Google turned up Races and dictionary attacks if the skey file is readable. I imagine dictionary attacks via bsd auth would be the only possible known attack on a properly setup system.
I am intending to use it as a secondary line of defense but how secure would skey be as a primary defense. Are the hash algorithms perfectly adequate. Would sha1 or rmd160 be your choice. If a user had a shell via login or exploit and was able to raise priviledges to a different user via skey, and so could use all commands including su to use skey. Any idea how long it would likely take to brute force at the default settings. Would it be the same time as a standard login (not including the difference if any between local and remote script time) and so almost as secure, aside from environment polution. KeV
