Annotation of src/usr.bin/skey/skey.1, Revision 1.31
1.31 ! sobrado 1: .\" $OpenBSD: skey.1,v 1.30 2007/03/16 16:06:38 jmc Exp $
1.1 deraadt 2: .\" @(#)skey.1 1.1 10/28/93
3: .\"
1.17 millert 4: .Dd October 28, 1993
1.1 deraadt 5: .Dt SKEY 1
1.6 michaels 6: .Os
1.1 deraadt 7: .Sh NAME
1.27 jmc 8: .Nm skey , otp-md4 , otp-md5 , otp-rmd160 , otp-sha1
1.13 aaron 9: .Nd respond to an OTP challenge
1.4 millert 10: .Sh SYNOPSIS
11: .Nm skey
12: .Op Fl x
1.16 aaron 13: .Oo
1.27 jmc 14: .Fl md4 | md5 | rmd160 | sha1
1.16 aaron 15: .Oc
1.7 millert 16: .Op Fl n Ar count
1.24 otto 17: .Op Fl p Ar passphrase
1.27 jmc 18: .Ao Ar sequence# Ac Op /
19: .Ar key
1.1 deraadt 20: .Sh DESCRIPTION
1.22 millert 21: .Nm S/Key
1.12 aaron 22: is a procedure for using one-time passwords to authenticate access to
1.20 aaron 23: computer systems.
24: It uses 64 bits of information transformed by the
1.27 jmc 25: MD4, MD5, RIPEMD-160, or SHA1 algorithms.
1.20 aaron 26: The user supplies the 64 bits
1.17 millert 27: in the form of 6 English words that are generated by a secure computer.
28: This implementation of
1.22 millert 29: .Nm S/Key
30: is RFC 2289 compliant.
1.5 millert 31: .Pp
1.24 otto 32: Before using
33: .Nm skey
34: the system needs to be initialized using
35: .Xr skeyinit 1 ;
36: this will establish a secret passphrase.
37: After that, one-time passwords can be generated using
38: .Nm skey ,
39: which will prompt for the secret passphrase.
40: After a one-time password has been used to log in, it can no longer be used.
41: .Pp
1.5 millert 42: When
43: .Nm skey
1.15 aaron 44: is invoked as
1.5 millert 45: .Nm otp-method ,
46: .Nm skey
47: will use
48: .Ar method
49: as the hash function where
50: .Ar method
1.27 jmc 51: is currently one of md4, md5, rmd160, or sha1.
1.5 millert 52: .Pp
1.24 otto 53: If you misspell your secret passphrase while running
1.5 millert 54: .Nm skey ,
1.24 otto 55: you will get a list of one-time passwords
1.18 millert 56: that will not work, and no indication of the problem.
1.3 millert 57: .Pp
1.18 millert 58: Password sequence numbers count backwards.
1.5 millert 59: You can enter the passwords using small letters, even though
60: .Nm skey
61: prints them capitalized.
1.19 aaron 62: .Pp
63: The options are as follows:
1.21 aaron 64: .Bl -tag -width Ds
1.31 ! sobrado 65: .It Fl md4 | md5 | rmd160 | sha1
! 66: Selects the hash algorithm:
! 67: MD4, MD5, RMD-160 (160-bit Ripe Message Digest),
! 68: or SHA1 (NIST Secure Hash Algorithm Revision 1).
1.3 millert 69: .It Fl n Ar count
70: Prints out
71: .Ar count
1.19 aaron 72: one-time passwords.
73: The default is to print one.
1.24 otto 74: .It Fl p Ar passphrase
1.3 millert 75: Uses
1.24 otto 76: .Ar passphrase
77: as the secret passphrase.
1.19 aaron 78: Use of this option is discouraged as
1.24 otto 79: your secret passphrase could be visible in a process listing.
1.27 jmc 80: .It Fl x
81: Causes output to be in hexadecimal instead of ASCII.
1.3 millert 82: .El
1.19 aaron 83: .Sh EXAMPLES
1.26 jmc 84: .Bd -literal -offset indent
85: $ skey 99 th91334
86: Reminder - Do not use this program while logged in via telnet.
1.27 jmc 87: Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt
1.26 jmc 88: OMEN US HORN OMIT BACK AHOY
89: $
1.25 otto 90: .Ed
1.1 deraadt 91: .Sh SEE ALSO
1.14 alex 92: .Xr login 1 ,
1.25 otto 93: .Xr skeyaudit 1 ,
1.12 aaron 94: .Xr skeyinfo 1 ,
1.25 otto 95: .Xr skeyinit 1 ,
1.29 jmc 96: .Xr skey 5 ,
1.26 jmc 97: .Xr skeyprune 8
1.30 jmc 98: .Rs
99: .%R RFC 2289
100: .%T "A One-Time Password System"
101: .%D 1998
102: .Re
1.11 deraadt 103: .Sh TRADEMARKS AND PATENTS
104: S/Key is a Trademark of Bellcore.
1.1 deraadt 105: .Sh AUTHORS
106: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin