p .Em S/Key uses 64 bits of information, transformed by the .Tn MD4 algorithm into 6 English words. The user supplies the words to authenticate himself to programs like .Xr login 1 or .Xr ftpd 8 .
p Example use of the .Em S/Key program .Nm "" : d -literal -offset indent % skey 99 th91334 Enter password: <your secret password is entered here> OMEN US HORN OMIT BACK AHOY % .Ed
p The string that is given back by .Nm can then be used to log into a system.
p The programs that are part of the .Em S/Key system are: l -tag -width skeyauditxxx t Xr skeyinit 1 used to setup your .Em S/Key . t Nm used to get the one time password(s). t Xr skeyinfo 1 used to initialize the .Em S/Key database for the specified user. It also tells the user what the next challenge will be. t Xr skeyaudit 1 used to inform users that they will soon have to rerun .Xr skeyinit 1 . .El
p When you run .Xr skeyinit 1 you inform the system of your secret password. Running .Nm then generates the one-time password(s), after requiring your secret password. If however, you misspell your secret password that you have given to .Xr skeyinit 1 while running .Xr skey 1 you will get a list of passwords that will not work, and no indication about the problem.
p Password sequence numbers count backward from 99. You can enter the passwords using small letters, even though .Xr skey 1 prints them capitalized.
p The .Fl n Ar count argument asks for .Ar count password sequences to be printed out ending with the requested sequence number.
p The hash algorithm is selected using the .Fl t Ar hash option, possible choices here are md4, md5 or sha1.
p The .Fl p Ar password allows the user to specify the .Em S/Key password on the command line.
p To output the S/Key list in hexadecimal instead of words, use the .Fl x option. .Sh EXAMPLES Initialize generation of one time passwords: d -literal -offset indent host% skeyinit Password: <normal login password> [Adding username] Enter secret password: <new secret password> Again secret password: <new secret password again> ID username s/key is 99 host12345 Next login password: SOME SIX WORDS THAT WERE COMPUTED .Ed
p Produce a list of one time passwords to take with to a conference: d -literal -offset indent host% skey -n 3 99 host12345 Enter secret password: <secret password as used with skeyinit> 97: NOSE FOOT RUSH FEAR GREY JUST 98: YAWN LEO DEED BIND WACK BRAE 99: SOME SIX WORDS THAT WERE COMPUTED .Ed
p Logging in to a host where .Nm is installed: d -literal -offset indent host% telnet host login: <username> Password [s/key 97 host12345]: .Ed
p Note that the user can use either his/her .Em S/Key password at the prompt but also the normal one unless the .Fl s flag is given to .Xr login 1 . .Sh SEE ALSO .Xr login 1 , .Xr skeyaudit 1 , .Xr skeyinfo 1 , .Xr skeyinit 1 , .Xr ftpd 8
p .Em RFC2289 .Sh TRADEMARKS AND PATENTS .Em S/Key is a trademark of .Tn Bellcore . .Sh AUTHORS Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin