> From: hobbit @
> To: firewalls @
This doesn't belong on firewalls, but rather on skey-users.
Please don't cc firewalls on replies.
> The various versions of s/key I've found around the net seem to boil
> down to two rather divergent sources, and now Mjr is putting in his
> own hacks. There are a mess of hacks I want to put in, too, and I'm
> getting really frustrated trying to figure out what the "right"
> starting source is, and whether the login and/or ftpd contained
> therein is worth a hoot.
It seems that there are right now three major splinter versions:
1) The original s/key from thumper, /pub/nmh; this is clearly
a fine version to start with, but has various problems,
2) Scott Chasin's various hacks from crimelab.com; much of these
seem OK, however Scott seems to be unable to stay on the net for
long periods of time, and I've heard nothing about the beta version
that was so hyped back a few months ago; certain versions have also
disappeared from anon ftp, ominously.
3) NRL (Ran Atkinson et al)'s modified version of s/key which also
supports MD5, is freely exportable, and is based on 1)
(so is essentially a newer version of 1)). This also contains
Marcus' hacks. Get this from thumper in /pub/nmh/nrl.
There's also a minor splinter, which I haven't looked at closely:
NetBSD supports skey out of the box, however all of the key programs
are renamed to skey (key to skey, keyinit to skeyinit, etc.).
NetBSD's login supports skey auth if you enter "s/key" in the password
field. Like so:
NetBSD/i386 (zorkmid.gue.org) (ttyp0)
[s/key 992 zork42220]
Out of these, I would recommend using the NRL version.
> And I still can't find the "automatic" DOS client.
It's on thumper in nmh/dos/termkey.exe;
> Am I just being dense, or is the whole thing really in a bit of a
> This *is* firewalls-relevant, because I see s/key as one of several
> interesting ways for authorized people to punch small holes in their
> own defenses from the outside so they can "call home" securely...
Perhaps, but its far more skey-relevant, and really discusses specific gripes
w/ skey rather than firewalls per se, and as such should be discussed on the