The examples and procedures appearing here may be augmented by other department-specific local documentation.
The S/KEY system, developed at Bellcore, provides a secure alternative to UNIX passwords. The security of S/KEY lies in the use of one-time passwords. These passwords can only be used for one remote login session, so capturing them does not provide an intruder a means of breaking into the system at a later time. Generation of the one-time password is based on a secret password that is chosen by the user, but this secret password never travels over the network.
If you plan on remote authentication via the Internet (department modem pool dialins are not affected, dialins through the University modem pool are affected), you will have to use the S/KEY system. Initially, you need to make yourself known to the S/KEY program. This is done by executing the keyinit command.
The keyinit program will ask you for a secret password. Unlike UNIX passwords, S/KEY secret passwords can be more than 8 characters, so it is suggested that you pick a phrase such as "I like coconuts in the summertime." Use a password that is different than your UNIX account password. Remember this password. You will need it in the future when you deal with the S/KEY program.
When you remotely login to an EECSNet machine from the Internet, rather than encountering the usual UNIX login procedure, you will be confronted with the S/KEY program challenge. There are two methods to deal with this challenge -- running the S/KEY program locally on the machine being used to do the remote login or one time password lists.
telnet delta Trying... Connected to delta.eecs.nwu.edu. Escape character is '^]'. This system is for the use of authorized users only. Individuals using this computer system without authority or in the excess of their authority are subject to having all their activities on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this system or in the course of system maintenance, the activities of authorized user may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of illegal activity or violation of University regulations system personnel may provide the evidence of such monitoring to University authorities and/or law enforcement officials. SunOS UNIX (delta) login: rnp s/key 98 ig964000 (s/key required) Password:
One-time password lists
delta% keyinfo 98 ig964000 delta% key -n 3 98 ig964000 96: BLUR EAR TOOT COLD ROLL ACME 97: SHE HIDE NAT MOON NASH BODY 98: OLIN AMES FATE MADE TOUT BUD
This will print the list to your default printer.