skey, otp-md4, otp-md5, otp-sha1, otp-rmd160 - respond to an
skey [-x] [-md4 | -md5 | -sha1 | -rmd160] [-n count] [-p
S/Key is a procedure for using one-time passwords to authenticate access
to computer systems. It uses 64 bits of information transformed by the
MD4, MD5, SHA1, or RIPEMD-160 algorithms. The user supplies
the 64 bits
in the form of 6 English words that are generated by a secure computer.
This implementation of S/Key is RFC 2289 compliant.
Before using skey the system needs to be initialized using
this will establish a secret passphrase. After that, onetime passwords
can be generated using skey, which will prompt for the secret passphrase.
After a one-time password has been used to log in, it can no
When skey is invoked as otp-method, skey will use method as
function where method is currently one of md4, md5, sha1, or
If you misspell your secret passphrase while running skey,
you will get a
list of one-time passwords that will not work, and no indication of the
Password sequence numbers count backwards. You can enter
using small letters, even though skey prints them capitalized.
The options are as follows:
Prints out count one-time passwords. The default is
Uses passphrase as the secret passphrase. Use of
this option is
discouraged as your secret passphrase could be visible in a process
-x Causes output to be in hexadecimal instead of ASCII.
-md4 Selects MD4 as the hash algorithm.
-md5 Selects MD5 as the hash algorithm.
-sha1 Selects SHA-1 (NIST Secure Hash Algorithm Revision
1) as the hash
Selects RMD-160 (160 bit Ripe Message Digest) as the
$ skey 99 th91334
Reminder - Do not use this program while logged in via
Enter secret passphrase: <your secret passphrase is
OMEN US HORN OMIT BACK AHOY
login(1), skeyaudit(1), skeyinfo(1), skeyinit(1),
TRADEMARKS AND PATENTS [Toc] [Back]
S/Key is a Trademark of Bellcore.
Phil Karn, Neil M. Haller, John S. Walden, Scott Chasin
OpenBSD 3.6 October 28, 1993
[ Back ]