Q : How to setup user account with S/KEY one time password protection
A : First of all you need at least RaidenFTPD v2.2 build61+ , because from that version the S/KEY one time password protection is finally supported . You also need a S/Key enabled FTP Client such as CuteFTP pro , FFTP
The S/Key MD4/MD5 password protection is used to transfer the user's password via internet safely , by the random sequence/seed numbers , the client's answer to the challenge string will be different everytime , so even the password is sniffed , it is useless , the sniffed password can not be used to login the RaidenFTPD system.
changing an OLD user account to use S/KEY otp
go to user/group editor , choose the user , and ENTER HIS PASSWORD again in password editbox , and then select the password protection from Clear Text to S/KEY MD5 , and then you are done , click update user button and leave this editor
now you also need to setup the FTP client , we use CuteFTP pro as example here , start the program , click on a site entry and open site properties , click on the Type tab , in the password protection groupbox , click on the MD5 (S/Key) , and then click ok .
now try to connect to RaidenFTPD by CuteFTP pro , you will see something like these
220 Please enter your login name now (celeron-800).
COMMAND:> USER peter
331 Response to otp-md5 192 mule611 required for skey.
COMMAND:> PASS CARE TEE WALL CLOG BURL DESK
230-Welcome to the XXXX FTP-SERVER
And now you are using S/Key password protection and no one else can sniff your password.
note : The S/Key OTP must be turned on BOTH SIDE (User's account on server , FTP client's setting) in order to make it to work , it will not work if you turn it on server side but didn't make any change on client side , and some ftp clients maybe able to use it automatically
note : RaidenFTPD supports S/Key MD4 / MD5 / SHA-1
note : It will NOT work if your FTP client doesn't support S/KEY otp , we will recommend CuteFTP Pro v1.0 , FlashFXP , Ftp Voyager
note : When you add a new user via site command , it is set to use normal password authentication method (NO S/KEY)
That's ALL
