Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > One-Time Password feature in Serv-U (OTP, MD4, MD5)

One-Time Password feature in Serv-U (OTP, MD4, MD5)

Table of contents

Updated April 20, 2017


This article provides information on the use of a one-time password feature in Serv-U.


All Serv-U versions


According to the rules of the FTP protocol, when users connect to an FTP server, their passwords are sent through a network in plain text. Anyone with a packet sniffer can intercept data.


SSH File Transfer Protocol (SFTP), Secure File Transfer Protocol (FTPS), and Secure Hypertext Transfer Protocol (HTTPS) listeners in Serv-U prevents password detection. 


The use of a One-Time Password (OTP) is another method that prevents password disclosure. Instead of using the same password at every log in event, the users are sent on the Web a one-way encrypted version of the password called a  hash.


A  hash is a complex combination of values that are never used twice. It is impossible to determine the original password based on a hash. It cannot be reused even if a third-party intercepts and manages to retrieve a password.


Serv-U supports S/KEY (MD4 and MD5), a one-time password system developed for authentication.

To enable S/KEY:

  1. Go to User Properties > User Information.
  2. Select OTP S/KEY MD4 or OTP S/KEY MD5.

Note: In Serv-U 6.x, S/KEY is enabled from the General tab of the User Properties window.


When storing passwords in an encrypted form, new passwords must be entered since FTP Serv-U needs to know the password when using S/KEY and the encrypted password stored in the User Setup cannot be decrypted.


To use S/KEY, FTP Client needs to support it (FTP Voyager has integrated support for S/KEY, or needs to allow interception of the user response and manual password entry at each log in event (the Command Line FTP Client allows this).


An S/KEY calculator is required. This program helps calculate a response to FTP Serv-U challenges. It is named WinKey. The S/KEY is calculator can be found in the Rhinosoft website.



Last modified