 | ||
 Running out of S/Keys? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-14 | |||
| |||
 Running out of S/Keys? Running out of S/Keys? When a user has less than 10 S/Key passwords left, FireWall-1 will prompt the user to create a new S/Key chain. The user will need to specify a different "seed" value (the default seed is the username), a new chain length to FireWall-1, and the last "password" in the chain. On a Unix machine, I would generate the new key chain as follows (assuming I want to use "seed" as my new seed value and 1000 as my chain length): ~ $ key 1000 seed Reminder - Do not use this program while logged in via telnet or rlogin. Enter secret password: [Secret Key] JOG WAKE SUN MEND ILL COWLAfter I've done this, I can input this information into my telnet/client auth session as follows: Check Point FireWall-1 authenticated Telnet server running on kenny User: phoneboy SKEY CHALLENGE: 9 phoneboy. Enter SKEY string: MUG EMMA PI PRY HOYT MANN User phoneboy authenticated by S/Key system You have only 8 one-time passwords left. A new S/Key chain should be created. If you have a new chain, you can enter it now by typing the chain length and the last password in the chain. Enter New Chain (y/n) ? y Enter S/Key chain length: 1000 Enter the last string of the new chain: JOG WAKE SUN MEND ILL COWL New S/Key chain accepted Connected to kyleNote: I entered the password I generated above when it asked me for the "last string". It is only used to initialize the S/Key chain. Future passwords will decrement from there. Also, FireWall-1 will always prompt you to use the "old" seed value and not the new one. You will need to remember to use the new seed value when using an S/Key generator or generating your own list. -- PhoneBoy - 30 Dec 2003 FAQForm FAQs.Class: OperatingSystem?: FAQs.Version:  |
| 2006-05-09 | |||
| |||
| Re: Running out of S/Keys? Hi All, I'm a new member in this Forum so hello to everyone. I'm also getting this kind of massage when i'm getting to the last 10 passwords.(s/key) Does anyone know if I can change a definitions in my FW or in the secure client so I won't get this massages and keep the authentication process smooth ? I'm working with a third part Gina and I my system can't deal with this massages for now on. I'll be very happy for a solution for this problem if anyone is still working with s/key or remember how it was like in "those early days". Regards, Asaf Rosenheck |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
