S/Key is a simple one-time password system that takes an initial shared secret, and uses it as the seed for iterative hashes (using a cryptographically-strong one-way hash function, like MD4, MD5, SHA-1, etc.) which, taken in reverse, become the one-time passwords you use to login.
initializing S/Key
in order to establish the initial shared secret, you need to be logged
in via a secure connection (SSH). you then run
skeyinit, which will prompt you for your regular monkey
Unix password, and then ask you to set a password to seed the S/Key
password generation:
generating S/Key OTPs
on-the-fly OTP generation: if you have a PalmPilot, you can use PilotOTP to generate OTPs using your temporary S/Key password.
one-time password lists: to generate a list of OTPs to carry in
your wallet, run skeyprint (it will spit Postscript data
on stdout, so direct it to a file):
you will then have a Postscript file (mykeys.ps) you can
print and cut out to put in your wallet. werd.
using OTPs
you simply need to telnet (or SSH - we run a hacked-up version of sshd) to
monkey, and at login, enter your monkey username, and
s/key as your password. you will then be prompted for
your S/Key OTP. look it up on your sheet of OTPs, or generate it using
the seed value given, your temporary S/Key password, and the password
number. enter it in exactly.