here> OMEN US HORN OMIT BACK AHOY % .Ed
p The string that is given back by .Nm can then be used to log into a system.
p The programs that are part of the .Em S/Key system are: l -tag -width skeyauditxxx t Xr skeyinit 1 used to set up your .Em S/Key . t Nm used to get the one time password(s). t Xr skeyinfo 1 used to initialize the .Em S/Key database for the specified user. It also tells the user what the next challenge will be. t Xr skeyaudit 1 used to inform users that they will soon have to rerun .Xr skeyinit 1 . .El
p When you run .Xr skeyinit 1 you inform the system of your secret password. Running .Nm then generates the one-time password(s), after requiring your secret password. If however, you misspell your secret password that you have given to .Xr skeyinit 1 while running .Nm you will get a list of passwords that will not work, and no indication about the problem.
p Password sequence numbers count backward from 99. You can enter the passwords using small letters, even though .Nm prints them capitalized.
p The .Fl n Ar count argument asks for .Ar count password sequences to be printed out ending with the requested sequence number.
p The hash algorithm is selected using the .Fl t Ar hash option, possible choices here are md4, md5 or sha1.
p The .Fl p Ar password allows the user to specify the .Em S/Key password on the command line.
p To output the S/Key list in hexadecimal in addition to words, use the .Fl x option. .Sh EXAMPLES Initialize generation of one time passwords: d -literal -offset indent host% skeyinit Password: <normal login password> [Adding username] Enter secret password: <new secret password> Again secret password: <new secret password again> ID username s/key is 99 host12345 Next login password: SOME SIX WORDS THAT WERE COMPUTED .Ed
p Produce a list of one time passwords to take with to a conference: d -literal -offset indent host% skey -n 3 99 host12345 Enter secret password: <secret password as used with skeyinit> 97: NOSE FOOT RUSH FEAR GREY JUST 98: YAWN LEO DEED BIND WACK BRAE 99: SOME SIX WORDS THAT WERE COMPUTED .Ed
p Logging in to a host where .Nm is installed: d -literal -offset indent host% telnet host login: <username> Password [s/key 97 host12345]: .Ed
p Note that the user can use either his/her .Em S/Key password at the prompt but also the normal one unless the .Fl s flag is given to .Xr login 1 . .Sh SEE ALSO .Xr login 1 , .Xr skeyaudit 1 , .Xr skeyinfo 1 , .Xr skeyinit 1 , .Xr ftpd 8
p .Em RFC 2289 .Sh TRADEMARKS AND PATENTS .Em S/Key is a trademark of .Tn Bellcore . .Sh AUTHORS .An Phil Karn .An Neil M. Haller .An John S. Walden .An Scott Chasin
Indexes created Wed Sep 24 05:09:52 GMT 2025