SKEY(5) - File Formats Manual

SKEY(5) - File Formats Manual #

SKEY(5) - File Formats Manual

NAME #

skey - one-time password user database

DESCRIPTION #

The /etc/skey directory contains user records for the S/Key one-time password authentication system.

Records take the form of files within /etc/skey, where each file is named for the user whose record it contains. For example, /etc/skey/root would hold root’s S/Key record.

The mode for /etc/skey should be 01730 and it should be owned by root and group auth. Individual records within /etc/skey should be owned by the user they describe and be mode 0600. To access S/Key records, a process must run as group auth.

Each record consists of five lines:

  1. The name of the user the record describes. This should be the same as the name of the file.

  2. The hash type used for this entry: one of md5, sha1, or rmd160. The default is md5.

  3. The sequence number. This is a decimal number between one and one thousand. Each time the user authenticates via S/Key this number is decremented by one.

  4. A seed used along with the sequence number and the six S/Key words to compute the value.

  5. The value expected from the crunching of the user’s seed, sequence number, and the six S/Key words. When the result matches this value, authentication is considered to have been successful.

FILES #

/etc/skey

EXAMPLES #

Here is a sample /etc/skey file for root:

root
md5
99
obsd36521
1f4359a3764b675d

SEE ALSO #

skey(1), skeyinit(1), skey(3)

OpenBSD 7.5 - October 24, 2020