Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ntp.keys(5) [xfree86 man page]

ntp.keys(5)							   File Formats 						       ntp.keys(5)

NAME

       ntp.keys - NTP symmetric key file format configuration file

SYNOPSIS

	[--option-name] [--option-name value]

       All arguments must be options.

DESCRIPTION

       This  document  describes the format of an NTP symmetric key file.  For a description of the use of this type of file, see the "Authentica-
       tion Support" section of the ntp.conf(5) page.

       ntpd(8) reads its keys from a file specified using the -k command line option or the keys statement in the configuration file.	While  key
       number  0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or more keys numbered between 1 and 65535 may be arbi-
       trarily set in the keys file.

       The key file uses the same comment conventions as the configuration file.  Key entries use a fixed format of the form

	   keyno type key opt_IP_list

       where keyno is a positive integer (between 1 and 65535), type is the message digest algorithm, key is the key itself, and opt_IP_list is an
       optional  comma-separated  list of IPs where the keyno should be trusted.  that are allowed to serve time.  Each IP in opt_IP_list may con-
       tain an optional /subnetbits specification which identifies the number of bits for the desired subnet of trust.	If opt_IP_list	is  empty,
       any properly-authenticated message will be accepted.

       The  key  may  be  given  in  a format controlled by the type field.  The type MD5 is always supported.	If ntpd was built with the OpenSSL
       library then any digest library supported by that library may be specified.  However, if compliance with FIPS 140-2 is  required  the  type
       must be either SHA or SHA1.

       What follows are some key types, and corresponding formats:

       MD5    The key is 1 to 16 printable characters terminated by an EOL, whitespace, or a # (which is the "start of comment" character).

       SHA
       SHA1
       RMD160 The key is a hex-encoded ASCII string of 40 characters, which is truncated as necessary.

       Note  that  the keys used by the ntpq(8) and ntpdc(8) programs are checked against passwords requested by the programs and entered by hand,
       so it is generally appropriate to specify these keys in ASCII format.

FILES

       /etc/ntp.keys the default name of the configuration file

SEE ALSO

       ntp.conf(5), ntpd(1), ntpdate(1), ntpdc(1), sntp(1)

AUTHORS

       The University of Delaware and Network Time Foundation

COPYRIGHT

       Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation all rights reserved.  This program  is  released	under  the
       terms of the NTP license, <http://ntp.org/license>.

BUGS

       Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

NOTES

       This document was derived from FreeBSD.

       This manual page was AutoGen-erated from the ntp.keys option definitions.

4.2.8p13							    20 Feb 2019 						       ntp.keys(5)

Check Out this Related Man Page

ntp.keys(4)						     Kernel Interfaces Manual						       ntp.keys(4)

NAME

       ntp.keys - Network Time Protocol (NTP) authentication key file

DESCRIPTION

       The  NTP  standard specifies an extension to allow verification of the authenticity of received NTP packets and to provide an indication of
       authenticity in outgoing packets.  This is implemented in xntpd using the MD5 algorithm to compute the message-digest.	The  specification
       allows  any  one  of possibly 4 billion keys, numbered with 32-bit key identifiers, to be used to authenticate an association.  The servers
       involved in an association must agree on the key and key identifier used to authenticate their data, though they must each  learn  the  key
       and key identifier independently.  In MD5, the keys are 64 bits (8 bytes).  The xntpd daemon reads its keys from a file specified using the
       -k command line option, or the keys statement in the configuration file.  While key number 0 is fixed by the NTP standard (as 56 zero bits)
       and may not be changed, one or more of the keys numbered 1 through 15 may be arbitrarily set in the keys file.

       One  of the keys may be chosen, by way of the configuration file requestkey statement, to authenticate run time configuration requests made
       using the xntpdc(8) program.  The latter program obtains the key from the terminal as a password, so it is generally appropriate to specify
       the key chosen to be used for this purpose in ASCII format.

       The NTP key file uses the same comment conventions as the configuration file.  Key entries use a fixed format of the form: keyno type key

       In  this format: Is a positive integer.	Is a single character that defines the format the key is given in.  This is always M, representing
       Message Digest (MD5) on Tru64 UNIX systems.  Is the key itself.	The MD5 algorithm key is a 1-to-8 character ASCII string.  Because of  the
       simple  tokenizing routine, you cannot use the following characters in an ASCII key: " " (space), "#" (number sign), "", "0, and " ".  Note
       that both the keys and the authentication scheme (MD5) must be identical between a set of peers sharing the same key number.

EXAMPLES

       The following sample key file shows two defined NTP keys: 2   M	 RIrop8KPPvQvYotM   # MD5 key as a random ASCII  string  14   M    sundial
       # MD5 key as an ASCII string

FILES

       Conventional name of the key file

RELATED INFORMATION

       Commands: ntpdate(8), ntpq(8), xntpd(8), xntpdc(8)

       Files: ntp.conf(4)

       Network Administration delim off

																       ntp.keys(4)
Man Page