A Quick and Dirty Guide to Using S/Key in the ECE Environment

Examples in this document assume that the host you wish to log into is delta.ece.nwu.edu and that the remote host you are connecting from is prep.ai.mit.edu.

1. The first thing you have to decide is which host or hosts you will want to log into when you are away from ECEnet. I chose delta.ece.nwu.edu for this example. You will probably want to choose at least one other host as a backup in case delta is down while you are away.

2. Before I can log in using S/Key, I have to run keyinit to generate a list of 99 disposable passwords. So before leaving for Massachusetts, I log into delta and type "keyinit".

3. It prompts me for a password (but it's preferrable to use a good pass phrase). I choose the pass phrase "The barber of Seville." Here is a transcript:

   delta.ece.nwu.edu% keyinit
   Adding pred:
   Reminder - Only use this method if you are directly connected.
   If you are using telnet or rlogin exit with no password and use keyinit -s.
   Enter secret password: The barber of Seville.
   Again secret password: The barber of Seville.
   
   ID pred s/key is 99 de85773
   TREE HOOD DUN HAS LOIS THEY
   

   Note that your secret pass phrase won't be echoed when you type it.

4. The next thing to do is to test things out. I'll do that by connecting to delta from, say, eden:

   eden.ece.nwu.edu% telnet delta
   Trying 129.105.5.103 ...
   Connected to delta.ece.nwu.edu.
   Escape character is '^]'.
   
   This system is for the use of authorized users only.  Individuals using
   this computer system without authority or in the excess of their authority
   are subject to having all their activities on this system monitored and
   recorded by system personnel.  In the course of monitoring individuals
   improperly using this system or in the course of system maintenance, the
   activities of authorized user may also be monitored.  Anyone using this
   system expressly consents to such monitoring and is advised that if such
   monitoring reveals possible evidence of illegal activity or violation of
   University regulations system personnel may provide the evidence of such
   monitoring to University authorities and/or law enforcement officials.
   
   
   
   SunOS UNIX (delta)
   
   login: pred
   s/key 98 de85773
   Password:
   

5. I get the S/Key challenge string "s/key 98 de85773", as expected. In the eden window, I use this string and my S/Key secret pass phrase as inputs to key, an S/Key one-time password generator, to generate the right disposable password:

   eden.ece.nwu.edu% key 98 de85773
   Reminder - Do not use this program while logged in via telnet or rlogin.
   Enter secret password: The barber of Seville.
   WAG WORD RET EWE AMEN FLAM
   

6. My disposable password for this login is "WAG WORD RET EWE AMEN FLAM". I type or paste this into the Password: prompt in my delta window and log in successfully.

If you don't know what OS is used on the remote machine, or if you can't find a binary for your OS at the above FTP site, you can simply print off a list of passwords to take with you:

1. If you haven't done so already, perform steps 1-3, above.

2. Use the keyprint command to print a half-page list of one-time passwords on laser1:

   delta.ece.nwu.edu% keyprint | lpr -Plaser1
   Reminder - Do not use this program while logged in via telnet or rlogin.
   Enter secret password: The barber of Seville.
   

   You can, of course, print it on any Postscript printer.

3. Log into delta once using your printed passwords to make sure the passwords work before leaving for your trip.