S/Key with SSH

Recently, I was concerned about having to get access to my systems from an unprotected terminal. I wasnt about to load my private key on any terminal out there, and I already do not allow passwords in the standard database. The only way I figured I could protect the authentication to my machine from an untrusted terminal would be S/Key. Unfortunately, many current ssh client implementations do not natively support S/Key (although, OpenSSH does have some support hacked into it).

Note: trojaned clients that inject commands without the user suspecting goes beyond the scope of this document. I'm restricting the scope of this document to login authentication.

S/Key is a OTP (One Time Password) authentication system which uses the MD4 algorithm to convert a secret into a series of words which can be used to authenticate the user. The S/Key system never reuses the challenge since the S/Key undergoes a sequence of transformations to generate each successive challenge.

Note: There have been security issues regarding S/Key. Please read mudge's article regarding the subject.

My server is running NetBSD-current, and I'm security paranoid. I do not allow passwords on my system; only RSA keys are allowed as authentication to my server. In the event that a user is unable to connect using their identity which is listed in .ssh/authorized_keys, I give the user the option of using S/Key passwords. This is obviously only secure if their S/Key generator is secure.

After I run skeyinit for the user, login will check the /etc/skeyusers file to generate the proper S/Key challenge. A user can later run an S/Key generator to determine the correct challenge-response in order to successfully log in.

I've written a simple wrapper that allows the execution of /bin/login to require secure (kerberized/skey) passwords. This wrapper is intended to be used as the login shell of a specific user. The wrapper then calls /bin/login with the flags -s, which requires secure passwords, and -h which sets the hostname flag in the process' arguments. The wrapper will only exec login if there are no arguments being passed to it (thereby avoiding issues like scp, or ssh "command").

Here are the steps I took to combine the features of SSH with S/Key:

Here is an example of my configuration:

{shelly:~} grep skey /etc/passwd
skeyuser:*:521:521:S/Key User:/:/usr/local/bin/skeylogin
{shelly:~} ls -l /usr/local/bin/skeylogin
-rwsr-x---  1 root  skeyuser  6795 Jun  2 11:22 /usr/local/bin/skeylogin
{shelly:~} ls -l /usr/bin/login
-rwx------  1 root  wheel  19200 May 20 21:46 /usr/bin/login
{shelly:~} ssh skeyuser@shelly

Last login: Thu Jun  1 22:17:26 2000 from bmw.metachar.net

NetBSD 1.4Y (GW-GENERIC) #0: Sat May 20 19:25:47 EDT 2000

Welcome to NetBSD!

login: sirsyko
Password [s/key 99 foobar12345]:

Thanks to the following people for their feedback:

Written by Adam R. Prato on 6/2/2000