one-time-passwords.html

FreeBSD操作系统的详细使用手册

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>One-time Passwords</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD Handbook" href="index.html" />
<link rel="UP" title="Security" href="security.html" />
<link rel="PREVIOUS" title="DES, MD5, and Crypt" href="crypt.html" />
<link rel="NEXT" title="TCP Wrappers" href="tcpwrappers.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD Handbook</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="crypt.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 14 Security</td>
<td width="10%" align="right" valign="bottom"><a href="tcpwrappers.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="ONE-TIME-PASSWORDS" name="ONE-TIME-PASSWORDS">14.5 One-time
Passwords</a></h1>

<p>S/Key is a one-time password scheme based on a one-way hash function. FreeBSD uses the
MD4 hash for compatibility but other systems have used MD5 and DES-MAC. S/Key has been
part of the FreeBSD base system since version 1.1.5 and is also used on a growing number
of other operating systems. S/Key is a registered trademark of Bell Communications
Research, Inc.</p>

<p>From version 5.0 of FreeBSD, S/Key has been replaced with the functionally equivalent
OPIE (One-time Passwords In Everything). OPIE uses the MD5 hash by default.</p>

<p>There are three different sorts of passwords which we will discuss below. The first is
your usual <span class="TRADEMARK">UNIX</span>&reg; style or Kerberos password; we will
call this a ``<span class="TRADEMARK">UNIX</span> password''. The second sort is the
one-time password which is generated by the S/Key <tt class="COMMAND">key</tt> program or
the OPIE <a href="http://www.FreeBSD.org/cgi/man.cgi?query=opiekey&sektion=1"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">opiekey</span>(1)</span></a> program and
accepted by the <tt class="COMMAND">keyinit</tt> or <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=opiepasswd&sektion=1"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">opiepasswd</span>(1)</span></a> programs
and the login prompt; we will call this a ``one-time password''. The final sort of
password is the secret password which you give to the <tt class="COMMAND">key</tt>/<tt
class="COMMAND">opiekey</tt> programs (and sometimes the <tt
class="COMMAND">keyinit</tt>/<tt class="COMMAND">opiepasswd</tt> programs) which it uses
to generate one-time passwords; we will call it a ``secret password'' or just unqualified
``password''.</p>

<p>The secret password does not have anything to do with your <span
class="TRADEMARK">UNIX</span> password; they can be the same but this is not recommended.
S/Key and OPIE secret passwords are not limited to 8 characters like old <span
class="TRADEMARK">UNIX</span> passwords<a id="AEN19199" name="AEN19199"
href="#FTN.AEN19199"><span class="footnote">[1]</span></a>, they can be as long as you
like. Passwords of six or seven word long phrases are fairly common. For the most part,
the S/Key or OPIE system operates completely independently of the <span
class="TRADEMARK">UNIX</span> password system.</p>

<p>Besides the password, there are two other pieces of data that are important to S/Key
and OPIE. One is what is known as the ``seed'' or ``key'', consisting of two letters and
five digits. The other is what is called the ``iteration count'', a number between 1 and
100. S/Key creates the one-time password by concatenating the seed and the secret
password, then applying the MD4/MD5 hash as many times as specified by the iteration
count and turning the result into six short English words. These six English words are
your one-time password. The authentication system (primarily PAM) keeps track of the last
one-time password used, and the user is authenticated if the hash of the user-provided
password is equal to the previous password. Because a one-way hash is used it is
impossible to generate future one-time passwords if a successfully used password is
captured; the iteration count is decremented after each successful login to keep the user
and the login program in sync. When the iteration count gets down to 1, S/Key and OPIE
must be reinitialized.</p>

<p>There are three programs involved in each system which we will discuss below. The <tt
class="COMMAND">key</tt> and <tt class="COMMAND">opiekey</tt> programs accept an
iteration count, a seed, and a secret password, and generate a one-time password or a
consecutive list of one-time passwords. The <tt class="COMMAND">keyinit</tt> and <tt
class="COMMAND">opiepasswd</tt> programs are used to initialize S/Key and OPIE
respectively, and to change passwords, iteration counts, or seeds; they take either a
secret passphrase, or an iteration count, seed, and one-time password. The <tt
class="COMMAND">keyinfo</tt> and <tt class="COMMAND">opieinfo</tt> programs examine the
relevant credentials files (<tt class="FILENAME">/etc/skeykeys</tt> or <tt
class="FILENAME">/etc/opiekeys</tt>) and print out the invoking user's current iteration
count and seed.</p>

