Annotation of src/usr.bin/skey/skey.1, Revision 1.36
1.36 ! tim 1: .\" $OpenBSD: skey.1,v 1.35 2015/01/16 16:16:36 schwarze Exp $
1.1 deraadt 2: .\" @(#)skey.1 1.1 10/28/93
3: .\"
1.36 ! tim 4: .Dd $Mdocdate: January 16 2015 $
1.1 deraadt 5: .Dt SKEY 1
1.6 michaels 6: .Os
1.1 deraadt 7: .Sh NAME
1.34 naddy 8: .Nm skey , otp-md5 , otp-rmd160 , otp-sha1
1.13 aaron 9: .Nd respond to an OTP challenge
1.4 millert 10: .Sh SYNOPSIS
11: .Nm skey
12: .Op Fl x
1.16 aaron 13: .Oo
1.34 naddy 14: .Fl md5 | rmd160 | sha1
1.16 aaron 15: .Oc
1.7 millert 16: .Op Fl n Ar count
1.24 otto 17: .Op Fl p Ar passphrase
1.27 jmc 18: .Ao Ar sequence# Ac Op /
19: .Ar key
1.1 deraadt 20: .Sh DESCRIPTION
1.22 millert 21: .Nm S/Key
1.12 aaron 22: is a procedure for using one-time passwords to authenticate access to
1.20 aaron 23: computer systems.
24: It uses 64 bits of information transformed by the
1.34 naddy 25: MD5, RIPEMD-160, or SHA1 algorithms.
1.20 aaron 26: The user supplies the 64 bits
1.17 millert 27: in the form of 6 English words that are generated by a secure computer.
28: This implementation of
1.22 millert 29: .Nm S/Key
30: is RFC 2289 compliant.
1.5 millert 31: .Pp
1.24 otto 32: Before using
33: .Nm skey
34: the system needs to be initialized using
35: .Xr skeyinit 1 ;
36: this will establish a secret passphrase.
37: After that, one-time passwords can be generated using
38: .Nm skey ,
39: which will prompt for the secret passphrase.
40: After a one-time password has been used to log in, it can no longer be used.
41: .Pp
1.5 millert 42: When
43: .Nm skey
1.15 aaron 44: is invoked as
1.5 millert 45: .Nm otp-method ,
46: .Nm skey
47: will use
48: .Ar method
49: as the hash function where
50: .Ar method
1.34 naddy 51: is currently one of md5, rmd160, or sha1.
1.5 millert 52: .Pp
1.24 otto 53: If you misspell your secret passphrase while running
1.5 millert 54: .Nm skey ,
1.24 otto 55: you will get a list of one-time passwords
1.18 millert 56: that will not work, and no indication of the problem.
1.3 millert 57: .Pp
1.18 millert 58: Password sequence numbers count backwards.
1.5 millert 59: You can enter the passwords using small letters, even though
60: .Nm skey
61: prints them capitalized.
1.19 aaron 62: .Pp
63: The options are as follows:
1.21 aaron 64: .Bl -tag -width Ds
1.34 naddy 65: .It Fl md5 | rmd160 | sha1
1.31 sobrado 66: Selects the hash algorithm:
1.34 naddy 67: MD5, RMD-160 (160-bit Ripe Message Digest),
1.31 sobrado 68: or SHA1 (NIST Secure Hash Algorithm Revision 1).
1.3 millert 69: .It Fl n Ar count
70: Prints out
71: .Ar count
1.19 aaron 72: one-time passwords.
73: The default is to print one.
1.24 otto 74: .It Fl p Ar passphrase
1.3 millert 75: Uses
1.24 otto 76: .Ar passphrase
77: as the secret passphrase.
1.19 aaron 78: Use of this option is discouraged as
1.24 otto 79: your secret passphrase could be visible in a process listing.
1.27 jmc 80: .It Fl x
81: Causes output to be in hexadecimal instead of ASCII.
1.3 millert 82: .El
1.19 aaron 83: .Sh EXAMPLES
1.26 jmc 84: .Bd -literal -offset indent
85: $ skey 99 th91334
1.27 jmc 86: Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt
1.26 jmc 87: OMEN US HORN OMIT BACK AHOY
88: $
1.25 otto 89: .Ed
1.1 deraadt 90: .Sh SEE ALSO
1.14 alex 91: .Xr login 1 ,
1.25 otto 92: .Xr skeyaudit 1 ,
1.12 aaron 93: .Xr skeyinfo 1 ,
1.25 otto 94: .Xr skeyinit 1 ,
1.29 jmc 95: .Xr skey 5 ,
1.26 jmc 96: .Xr skeyprune 8
1.33 jmc 97: .Sh STANDARDS
1.30 jmc 98: .Rs
1.33 jmc 99: .%A N. Haller
100: .%A C. Metz
101: .%A P. Nesser
102: .%A M. Straw
103: .%D February 1998
1.30 jmc 104: .%R RFC 2289
1.33 jmc 105: .%T A One-Time Password System
1.30 jmc 106: .Re
1.11 deraadt 107: .Sh TRADEMARKS AND PATENTS
108: S/Key is a Trademark of Bellcore.
1.1 deraadt 109: .Sh AUTHORS
1.35 schwarze 110: .An Phil Karn
111: .An Neil M. Haller
112: .An John S. Walden
113: .An Scott Chasin