Hitchhiker's Guide to Openbsd
initializing or changing your secret passphrase MUST be done over a secure channel
Download 1.27 Mb. Pdf ko'rish
|
obsd-faq49
- Bu sahifa navigatsiya:
- Setting up S/Key - The first steps
|
initializing or changing your secret passphrase MUST be done over a secure channel, such as
ssh (1) or the console. OpenBSD's S/Key implementation can use a variety of algorithms as the one-way hash function. The http://www.openbsd.org/faq/faq8.html (8 of 20)9/4/2011 10:02:10 AM 8 - General Questions following algorithms are available: ● md4 ● md5 ● sha1 ● rmd160 . Setting up S/Key - The first steps To start off the directory /etc/skey must exist. If this directory is not in existence, have the super-user create it. This can be done simply by doing: # skeyinit -E Once that directory is in existence, you can initialize your S/Key. To do this you must use skeyinit(1) . Since skeyinit(1) will be asking you for your S/Key secret passphrase, you must run this over a secure channel, as explained above! The program will even remind you of this. With skeyinit(1), you will first be prompted for your password to the system. This is the same password that you used to log into the system. Once you have authorized yourself with your system password, you will be asked for your S/ Key secret passphrase. This is NOT your system password. Your secret passphrase must be at least 10 characters. We suggest using a memorable phrase containing several words as the secret passphrase. Here is an example user being added. $ skeyinit Reminder - Only use this method if you are directly connected or have an encrypted channel. If you are using telnet, exit with no password and use skeyinit -s. Password: [Adding ericj with md5] Enter new secret passphrase: Again secret passphrase: ID ericj skey is otp-md5 100 oshi45820 Next login password: HAUL BUS JAKE DING HOT HOG One line of particular importance in here is ID ericj skey is otp-md5 100 oshi45820. This gives a lot of information to the user. Here is a breakdown of the sections and their importance. ● otp-md5 - This shows which one-way hash was used to create your One-Time Password (otp). http://www.openbsd.org/faq/faq8.html (9 of 20)9/4/2011 10:02:10 AM 8 - General Questions ● 100 - This is your sequence number. This is a number from 100 down to 1. Once it reaches one, another secret passphrase must be created by running skeyinit(1) . ● oshi45820 - This is the key. But of more immediate importance is your one-time password. Your one-time password consists of 6 small words, combined together this is your one-time password, spaces and all. The one-time password printed by skeyinit cannot be used to login (there is a usage for this first one-time password, see skeyinit (1) ). To be able to log in, a one-time password corresponding to the challenge printed by the login process has to be computed using skey(1) . The next section will show how to do that. Download 1.27 Mb. Do'stlaringiz bilan baham: 
|