<p>There are four different sorts of operations we will cover. The first is using <tt
class="COMMAND">keyinit</tt> or <tt class="COMMAND">opiepasswd</tt> over a secure
connection to set up one-time-passwords for the first time, or to change your password or
seed. The second operation is using <tt class="COMMAND">keyinit</tt> or <tt
class="COMMAND">opiepasswd</tt> over an insecure connection, in conjunction with <tt
class="COMMAND">key</tt> or <tt class="COMMAND">opiekey</tt> over a secure connection, to
do the same. The third is using <tt class="COMMAND">key</tt>/<tt
class="COMMAND">opiekey</tt> to log in over an insecure connection. The fourth is using
<tt class="COMMAND">key</tt> or <tt class="COMMAND">opiekey</tt> to generate a number of
keys which can be written down or printed out to carry with you when going to some
location without secure connections to anywhere.</p>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN19226" name="AEN19226">14.5.1 Secure Connection
Initialization</a></h2>

<p>To initialize S/Key for the first time, change your password, or change your seed
while logged in over a secure connection (e.g., on the console of a machine or via <b
class="APPLICATION">ssh</b>), use the <tt class="COMMAND">keyinit</tt> command without
any parameters while logged in as yourself:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">keyinit</kbd>
Adding unfurl:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: 
Again secret password: 

ID unfurl s/key is 99 to17757
DEFY CLUB PRO NASH LACE SOFT
</pre>

<p>For OPIE, <tt class="COMMAND">opiepasswd</tt> is used instead:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">opiepasswd -c</kbd>
[grimreaper] ~ $ opiepasswd -f -c
Adding unfurl:
Only use this method from the console; NEVER from remote. If you are using
telnet, xterm, or a dial-in, type ^C now or exit with no password.
Then run opiepasswd without the -c parameter.
Using MD5 to compute responses.
Enter new secret pass phrase:
Again new secret pass phrase:
ID unfurl OTP key is 499 to4268
MOS MALL GOAT ARM AVID COED
</pre>

<p>At the <samp class="PROMPT">Enter new secret pass phrase:</samp> or <samp
class="PROMPT">Enter secret password:</samp> prompts, you should enter a password or
phrase. Remember, this is not the password that you will use to login with, this is used
to generate your one-time login keys. The ``ID'' line gives the parameters of your
particular instance: your login name, the iteration count, and seed. When logging in the
system will remember these parameters and present them back to you so you do not have to
remember them. The last line gives the particular one-time password which corresponds to
those parameters and your secret password; if you were to re-login immediately, this
one-time password is the one you would use.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN19243" name="AEN19243">14.5.2 Insecure Connection
Initialization</a></h2>

<p>To initialize or change your secret password over an insecure connection, you will
need to already have a secure connection to some place where you can run <tt
class="COMMAND">key</tt> or <tt class="COMMAND">opiekey</tt>; this might be in the form
of a desk accessory on a <span class="TRADEMARK">Macintosh</span>&reg;, or a shell prompt
on a machine you trust. You will also need to make up an iteration count (100 is probably
a good value), and you may make up your own seed or use a randomly-generated one. Over on
the insecure connection (to the machine you are initializing), use the <tt
class="COMMAND">keyinit -s</tt> command:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">keyinit -s</kbd>
Updating unfurl:
Old key: to17758
Reminder you need the 6 English words from the key command.
Enter sequence count from 1 to 9999: <kbd class="USERINPUT">100</kbd>
Enter new key [default to17759]: 
s/key 100 to 17759
s/key access password:
s/key access password:<kbd class="USERINPUT">CURE MIKE BANE HIM RACY GORE</kbd>
</pre>

<p>For OPIE, you need to use <tt class="COMMAND">opiepasswd</tt>:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">opiepasswd</kbd>

Updating unfurl:
You need the response from an OTP generator.
Old secret pass phrase:
        otp-md5 498 to4268 ext
        Response: GAME GAG WELT OUT DOWN CHAT
New secret pass phrase:
        otp-md5 499 to4269
        Response: LINE PAP MILK NELL BUOY TROY

ID mark OTP key is 499 gr4269
LINE PAP MILK NELL BUOY TROY
</pre>

<p>To accept the default seed (which the <tt class="COMMAND">keyinit</tt> program
confusingly calls a <var class="LITERAL">key</var>), press <b class="KEYCAP">Return</b>.
Then before entering an access password, move over to your secure connection or S/Key
desk accessory, and give it the same parameters:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">key 100 to17759</kbd>
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: <kbd class="USERINPUT">&lt;secret password&gt;</kbd>
CURE MIKE BANE HIM RACY GORE
</pre>

<p>Or for OPIE:</p>

<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd class="USERINPUT">opiekey 498 to4268</kbd>
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
GAME GAG WELT OUT DOWN CHAT
</pre>

<p>Now switch back over to the insecure connection, and copy the one-time password
generated over to the relevant program.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN19273" name="AEN19273">14.5.3 Generating a Single One-time
Password</a></h2>

<p>Once you have initialized S/Key or OPIE, when you login you will be presented with a