To initialize S/Key or change your password or seed over an insecure
connection, you will need to already have a secure connection to some
place where you can run the `key' program; this might be in the form
of a desk accessory on a Macintosh, or a shell prompt on a machine you
trust (we'll show the latter). You will also need to make up an
iteration count (100 is probably a good value), and you may make up
your own seed or use a randomly-generated one. Over on the insecure
connection (to the machine you are initializing), use the `keyinit -s'
command:
$ keyinit -s
Updating wollman:
Old key: kh94741
Reminder you need the 6 english words from the skey command.
Enter sequence count from 1 to 9999: 100 ) I typed this
Enter new key [default kh94742]:
s/key 100 kh94742
To accept the default seed (which the `keyinit' program confusingly calls a `key'), press return. Then move over to your secure connection or S/Key desk accessory, and give it the same parameters:
$ key 100 kh94742
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: ) I typed my secret password
HULL NAY YANG TREE TOUT VETO
Now switch back over to the insecure connection, and copy the one-time
password generated by `key' over to the `keyinit' program:
s/key access password: HULL NAY YANG TREE TOUT VETO
ID wollman s/key is 100 kh94742
HULL NAY YANG TREE TOUT VETO
The rest of the description from the previous section applies here as well.