Several people have asked me for my extended version of the "keysh", which I call "skeysh". It is basically a port of keysh.c that was included with S/key 1.1c to use the S/key 2.2 libraries. I then extended its functionality to give correct username-dependent shell support, and also to provide for specification of the username on login. I changed the name to "skeysh" to make it distinct from keysh, due to the expanded functionality, and also so that it can be installed along with an unmodified keysh.

The ability to handle username on login allows you to setup a generic "skey" account that all skey users first login through (using a sniffable password). Each user must then be S/key-authenticated, at which point they are logged into their normal account (not a separate skey account), with their normal shell. In other words, it can be viewed as an alternative to installing an skey-aware logdaemon, which is a much more involved procedure.

Since there is no encryption technology included in the skeysh source (it only makes library calls to the S/key library), it can be downloaded from this page without violating U.S. encryption export laws. The source for skeysh can be found here as skeysh.c, and the manpage can be found here as skeysh.1.