• Home
• About
• People
• News
• Events
• Research
• Courses
• Graduate Study
• Undergraduate Study
• Places
• Computing Systems
• Accounts
• After Hours
• Backups
• Copyright
• Disk Space
• Doc
• Education
• Email
• Ergonomics
• Find Software
• CD/Flash Drives
• FTP
• Get Software
• Hardware
• Help
• Licenses
• Local Access
• Network
• News
• New Users
• Policies
• Printing
• Publishing
• Remote Access
• Certificates
• IMAP
• Remote Backup
• SMTP
• S/Key
• Use
• Ref
• FAQ
• Tech
• ssh
• vpn
• X Servers
• Research
• Search
• Snapshots
• Statistics
• Software
• Web
• Industrial Relations
• Alumni
• Contacts

Frequently Asked Questions about s/key

1. Q: When I telnet to in, it tells me that s/key is required, but doesn't give me a count and seed to respond to.

   A: You must initialize yourself with the s/key program by running keyinit on in as described in Using s/key.

2. Q: I initialized myself with s/key but when I telnet to in and use my one-time password, it gives me a "login incorrect" message.

   A: Chances are that you misentered your secret password to either keyinit or keyprint. In order to generate your one-time passwords, you provide a secret password. This password is not stored anywhere on the system. Then when you run keyprint or use your s/key software, you need to retype your secret key. However, there is no way to check that this is the same secret password originally given to keyinit when you initialized yourself. No matter what you type, you will get a one-time password back, but it will not work to log in unless it matches your real secret password. You will need to re-initialize yourself with a new set of passwords.

3. Q: I am running out of s/key passwords. What do I do?

   A: When your count starts getting low, go to a local machine in the department and follow the steps described under Initializing yourself with s/key. You will now have 100 new one-time passwords. Note that you don't have to have used all 100 passwords from your previous list to re-run keyinit; you can re-initialize yourself at any time.

4. Q: But I'm not at Brown! How can I get more s/key passwords without logging into a local machine?

   A: Use the keyinit command with the -s switch. To do this, you must have s/key software installed on your local machine from which you are logging in remotely (this software is available off the Using s/key page). keyinit -s can be run as follows:

   1. telnet to in, using your current s/key passwords.
   2. At the "in:" prompt, type keyinit -s
   3. Enter the sequence count and new key value as shown:

      in:  keyinit -s
      Updating sas:
      Old key: in35348
      Reminder you need the 6 english words from the skey command.
      Enter sequence count from 1 to 9999: 99
      Enter new key [default in35349]:
      s/key 99 in35349
      s/key access password:
      

   4. s/key will ask you for your 99th password. To get this, run your s/key software on your local machine, giving it the count and seed from above (i.e. 99 in35349) and your secret password. Your local software will provide you with a set of six words - that is your 99th one-time password. Enter those six words at the

      s/key access password:

      prompt on in.
   5. keyinit will echo back the 99th password that you just typed. Now you are all set. The next time you remotely log in to in, it will ask you for the 98th password just as usual.

   ---

   Page Owner: Tstaff Account

   Last Modified: Mon Jun 30 07:21:58 2008