Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Serv-U - Knowledgebase Articles > One-Time Password feature in Serv-U (OTP, MD4, MD5)

One-Time Password feature in Serv-U (OTP, MD4, MD5)

Table of contents

Updated April 20, 2017


This article provides information on the use of a one-time password feature in Serv-U.


All Serv-U versions


According to the rules of the FTP protocol, when users connect to an FTP server, their passwords are sent through a network in plain text. Anyone with a packet sniffer can intercept data.


SSH File Transfer Protocol (SFTP), Secure File Transfer Protocol (FTPS), and Secure Hypertext Transfer Protocol (HTTPS) listeners in Serv-U prevents password detection. 


The use of a One-Time Password (OTP) is another method that prevents password disclosure. Instead of using the same password at every log in event, the users are sent on the Web a one-way encrypted version of the password called a  hash.


A  hash is a complex combination of values that are never used twice. It is impossible to determine the original password based on a hash. It cannot be reused even if a third-party intercepts and manages to retrieve a password.


Serv-U supports S/KEY (MD4 and MD5), a one-time password system developed for authentication.

To enable S/KEY:

  1. Go to User Properties > User Information.
  2. Select OTP S/KEY MD4 or OTP S/KEY MD5.

Note: In Serv-U 6.x, S/KEY is enabled from the General tab of the User Properties window.


When storing passwords in an encrypted form, new passwords must be entered since FTP Serv-U needs to know the password when using S/KEY and the encrypted password stored in the User Setup cannot be decrypted.


To use S/KEY, FTP Client needs to support it (FTP Voyager has integrated support for S/KEY, or needs to allow interception of the user response and manual password entry at each log in event (the Command Line FTP Client allows this).


An S/KEY calculator is required. This program helps calculate a response to FTP Serv-U challenges. It is named WinKey. The S/KEY is calculator can be found in the Rhinosoft website.



Last modified