Your best friend for file transfer.

Fetch application logoFetch
Fetch Icon Fetch Help > Concepts > S/Key

S/Key is a challenge-response one-time password system developed by Bellcore. Fetch automatically supports the S/Key system, so usually you do not have to do anything special if your server uses S/Key.

Servers running the S/Key software respond to the USER command with special challenge information that is used only once. The FTP client must respond with a password based on the user's secret password and the challenge information. Since the challenge information is never reused, the password that the client sends back changes with each session. That makes it impossible for a wiretapper to collect a password that could then be used to access the account.

When Fetch detects an S/Key challenge, it automatically computes the one-time password, based on the secret password entered by the user. This is more convenient than using a separate program to perform the calculation. However, because the process is automatic, it carries a subtle security risk. If the server for some reason does not issue the S/Key challenge, Fetch will send the secret password over the network instead of the response derived from the secret password. To be warned in this case, check the Warn before sending password insecurely box in the Security preferences pane.

If for some reason you need to compute the response yourself, enter "***CHALLENGE***" as your secret password. Fetch will show you the server's challenge and prompt you for a response.

While the S/Key standard says that challenge responses should be hashed with MD4, some locations use MD5 for hashes instead. If your site/server is one of those, check the Use MD5 for S/Key preference in the Obscure Preferences pane so that your responses to challenges will work properly.

Fetch also supports the One-Time Password (OTP) system, which supersedes S/Key. See the One-Time Password topic for more information.

S/Key is only supported in FTP connections (and possibly FTP with TLS/SSL connections), not in SFTP connections.

Related topics: