Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Serv-U - Knowledgebase Articles > One-Time Password feature in Serv-U (OTP, MD4, MD5)

One-Time Password feature in Serv-U (OTP, MD4, MD5)

Table of contents

Updated April 20, 2017


This article provides information on the use of a one-time password feature in Serv-U.


All Serv-U versions


According to the rules of the FTP protocol, when users connect to an FTP server, their passwords are sent through a network in plain text. Anyone with a packet sniffer can intercept data.


SSH File Transfer Protocol (SFTP), Secure File Transfer Protocol (FTPS), and Secure Hypertext Transfer Protocol (HTTPS) listeners in Serv-U prevents password detection. 


The use of a One-Time Password (OTP) is another method that prevents password disclosure. Instead of using the same password at every log in event, the users are sent on the Web a one-way encrypted version of the password called a  hash.


A  hash is a complex combination of values that are never used twice. It is impossible to determine the original password based on a hash. It cannot be reused even if a third-party intercepts and manages to retrieve a password.


Serv-U supports S/KEY (MD4 and MD5), a one-time password system developed for authentication.

To enable S/KEY:

  1. Go to User Properties > User Information.
  2. Select OTP S/KEY MD4 or OTP S/KEY MD5.

Note: In Serv-U 6.x, S/KEY is enabled from the General tab of the User Properties window.


When storing passwords in an encrypted form, new passwords must be entered since FTP Serv-U needs to know the password when using S/KEY and the encrypted password stored in the User Setup cannot be decrypted.


To use S/KEY, FTP Client needs to support it (FTP Voyager has integrated support for S/KEY, or needs to allow interception of the user response and manual password entry at each log in event (the Command Line FTP Client allows this).


An S/KEY calculator is required. This program helps calculate a response to FTP Serv-U challenges. It is named WinKey. The S/KEY is calculator can be found in the Rhinosoft website.



Last modified