Annotation of src/usr.bin/skey/skey.1, Revision 1.34
1.34 ! naddy 1: .\" $OpenBSD: skey.1,v 1.33 2012/09/26 16:12:13 jmc Exp $
1.1 deraadt 2: .\" @(#)skey.1 1.1 10/28/93
3: .\"
1.34 ! naddy 4: .Dd $Mdocdate: September 26 2012 $
1.1 deraadt 5: .Dt SKEY 1
1.6 michaels 6: .Os
1.1 deraadt 7: .Sh NAME
1.34 ! naddy 8: .Nm skey , otp-md5 , otp-rmd160 , otp-sha1
1.13 aaron 9: .Nd respond to an OTP challenge
1.4 millert 10: .Sh SYNOPSIS
11: .Nm skey
12: .Op Fl x
1.16 aaron 13: .Oo
1.34 ! naddy 14: .Fl md5 | rmd160 | sha1
1.16 aaron 15: .Oc
1.7 millert 16: .Op Fl n Ar count
1.24 otto 17: .Op Fl p Ar passphrase
1.27 jmc 18: .Ao Ar sequence# Ac Op /
19: .Ar key
1.1 deraadt 20: .Sh DESCRIPTION
1.22 millert 21: .Nm S/Key
1.12 aaron 22: is a procedure for using one-time passwords to authenticate access to
1.20 aaron 23: computer systems.
24: It uses 64 bits of information transformed by the
1.34 ! naddy 25: MD5, RIPEMD-160, or SHA1 algorithms.
1.20 aaron 26: The user supplies the 64 bits
1.17 millert 27: in the form of 6 English words that are generated by a secure computer.
28: This implementation of
1.22 millert 29: .Nm S/Key
30: is RFC 2289 compliant.
1.5 millert 31: .Pp
1.24 otto 32: Before using
33: .Nm skey
34: the system needs to be initialized using
35: .Xr skeyinit 1 ;
36: this will establish a secret passphrase.
37: After that, one-time passwords can be generated using
38: .Nm skey ,
39: which will prompt for the secret passphrase.
40: After a one-time password has been used to log in, it can no longer be used.
41: .Pp
1.5 millert 42: When
43: .Nm skey
1.15 aaron 44: is invoked as
1.5 millert 45: .Nm otp-method ,
46: .Nm skey
47: will use
48: .Ar method
49: as the hash function where
50: .Ar method
1.34 ! naddy 51: is currently one of md5, rmd160, or sha1.
1.5 millert 52: .Pp
1.24 otto 53: If you misspell your secret passphrase while running
1.5 millert 54: .Nm skey ,
1.24 otto 55: you will get a list of one-time passwords
1.18 millert 56: that will not work, and no indication of the problem.
1.3 millert 57: .Pp
1.18 millert 58: Password sequence numbers count backwards.
1.5 millert 59: You can enter the passwords using small letters, even though
60: .Nm skey
61: prints them capitalized.
1.19 aaron 62: .Pp
63: The options are as follows:
1.21 aaron 64: .Bl -tag -width Ds
1.34 ! naddy 65: .It Fl md5 | rmd160 | sha1
1.31 sobrado 66: Selects the hash algorithm:
1.34 ! naddy 67: MD5, RMD-160 (160-bit Ripe Message Digest),
1.31 sobrado 68: or SHA1 (NIST Secure Hash Algorithm Revision 1).
1.3 millert 69: .It Fl n Ar count
70: Prints out
71: .Ar count
1.19 aaron 72: one-time passwords.
73: The default is to print one.
1.24 otto 74: .It Fl p Ar passphrase
1.3 millert 75: Uses
1.24 otto 76: .Ar passphrase
77: as the secret passphrase.
1.19 aaron 78: Use of this option is discouraged as
1.24 otto 79: your secret passphrase could be visible in a process listing.
1.27 jmc 80: .It Fl x
81: Causes output to be in hexadecimal instead of ASCII.
1.3 millert 82: .El
1.19 aaron 83: .Sh EXAMPLES
1.26 jmc 84: .Bd -literal -offset indent
85: $ skey 99 th91334
86: Reminder - Do not use this program while logged in via telnet.
1.27 jmc 87: Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt
1.26 jmc 88: OMEN US HORN OMIT BACK AHOY
89: $
1.25 otto 90: .Ed
1.1 deraadt 91: .Sh SEE ALSO
1.14 alex 92: .Xr login 1 ,
1.25 otto 93: .Xr skeyaudit 1 ,
1.12 aaron 94: .Xr skeyinfo 1 ,
1.25 otto 95: .Xr skeyinit 1 ,
1.29 jmc 96: .Xr skey 5 ,
1.26 jmc 97: .Xr skeyprune 8
1.33 jmc 98: .Sh STANDARDS
1.30 jmc 99: .Rs
1.33 jmc 100: .%A N. Haller
101: .%A C. Metz
102: .%A P. Nesser
103: .%A M. Straw
104: .%D February 1998
1.30 jmc 105: .%R RFC 2289
1.33 jmc 106: .%T A One-Time Password System
1.30 jmc 107: .Re
1.11 deraadt 108: .Sh TRADEMARKS AND PATENTS
109: S/Key is a Trademark of Bellcore.
1.1 deraadt 110: .Sh AUTHORS
111: Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin