.\" $OpenBSD: skey.1,v 1.37 2022/03/31 17:27:27 naddy Exp $ .\" @(#)skey.1 1.1 10/28/93 .\" .Dd $Mdocdate: March 31 2022 $ .Dt SKEY 1 .Os .Sh NAME .Nm skey , otp-md5 , otp-rmd160 , otp-sha1 .Nd respond to an OTP challenge .Sh SYNOPSIS .Nm skey .Op Fl x .Oo .Fl md5 | rmd160 | sha1 .Oc .Op Fl n Ar count .Op Fl p Ar passphrase .Ao Ar sequence# Ac Op / .Ar key .Sh DESCRIPTION .Nm S/Key is a procedure for using one-time passwords to authenticate access to computer systems. It uses 64 bits of information transformed by the MD5, RIPEMD-160, or SHA1 algorithms. The user supplies the 64 bits in the form of 6 English words that are generated by a secure computer. This implementation of .Nm S/Key is RFC 2289 compliant. .Pp Before using .Nm skey , the system needs to be initialized using .Xr skeyinit 1 ; this will establish a secret passphrase. After that, one-time passwords can be generated using .Nm skey , which will prompt for the secret passphrase. After a one-time password has been used to log in, it can no longer be used. .Pp When .Nm skey is invoked as .Nm otp-method , .Nm skey will use .Ar method as the hash function where .Ar method is currently one of md5, rmd160, or sha1. .Pp If you misspell your secret passphrase while running .Nm skey , you will get a list of one-time passwords that will not work, and no indication of the problem. .Pp Password sequence numbers count backwards. You can enter the passwords using small letters, even though .Nm skey prints them capitalized. .Pp The options are as follows: .Bl -tag -width Ds .It Fl md5 | rmd160 | sha1 Selects the hash algorithm: MD5, RMD-160 (160-bit Ripe Message Digest), or SHA1 (NIST Secure Hash Algorithm Revision 1). .It Fl n Ar count Prints out .Ar count one-time passwords. The default is to print one. .It Fl p Ar passphrase Uses .Ar passphrase as the secret passphrase. Use of this option is discouraged as your secret passphrase could be visible in a process listing. .It Fl x Causes output to be in hexadecimal instead of ASCII. .El .Sh EXAMPLES .Bd -literal -offset indent $ skey 99 th91334 Enter secret passphrase: \*(Ltyour secret passphrase is entered here\*(Gt OMEN US HORN OMIT BACK AHOY $ .Ed .Sh SEE ALSO .Xr login 1 , .Xr skeyaudit 1 , .Xr skeyinfo 1 , .Xr skeyinit 1 , .Xr skey 5 , .Xr skeyprune 8 .Sh STANDARDS .Rs .%A N. Haller .%A C. Metz .%A P. Nesser .%A M. Straw .%D February 1998 .%R RFC 2289 .%T A One-Time Password System .Re .Sh TRADEMARKS AND PATENTS S/Key is a Trademark of Bellcore. .Sh AUTHORS .An Phil Karn .An Neil M. Haller .An John S. Walden .An Scott Chasin