By default, FreeBSD includes suppor for OPIE (One-time Passwords In Everything), which uses the MD5 hash by default.
There are three different sorts of passwords which we will discuss
below. The first is your usual UNIX(R) style or
Kerberos password; we will call this a "UNIX(R) password".
The second sort is the one-time password which is generated by the OPIE
opiekey(1) program and accepted by the
opiepasswd(1) program
and the login prompt; we will
call this a "one-time password". The final sort of
password is the secret password which you give to the
opiekey
program (and
sometimes the
opiepasswd
programs)
which it uses to generate
one-time passwords; we will call it a "secret password"
or just unqualified "password".
The secret password does not have anything to do with your UNIX(R) password; they can be the same but this is not recommended. OPIE secret passwords are not limited to 8 characters like old UNIX(R) passwords[8], they can be as long as you like. Passwords of six or seven word long phrases are fairly common. For the most part, the OPIE system operates completely independently of the UNIX(R) password system.
Besides the password, there are two other pieces of data that are important to OPIE. One is what is known as the "seed" or "key", consisting of two letters and five digits. The other is what is called the "iteration count", a number between 1 and 100. OPIE creates the one-time password by concatenating the seed and the secret password, then applying the MD5 hash as many times as specified by the iteration count and turning the result into six short English words. These six English words are your one-time password. The authentication system (primarily PAM) keeps track of the last one-time password used, and the user is authenticated if the hash of the user-provided password is equal to the previous password. Because a one-way hash is used it is impossible to generate future one-time passwords if a successfully used password is captured; the iteration count is decremented after each successful login to keep the user and the login program in sync. When the iteration count gets down to 1, OPIE must be reinitialized.
There are a few programs involved in each system
which we will discuss below. The
opiekey
program accepts an iteration
count, a seed, and a secret password, and generates a one-time
password or a consecutive list of one-time passwords. The
opiepasswd
program is used to initialize OPIE,
and to change passwords, iteration counts, or seeds; it
takes either a secret passphrase, or an iteration count,
seed, and a one-time password. The
opieinfo
program will examine the
relevant credentials files
(/etc/opiekeys
) and print out the invoking user's
current iteration count and seed.
There are four different sorts of operations we will cover. The
first is using
opiepasswd
over a secure connection to set up
one-time-passwords for the first time, or to change your password
or seed. The second operation is using
opiepasswd
over an insecure connection, in
conjunction with opiekey
over a secure connection, to do the same. The third is using
opiekey
to log in over
an insecure connection. The fourth is using
opiekey
to generate a number of keys which
can be written down or printed out to carry with you when going to
some location without secure connections to anywhere.
To initialize OPIE for the first time, execute the
opiepasswd
command:
%
opiepasswd -c
[grimreaper] ~ $ opiepasswd -f -c Adding unfurl: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter new secret pass phrase: Again new secret pass phrase: ID unfurl OTP key is 499 to4268 MOS MALL GOAT ARM AVID COED
At the Enter new secret pass phrase:
or
Enter secret password:
prompts, you
should enter a password or phrase. Remember, this is not the
password that you will use to login with, this is used to generate
your one-time login keys. The "ID" line gives the
parameters of your particular instance: your login name, the
iteration count, and seed. When logging in the system
will remember these parameters and present them back to you so you
do not have to remember them. The last line gives the particular
one-time password which corresponds to those parameters and your
secret password; if you were to re-login immediately, this
one-time password is the one you would use.
To initialize or change your secret password over an
insecure connection, you will need to already have a secure
connection to some place where you can run
opiekey
; this might be in the form of a shell
prompt on a machine you
trust. You will also need to make up an iteration count (100 is
probably a good value), and you may make up your own seed or use a
randomly-generated one. Over on the insecure connection (to the
machine you are initializing), use opiepasswd
:
%
opiepasswd
Updating unfurl: You need the response from an OTP generator. Old secret pass phrase: otp-md5 498 to4268 ext Response: GAME GAG WELT OUT DOWN CHAT New secret pass phrase: otp-md5 499 to4269 Response: LINE PAP MILK NELL BUOY TROY ID mark OTP key is 499 gr4269 LINE PAP MILK NELL BUOY TROY
To accept the default seed press Return. Then before entering an access password, move over to your secure connection and give it the same parameters:
%
opiekey 498 to4268
Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: GAME GAG WELT OUT DOWN CHAT
Now switch back over to the insecure connection, and copy the one-time password generated over to the relevant program.
Once you have initialized OPIE and login, you will be presented with a prompt like this:
%
telnet example.com
Trying 10.0.0.1... Connected to example.com Escape character is '^]'. FreeBSD/i386 (example.com) (ttypa) login:<username>
otp-md5 498 gr4269 ext Password:
As a side note, the OPIE prompts have a useful feature (not shown here): if you press Return at the password prompt, the prompter will turn echo on, so you can see what you are typing. This can be extremely useful if you are attempting to type in a password by hand, such as from a printout.
At this point you need to generate your one-time password to
answer this login prompt. This must be done on a trusted system
that you can run
opiekey
on. (There are versions of these for DOS,
Windows(R) and Mac OS(R) as well.) They need the iteration count and
the seed as command line options. You can cut-and-paste these
right from the login prompt on the machine that you are logging
in to.
On the trusted system:
%
opiekey 498 to4268
Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: GAME GAG WELT OUT DOWN CHAT
Now that you have your one-time password you can continue logging in.
Sometimes you have to go places where you do not have
access to a trusted machine or secure connection. In this case,
it is possible to use the
opiekey
command to
generate a number of one-time passwords beforehand to be printed
out and taken with you. For example:
%
opiekey -n 5 30 zz99999
Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase:<secret password>
26: JOAN BORE FOSS DES NAY QUIT 27: LATE BIAS SLAY FOLK MUCH TRIG 28: SALT TIN ANTI LOON NEAL USE 29: RIO ODIN GO BYE FURY TIC 30: GREW JIVE SAN GIRD BOIL PHI
The -n 5
requests five keys in sequence, the
30
specifies what the last iteration number
should be. Note that these are printed out in
reverse order of eventual use. If you are
really paranoid, you might want to write the results down by hand;
otherwise you can cut-and-paste into lpr
. Note
that each line shows both the iteration count and the one-time
password; you may still find it handy to scratch off passwords as
you use them.
OPIE can restrict the use of UNIX(R) passwords based on the IP
address of a login session. The relevant file
is /etc/opieaccess
, which is present by default.
Please check opieaccess(5)
for more information on this file and which security considerations
you should be aware of when using it.
Here is a sample opieaccess
file:
permit 192.168.0.0 255.255.0.0
This line allows users whose IP source address (which is vulnerable to spoofing) matches the specified value and mask, to use UNIX(R) passwords at any time.
If no rules in opieaccess
are matched,
the default is to deny non-OPIE logins.
All FreeBSD documents are available for download at https://download.freebsd.org/ftp/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.