From owner-freebsd-questions  Mon Feb 11 21:21:36 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mailwhore.wox.org (h24-80-217-227.gv.shawcable.net [24.80.217.227])
	by hub.freebsd.org (Postfix) with ESMTP id 701CC37B402
	for <freebsd-questions@FreeBSD.ORG>; Mon, 11 Feb 2002 21:21:30 -0800 (PST)
Received: from phalynx (bodnar42@phalynx.dhs.org [192.168.0.1])
	by mailwhore.wox.org (8.11.6/8.11.6) with ESMTP id g1C4v6b06221
	for <freebsd-questions@FreeBSD.ORG>; Mon, 11 Feb 2002 20:57:06 -0800 (PST)
	(envelope-from bodnar42@phalynx.dhs.org)
Content-Type: text/plain;
  charset="us-ascii"
From: Ryan Cumming <bodnar42@phalynx.dhs.org>
To: freebsd-questions@FreeBSD.ORG
Subject: OPIE?
Date: Mon, 11 Feb 2002 20:56:19 -0800
X-Mailer: KMail [version 1.3.9]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200202112056.19168.bodnar42@phalynx.dhs.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I noticed that when I SSH'ed to my newly upgraded FreeBSD 4.5 server, it 
seemed pretty persistant on getting some "S/Key" gizmo. So, I found the 
relevant section of the handbook 
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/skey.html), and 
tried to get it working.

So, I ssh'ed in as a normal user, and ran opiepasswd:

"bash-2.04$ opiepasswd
Adding userfoo:
You need the response from an OTP generator.
New secret pass phrase:
        otp-md5 499 ma6395
        Response:" 

On the box I was ssh'ing in from:

"hostfoo:~$ opiekey 499 ma6395
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
MA BUN GEM BOSE JOCK CRAY"

Typing in that passphrase on the server yielded:
"Error updating key database."

Well, fuck. So, I tried running "opiepasswd foouser" as root:
"Adding foouser:
You need the response from an OTP generator.
New secret pass phrase:
        otp-md5 499 ma9612
        Response: BROW LYRA RAKE TOTE HANS APT

ID foouser OTP key is 499 ma9612
BROW LYRA RAKE TOTE HANS APT"

Yay, did it work? Well, lets try logging in:

"ssh fooserver -lfoouser
otp-md5 498 ma9612 ext
S/Key Password:"

So, using opiekey on the local machine:
"opiekey 499 ma9612
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
Enter secret pass phrase:
BROW LYRA RAKE TOTE HANS APT"

Typing that in to the prompt doesn't let me login, oddly enough. So, what do I 
do? This is a fresh FreeBSD 4.5 install, and both the server and the local 
machine are running OPIE 2.32.

-Ryan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message