Nokia Network Voyager for IPSO 4.0 Reference Guide 291
To configure S/Key
1. Click Users under Configuration > Security and Access Configuration in the tree view.
2. Enable the Admin S/Key or Monitor S/Key by selecting either the Allowed or Required
radio buttons.
Disabled—S/Key passwords are turned off and cannot be used.
Allowed—the user can use either a standard text password or an S/Key one-time
password.
Required—only S/Key one-time passwords are allowed for connecting through Telnet or
FTP.
3. Click Apply.
The Current Standard password, S/Key Secret Password, and S/Key Secret Password
(verify) text boxes appear.
4. Enter the current standard password in the Current Standard password text box.
5. Choose a secret password for S/Key that is between four and eight alphanumeric characters
long, and enter it in the S/Key Secret Password text box.
6. Enter the S/Key secret password again in the S/Key Secret Password (verify) text box.
7. Click Apply.
The sequence number and the seed appear. The sequence number begins at 99 and goes
backward after every subsequent S/Key password is generated. The seed is associated with
the S/Key secret password.
8. Click Save to make your changes permanent.
Using S/Key
You must have an S/Key calculator on your platform to generate the S/Key one-time password
(OTP). Many UNIX-derived and UNIX-like systems include the S/Key calculator command
key. Many GUI calculators include support for MD4 (S/Key) algorithms and MD5 (OPIE)
algorithms. Be sure to configure such calculators to use MD4 algorithms.
Note
The OTP is typically a string, or strings, that contain a series of words, for example, NASH
TINE LISA HEY WORE DISC. You must enter all the words in the valid string at the
password prompt.
To use the S/Key
1. Log in to the firewall with a Telnet or FTP client.
2. At the prompt, enter either admin or monitor as a user name.
3. The server returns an S/Key challenge, which is comprised of the S/key sequence number
and seed, for example, 95 ma74213.