1.\" $OpenBSD: skey.1,v 1.32 2007/05/31 19:20:16 jmc Exp $ 2.\" @(#)skey.1 1.1 10/28/93 3.\" 4.Dd $Mdocdate: May 31 2007 $ 5.Dt SKEY 1 6.Os 7.Sh NAME 8.Nm skey , otp-md4 , otp-md5 , otp-rmd160 , otp-sha1 9.Nd respond to an OTP challenge 10.Sh SYNOPSIS 11.Nm skey 12.Op Fl x 13.Oo 14.Fl md4 | md5 | rmd160 | sha1 15.Oc 16.Op Fl n Ar count 17.Op Fl p Ar passphrase 18.Ao Ar sequence# Ac Op / 19.Ar key 20.Sh DESCRIPTION 21.Nm S/Key 22is a procedure for using one-time passwords to authenticate access to 23computer systems. 24It uses 64 bits of information transformed by the 25MD4, MD5, RIPEMD-160, or SHA1 algorithms. 26The user supplies the 64 bits 27in the form of 6 English words that are generated by a secure computer. 28This implementation of 29.Nm S/Key 30is RFC 2289 compliant. 31.Pp 32Before using 33.Nm skey 34the system needs to be initialized using 35.Xr skeyinit 1 ; 36this will establish a secret passphrase. 37After that, one-time passwords can be generated using 38.Nm skey , 39which will prompt for the secret passphrase. 40After a one-time password has been used to log in, it can no longer be used. 41.Pp 42When 43.Nm skey 44is invoked as 45.Nm otp-method , 46.Nm skey 47will use 48.Ar method 49as the hash function where 50.Ar method 51is currently one of md4, md5, rmd160, or sha1. 52.Pp 53If you misspell your secret passphrase while running 54.Nm skey , 55you will get a list of one-time passwords 56that will not work, and no indication of the problem. 57.Pp 58Password sequence numbers count backwards. 59You can enter the passwords using small letters, even though 60.Nm skey 61prints them capitalized. 62.Pp 63The options are as follows: 64.Bl -tag -width Ds 65.It Fl md4 | md5 | rmd160 | sha1 66Selects the hash algorithm: 67MD4, MD5, RMD-160 (160-bit Ripe Message Digest), 68or SHA1 (NIST Secure Hash Algorithm Revision 1). 69.It Fl n Ar count 70Prints out 71.Ar count 72one-time passwords. 73The default is to print one. 74.It Fl p Ar passphrase 75Uses 76.Ar passphrase 77as the secret passphrase. 78Use of this option is discouraged as 79your secret passphrase could be visible in a process listing. 80.It Fl x 81Causes output to be in hexadecimal instead of ASCII. 82.El 83.Sh EXAMPLES 84.Bd -literal -offset indent 85$ skey 99 th91334 86Reminder - Do not use this program while logged in via telnet. 87Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt 88OMEN US HORN OMIT BACK AHOY 89$ 90.Ed 91.Sh SEE ALSO 92.Xr login 1 , 93.Xr skeyaudit 1 , 94.Xr skeyinfo 1 , 95.Xr skeyinit 1 , 96.Xr skey 5 , 97.Xr skeyprune 8 98.Rs 99.%R RFC 2289 100.%T "A One-Time Password System" 101.%D 1998 102.Re 103.Sh TRADEMARKS AND PATENTS 104S/Key is a Trademark of Bellcore. 105.Sh AUTHORS 106Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin 107