BC> I can't figure out how to use the skey login for telnet
It's pretty simple.
(1.) Make sure you have telnet enabled, typically by uncommenting
it in /etc/inetd.conf and "pkill -1 inetd".
(2.) As the user who wants to make use of SKEYs, run skeyinit once.
You don't need any parameters.
You will have to provide some "secret password" used as some of the
generators of the SKEY sequences. You can simply reuse your
standard login password or choose a new secret.
skeyinit will end with some info like:
ID cartwright skey is otp-md4 100 hack123456
Next login password: DIRT THUD ABLE IFFY ROVE FUD
The above is the login access for the first, skey-based login coming
up next, identified by a series id (hack123456) and running number
(100, 99, 98, ...) . You will very likely be interested in a
slightly longer list of the upcoming skeys phrases. Get this by
entering:
skey -n 10 100 hack123456
and your secret when prompted. You can recreate the list any time.
Later on you would be interested in the list going from, say, 90 - 80.
(3.) After your skeyinit, login prompts in telnet, rlogin, slogin, and
you console (whatever is making use of the skey PAM module) will look
like this:
Password [ otp-md4 100 hack123456 ]: ____
At this point you can either use either your standard password or
use & burn the next SKEY phrase from you list. For the
"100 hack123456" identifier, you could enter "dirt thud able iffy
rove fud" (case doesn't matter), and after have used this, you
would be prompted with "Password [ otp-md4 99 hack123456 ]:"
and could use the "99" phrase.
The beautiful thing is that you can switch between you standard login
password and an skey phrase any time. You don't have to commit to
skeys completely by using them once. Give it a try!
HTH, Martin
