S/key One-Time Passwords

Introduction

Panix supports s/key for one-time passwords (also known as challenge/ response authentication). One-time password (OTP) systems are based on a secret passphrase that the user is careful never to send over a computer network or to type in on an untrusted machine. Instead, when the user wants to log in, the remote computer sends a "challenge" consisting of a seed and a sequence number (see below), and the user runs a "calculator" on a trusted machine that, using the seed and sequence number from the challenge, together with the user's secret passphrase, produce a single-use password that can be safely sent over an untrusted network or typed in on an untrusted machine. The one-time password is only valid for the next login on that host - after that, it is useless.

The one-time password system has several parts -

prompt - this is made up of two parts:
- seed - this is an arbitrary string that will be used as part of the challenge every time you log in. It is set up when you first install OTP on your account.
- sequence number - a number that starts high, usually around 9999, and gets decremented every time you log in. This is also used as part of the challenge.
Secret passphrase - this is a password that you keep "secret" in that you never send it over a computer network or disclose it to the computer that you are logging in to. You ONLY disclose it to the calculator program that generates the one-time responses, and you should ONLY run the calculator program on a host that you are accessing locally (i.e. not over a network) and that you trust (i.e. your own computer, not some random workstation in an Internet cafe).
One-time password, or OTP - the output of the calculator program. Usually six short words like "MELT FAWN MAST OWN MA TROY" or, in some cases, a hex output like " 567F ECE1 F852 964C"

Each time you use a one-time password, the sequence number decreases by one, so the next time you make the calculation you get a new set of six words.

Using a one-time password means that if someone is sniffing your entries on the user hosts they'll get only the password you're using this time-- and that's not going to work because it's already being used.

Keeping S/key secure

S/key is secure only if you are scrupulous about the following:

You should never enter your passphrase into any of the Panix user hosts-- or, for that matter, into any multi-user machine or even a single-user machine that you cannot completely trust.
If you are not going to have a secure machine available to calculate your next one-time password (OTP), you can print it (or several of them) out in advance from a trusted machine. Most S/key calculators will let you print out a list of passwords (with their corresponding sequence numbers). You need to keep the list secure, and you should cross off each OTP as you use it so that you will notice if someone else has managed to peek at your list.
You must set up s/key on each of the Panix hosts. If we add a new user host you need to set up s/key on that host. We urge you to start the count at 9999, and to use the default seed that the machine presents. In any case, you absolutely must make sure that the seed is different on each machine (or your one-time passwords won't be "one-time").
Remember, you still need your regular password for RADIUS (dialup) authentication, for POP, and to authenticate to the news server-- and to initialize your new s/key. Furthermore, your regular password can still be used to log into any of the userhosts, even if you've set up s/key on that host.
You should watch the count. If you are presented with a sequence number that is decremented by more than one since the last time you used s/key on that host, then someone else may have your passphrase.
You should re-initialize your s/key login when the count reaches 8000.
If you like, you can use the same secret pass phrase on all the user hosts, but you must be sure to use a different seed on each and not to repeat a seed. (Using a different pass phrase for each host is more secure, but harder to keep track of.)

Setting up S/key on your Panix shell account

To initialize your Panix account for s/key, you need to do the following:

Decide on a calculator program. Do NOT use the "skey" command on the Panix userhosts, since you can only access them remotely via the Internet. If you have a PC or Mac, download S/key, OTP, or OPIE software from a trusted source. See the list of software at the bottom of this article.
If you run Unix workalike at home, you may already have the "skey" command installed; if not, please inspect your ports or packages tree and your local documentation.
Decide on a secret passphrase. You are not restricted to the Unix 8 character password, so you can pick a short sentence, a verse from a poem or song, or whatever you like.

Enable one-time passwords on your Panix account. The command to use is "skeyinit -s -t md5". Here is a sample session, with the username "joeuser". Note the "stage directions" marked in italics (and parentheses) that indicate actions like typing in your password or running the s/key calculator on your trusted machine.

