Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > One-Time Password feature in Serv-U (OTP, MD4, MD5)

One-Time Password feature in Serv-U (OTP, MD4, MD5)

Table of contents

Updated April 20, 2017

Overview

This article provides information on the use of a one-time password feature in Serv-U.

Environment

All Serv-U versions

Detail

According to the rules of the FTP protocol, when users connect to an FTP server, their passwords are sent through a network in plain text. Anyone with a packet sniffer can intercept data.

 

SSH File Transfer Protocol (SFTP), Secure File Transfer Protocol (FTPS), and Secure Hypertext Transfer Protocol (HTTPS) listeners in Serv-U prevents password detection. 

 

The use of a One-Time Password (OTP) is another method that prevents password disclosure. Instead of using the same password at every log in event, the users are sent on the Web a one-way encrypted version of the password called a  hash.

 

A  hash is a complex combination of values that are never used twice. It is impossible to determine the original password based on a hash. It cannot be reused even if a third-party intercepts and manages to retrieve a password.

 

Serv-U supports S/KEY (MD4 and MD5), a one-time password system developed for authentication.

To enable S/KEY:

  1. Go to User Properties > User Information.
  2. Select OTP S/KEY MD4 or OTP S/KEY MD5.

Note: In Serv-U 6.x, S/KEY is enabled from the General tab of the User Properties window.

 

When storing passwords in an encrypted form, new passwords must be entered since FTP Serv-U needs to know the password when using S/KEY and the encrypted password stored in the User Setup cannot be decrypted.

 

To use S/KEY, FTP Client needs to support it (FTP Voyager has integrated support for S/KEY www.ftpvoyager.com), or needs to allow interception of the user response and manual password entry at each log in event (the Command Line FTP Client allows this).

 

An S/KEY calculator is required. This program helps calculate a response to FTP Serv-U challenges. It is named WinKey. The S/KEY is calculator can be found in the Rhinosoft website.
 

 

 

Last modified
22:17, 19 Apr 2017

Tags

Classifications

Public