NAME
ntp.keys —
NTP symmetric key file
format
NAME
ntp.keys —
NTP symmetric key file
format
SYNOPSIS
ntp.keys |
[--option-name]
[--option-name
value]
All arguments must be options. |
DESCRIPTION
This document describes the format of an NTP symmetric key file. For a
description of the use of this type of file, see the “Authentication
Support” section of the
ntp.conf(5) page.
ntpd(8) reads its keys from a file
specified using the
-k command line option or the
keys statement in the configuration file. While key number 0
is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or
more keys numbered between 1 and 65534 may be arbitrarily set in the keys
file.
The key file uses the same comment conventions as the configuration file. Key
entries use a fixed format of the form
keyno type key opt_IP_list
where
keyno is a positive integer (between 1 and 65534),
type is the message digest algorithm,
key is the key itself, and
opt_IP_list is an optional comma-separated list of IPs
where the
keyno should be trusted. that are allowed to
serve time. Each IP in
opt_IP_list may contain an
optional
/subnetbits specification which identifies the
number of bits for the desired subnet of trust. If
opt_IP_list is empty, any properly-authenticated message
will be accepted.
The
key may be given in a format controlled by the
type field. The
type
MD5
is always supported. If
ntpd
was built with the OpenSSL library then any
digest library supported by that library may be specified. However, if
compliance with FIPS 140-2 is required the
type must be
either
SHA
or
SHA1
.
What follows are some key types, and corresponding formats:
MD5
- The key is 1 to 16 printable characters terminated by an
EOL, whitespace, or a
#
(which is the "start
of comment" character).
SHA
-
SHA1
-
RMD160
- The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
Note that the keys used by the
ntpq(8) and
ntpdc(8) programs are checked
against passwords requested by the programs and entered by hand, so it is
generally appropriate to specify these keys in ASCII format.
OPTIONS
-
-
- --help
- Display usage information and exit.
-
-
- --more-help
- Pass the extended usage information through a pager.
-
-
- --version
[{v|c|n}]
- Output version of program and exit. The default mode is
`v', a simple version. The `c' mode will print copyright information and
`n' will print the full copyright notice.
OPTION PRESETS
Any option that is not marked as
not presettable may be preset by loading
values from environment variables named:
NTP_KEYS_<option-name> or
NTP_KEYS
ENVIRONMENT
See
OPTION PRESETS for configuration environment variables.
FILES
- /etc/ntp.keys
- the default name of the configuration file
EXIT STATUS
One of the following exit values will be returned:
-
-
- 0 (EXIT_SUCCESS)
- Successful program execution.
-
-
- 1 (EXIT_FAILURE)
- The operation failed or the command syntax was not
valid.
-
-
- 70 (EX_SOFTWARE)
- libopts had an internal operational error. Please report it
to autogen-users@lists.sourceforge.net. Thank you.
SEE ALSO
ntp.conf(5),
ntpd(1ntpdmdoc),
ntpdate(1ntpdatemdoc),
ntpdc(1ntpdcmdoc),
sntp(1sntpmdoc)
AUTHORS
The University of Delaware and Network Time Foundation
COPYRIGHT
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation
all rights reserved. This program is released under the terms of the NTP
license, <http://ntp.org/license>.
BUGS
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
NOTES
This document was derived from FreeBSD.
This manual page was
AutoGen-erated from the
ntp.keys option
definitions.