  % skeyinit -s -t md5
  Password: (Enter your normal Unix password here)
  [Adding joeuser]
  You need the 6 english words generated from the "skey" command.
  Enter sequence count from 1 to 10000: 9999
  Enter new seed [default pani58574]: (Enter a new seed or press RETURN for the default)
  otp-md5 9999 pani58574
  (Run S/key calculator on a secure host with your passphrase to get a response)
  s/key access password: RUDY LONG GREEN BAD COP HEAL
  
  ID joeuser skey is otp-md5 9999 pani58574
  Next login password: RUDY LONG GREEN BAD COP HEAL

Remember to do this on all of the Panix user hosts (i.e. panix1, panix2, panix3, etc) that you want to connect to with S/key.

Using S/key at Panix

Once you're initialized for s/key, you can use your one-time password for telnet, ssh, or ftp.

If you use telnet or ftp, you will start to see s/key prompts when you log in, like this:

  patty@happyhouse: $ telnet panix2
  Trying 166.84.1.2...
  Connected to panix2.panix.com (166.84.1.2).
  Escape character is '^]'.
  
  NetBSD/i386 (panix2.panix.com) (ttyp9)
  
  login: joeuser
  Password [otp-md5 9998 pani58574]:  BUSH FOOL DICK FLY BOMB HARD
  Last login: Tue Oct 16 15:00:17 2001 from an.example.net
  Warning: no Kerberos tickets issued.
  Copyright (c) 1996, 1997, 1998, 1999, 2000
          The NetBSD Foundation, Inc.  All rights reserved.

If you use ssh, it may be a little harder. Your ssh client has to support Version 2 and s/key (openSSH), or Version 1 and "TIS-Auth" (Putty), and you may need to set it up properly. For example, if you are using the OpenSSH client and you don't get an s/key prompt when logging into Panix, try this:

   $ ssh -2 -l joeuser -o "PasswordAuthentication no" -o "ChallengeResponseAuthentication yes" panix2
   otp-md5 9997 pani58574
   S/Key Password: BOMB BIN LOT END SAY JOE
   Last login: Tue Oct 16 15:19:05 2001 from happyhouse.panix
   NetBSD 1.5.1 (PANIX-USER) #0: Fri Jul 20 21:52:41 EDT 2001

With Putty, before you log in, go to the "Settings" menu and look under "SSH", "Auth", and then turn on "Enable TIS Authentication". ("TIS" stands for Trusted Information Systems, an early computer security research and development company that used S/Key access in their products). You may want to save the settings to avoid having to change them every time you want to use S/Key.

Disabling S/key

If you no longer want to use S/key, you can turn it off entirely by running the "skeyinit -z" command on each host that you've set up for S/key. Again, you'll need your normal Unix password.

Important Reminders

Even after you've set up an s/key password on a host, your Unix password is still valid, can be used to log in as normal, and is still needed to manage s/key functions. You are in charge of your own seeds and password. It is your responsibility to make sure you do not re-use a password or a seed.
Although s/key lets you log in to your Panix account from an unsecure machine using telnet or FTP without compromising your password, you are not protected against eavesdropping (where a hostile party monitors what you are doing) or connection hijacking (where a hostile party takes over your session and injects their own commands).
For the best possible protection against eavesdropping and connection hijacking, use SSH with your s/key password instead of telnet, and the sftp or scp commands instead of FTP.
The s/key standard allows for different algorithms to be used when generating the passwords. The algorithms currently supported at Panix are MD5, MD4, and SHA-1. Note that very few calculator programs support SHA-1.
Given the prevalence of keyboard sniffers in Internet cafes and other unsecured PCs, you should never use your s/key secret passphrase on a public terminal that might be compromised. If you are going traveling and want to access your Panix accounts with s/key, print out the next 20 or so passwords and bring the list with you. Be sure to test out the first password in the list while you're still at home, in case you made any mistakes generating the list.

References

Other software that supports S/Key or OTP

Fetch, a well-liked FTP client for Macintosh: http://fetchsoftworks.com/
FTP Voyager, an FTP client for Windows: http://www.ftpvoyager.com/

S/key One-Time Passwords

Introduction

Keeping S/key secure

Setting up S/key on your Panix shell account

Using S/key at Panix

Disabling S/key

Important Reminders

References

The one-time password (OTP) standard

Wikipedia articles on S/Key and one-time password schemes

Unix, PC, and Mac software for generating passwords

More software (items below not yet reviewed by Panix staff)

Other software that supports S/Key or OTP