OpenBSD Multimedia Resources List
Links on this page refer to multimedia resources (podcast, vodcast,
audio recordings, video recordings, photos) related to OpenBSD or
of interest for OpenBSD users.
This list is available as chronological
overview, as a tag cloud and
via the sources.
This list is also available as RSS feed
If you know any resources not listed here, or notice any dead links,
please send details to
Edwin Groothuis so that
it can be included or updated.
Tag: one time passwords
One Time Passwords
Added: 14 June 2007
Tags: bsdtalk, security, one time passwords
Ogg version (6 minutes), MP3 version (4 Mb, 6 minutes)
- Important when you don't trust the computer you are using, such as a library computer or internet kiosk.
- Available by default in Free/Net/Open BSD.
- FreeBSD uses OPIE, Net/Open use S/Key.
- One time passwords are based on your pass phrase, a non-repeating sequence number, and a seed.
- Initial setup should be done directly on the server.
- "skeyinit" for Net/Open, "opiepasswd -c" for FreeBSD.
- Enter a pass phrase that is not your regular account password.
- Find your current sequence number and seed with "opieinfo" or "skeyinfo", for example: "497 pc5246".
- Generate a list of the next 10 passwords and write them down, using "opiekey -n 10 497 pc5246" or "skey -n 10 497 pc5246".
- When you log in from a remote machine that might have a keystroke logger, you can now use a one time password instead of your regular password.
- For OpenBSD, log in as account:skey, for example "bob:skey", which will cause the system to present the s/key challenge.
- For NetBSD, the system will always present you with the s/key challenge if it is configured for your account, although you can still use your regular password.
- FreeBSD by default will force you to use a one time password if it is configured for your account.
- If you want both OPIE and password authentication, FreeBSD allows you to list trusted networks or hosts in /etc/opieaccess.
- Instead of carrying a list of passwords around, you can use s/key generators on a portable device that you trust, such as a palm pilot.
- For more info, check the man pages.