FreeBSD Manual Pages
OPIEKEY(1) General Commands Manual OPIEKEY(1) NAME opiekey, otp-md4, otp-md5 - Programs for computing responses to OTP challenges. SYNOPSIS opiekey | otp-md4 | otp-md5 [-v] [-h] [-f] [-x] [-t type ] [-4|-5] [-a] [-n count ] sequence_number seed DESCRIPTION opiekey takes the optional count of the number of re- sponses to print along with a (maximum) sequence num- ber and seed as command line args. It prompts for the user's secret pass phrase and produces an OPIE re- sponse as six words. If compiled to do so, it can prompt for the user's secret pass phrase twice to help reduce errors due to mistypes. The second pass- word entry can be circumvented by entering only an end of line. opiekey is downward compatible with the key(1) program from the Bellcore S/Key Version 1 dis- tribution and several of its variants. OPTIONS -v Display the version number and compile-time options, then exit. -h Display a brief help message and exit. -4, -5 Selects MD4 or MD5, respectively, as the re- sponse generation algorithm. The default for otp-md4 is MD4 and the default for opie-md5 is MD5. The default for opiekey depends on com- pile-time configuration, but should be MD5. MD4 is compatible with the Bellcore S/Key Ver- sion 1 distribution. -f Force opiekey to continue, even where it nor- mally shouldn't. This is currently used to force opiekey to operate in even from termi- nals it believes to be insecure. It can also allow users to disclose their secret pass phrases to attackers. Use of the -f flag may be disabled by compile-time option in your particular build of OPIE. -a Allows you to input an arbitrary secret pass phrase, instead of running checks against it. Arbitrary currently does not include '\0' or '\n' characters. This can be used for back- wards compatibility with key generators that do not check passwords. -n <count> the number of one time access passwords to print. The default is one. -x Output the OTPs as hexadecimal numbers instead of six words. -t <type> Generate an extended response of the specified type. Supported types are: word six-word hex hexadecimal init hexadecimal re-initialization init-word six-word re-initialization The re-initialization responses always gener- ate the simple active attack protection. EXAMPLE wintermute$ opiekey -5 -n 5 495 wi01309 Using MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: 491: HOST VET FOWL SEEK IOWA YAP 492: JOB ARTS WERE FEAT TILE IBIS 493: TRUE BRED JOEL USER HALT EBEN 494: HOOD WED MOLT PAN FED RUBY 495: SUB YAW BILE GLEE OWE NOR wintermute$ BUGS opiekey(1) can lull a user into revealing his/her password when remotely logged in, thus defeating the purpose of OPIE. This is especially a problem with xterm. opiekey(1) implements simple checks to reduce the risk of a user making this mistake. Better checks are needed. SEE ALSO ftpd(8), login(1), opie(4), opiepasswd(1), opieinfo(1), opiekeys(5), opieaccess(5), su(1) AUTHOR Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden of Bellcore. OPIE was cre- ated at NRL by Randall Atkinson, Dan McDonald, and Craig Metz. S/Key is a trademark of Bell Communications Research (Bellcore). CONTACT OPIE is discussed on the Bellcore "S/Key Users" mail- ing list. To join, send an email request to: skey-users-request@thumper.bellcore.com 7th Edition February 20, 1996 OPIEKEY(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | BUGS | SEE ALSO | AUTHOR | CONTACT
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=opiekey&sektion=1&manpath=FreeBSD+13.1-RELEASE+and+Ports>