Annotation of src/usr.bin/skey/skey.1, Revision 1.24
1.24 ! otto 1: .\" $OpenBSD: skey.1,v 1.23 2003/08/08 10:13:33 jmc Exp $
1.1 deraadt 2: .\" @(#)skey.1 1.1 10/28/93
3: .\"
1.17 millert 4: .Dd October 28, 1993
1.1 deraadt 5: .Dt SKEY 1
1.6 michaels 6: .Os
1.1 deraadt 7: .Sh NAME
1.9 millert 8: .Nm skey, otp-md4, otp-md5, otp-sha1, otp-rmd160
1.13 aaron 9: .Nd respond to an OTP challenge
1.4 millert 10: .Sh SYNOPSIS
11: .Nm skey
12: .Op Fl x
1.16 aaron 13: .Oo
14: .Fl md4 | Fl md5 | Fl sha1 |
15: .Fl rmd160
16: .Oc
1.7 millert 17: .Op Fl n Ar count
1.24 ! otto 18: .Op Fl p Ar passphrase
1.4 millert 19: <sequence#>[/] key
1.1 deraadt 20: .Sh DESCRIPTION
1.22 millert 21: .Nm S/Key
1.12 aaron 22: is a procedure for using one-time passwords to authenticate access to
1.20 aaron 23: computer systems.
24: It uses 64 bits of information transformed by the
25: MD4, MD5, SHA1, or RIPEMD-160 algorithms.
26: The user supplies the 64 bits
1.17 millert 27: in the form of 6 English words that are generated by a secure computer.
28: This implementation of
1.22 millert 29: .Nm S/Key
30: is RFC 2289 compliant.
1.5 millert 31: .Pp
1.24 ! otto 32: Before using
! 33: .Nm skey
! 34: the system needs to be initialized using
! 35: .Xr skeyinit 1 ;
! 36: this will establish a secret passphrase.
! 37: After that, one-time passwords can be generated using
! 38: .Nm skey ,
! 39: which will prompt for the secret passphrase.
! 40: After a one-time password has been used to log in, it can no longer be used.
! 41: .Pp
1.5 millert 42: When
43: .Nm skey
1.15 aaron 44: is invoked as
1.5 millert 45: .Nm otp-method ,
46: .Nm skey
47: will use
48: .Ar method
49: as the hash function where
50: .Ar method
1.9 millert 51: is currently one of md4, md5, sha1, or rmd160.
1.5 millert 52: .Pp
1.24 ! otto 53: If you misspell your secret passphrase while running
1.5 millert 54: .Nm skey ,
1.24 ! otto 55: you will get a list of one-time passwords
1.18 millert 56: that will not work, and no indication of the problem.
1.3 millert 57: .Pp
1.18 millert 58: Password sequence numbers count backwards.
1.5 millert 59: You can enter the passwords using small letters, even though
60: .Nm skey
61: prints them capitalized.
1.19 aaron 62: .Pp
63: The options are as follows:
1.21 aaron 64: .Bl -tag -width Ds
1.3 millert 65: .It Fl n Ar count
66: Prints out
67: .Ar count
1.19 aaron 68: one-time passwords.
69: The default is to print one.
1.24 ! otto 70: .It Fl p Ar passphrase
1.3 millert 71: Uses
1.24 ! otto 72: .Ar passphrase
! 73: as the secret passphrase.
1.19 aaron 74: Use of this option is discouraged as
1.24 ! otto 75: your secret passphrase could be visible in a process listing.
1.4 millert 76: .It Fl x
1.12 aaron 77: Causes output to be in hexadecimal instead of ASCII.
1.4 millert 78: .It Fl md4
79: Selects MD4 as the hash algorithm.
80: .It Fl md5
81: Selects MD5 as the hash algorithm.
82: .It Fl sha1
1.9 millert 83: Selects SHA-1 (NIST Secure Hash Algorithm Revision 1) as the hash algorithm.
84: .It Fl rmd160
85: Selects RMD-160 (160 bit Ripe Message Digest) as the hash algorithm.
1.3 millert 86: .El
1.19 aaron 87: .Sh EXAMPLES
1.5 millert 88: .sp 0
89: % skey 99 th91334
90: .sp 0
1.24 ! otto 91: Enter secret passphrase: <your secret passphrase is entered here>
1.5 millert 92: .sp 0
93: OMEN US HORN OMIT BACK AHOY
94: .sp 0
1.15 aaron 95: %
1.1 deraadt 96: .Sh SEE ALSO
1.14 alex 97: .Xr login 1 ,
1.12 aaron 98: .Xr skeyinfo 1 ,
1.14 alex 99: .Xr skeyinit 1
1.12 aaron 100: .Pp
1.23 jmc 101: .Em RFC 2289
1.11 deraadt 102: .Sh TRADEMARKS AND PATENTS
103: S/Key is a Trademark of Bellcore.
1.1 deraadt 104: .Sh AUTHORS
105: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin