1ntp.keys(5)                      File Formats                      ntp.keys(5)
2
3
4

NAME

6       ntp.keys - NTP symmetric key file format configuration file
7

SYNOPSIS

9        [--option-name] [--option-name value]
10
11       All arguments must be options.
12
13

DESCRIPTION

15       This document describes the format of an NTP symmetric key file.  For a
16       description of the use of this type of file,  see  the  "Authentication
17       Support" section of the ntp.conf(5) page.
18
19       ntpd(8)  reads its keys from a file specified using the -k command line
20       option or the keys statement in the configuration file.  While key num‐
21       ber  0  is  fixed  by the NTP standard (as 56 zero bits) and may not be
22       changed, one or more keys numbered between 1 and 65535 may be arbitrar‐
23       ily set in the keys file.
24
25       The  key  file  uses  the same comment conventions as the configuration
26       file.  Key entries use a fixed format of the form
27
28           keyno type key opt_IP_list
29
30       where keyno is a positive integer (between 1 and 65535),  type  is  the
31       message  digest algorithm, key is the key itself, and opt_IP_list is an
32       optional comma-separated list of IPs where the keyno should be trusted.
33       that  are allowed to serve time.  Each IP in opt_IP_list may contain an
34       optional /subnetbits specification which identifies the number of  bits
35       for  the  desired  subnet of trust.  If opt_IP_list is empty, any prop‐
36       erly-authenticated message will be accepted.
37
38       The key may be given in a format controlled by  the  type  field.   The
39       type  MD5  is  always  supported.   If  ntpd was built with the OpenSSL
40       library then any digest library supported by that library may be speci‐
41       fied.  However, if compliance with FIPS 140-2 is required the type must
42       be either SHA or SHA1.
43
44       What follows are some key types, and corresponding formats:
45
46
47       MD5    The key is 1 to 16 printable characters terminated  by  an  EOL,
48              whitespace, or a # (which is the "start of comment" character).
49
50       SHA
51       SHA1
52       RMD160 The key is a hex-encoded ASCII string of 40 characters, which is
53              truncated as necessary.
54
55       Note that the keys used  by  the  ntpq(8)  and  ntpdc(8)  programs  are
56       checked  against  passwords  requested  by  the programs and entered by
57       hand, so it is generally appropriate to specify  these  keys  in  ASCII
58       format.
59

FILES

61       /etc/ntp.keys the default name of the configuration file
62

SEE ALSO

64       ntp.conf(5), ntpd(8), ntpdate(8), ntpdc(8), sntp(8)
65

AUTHORS

67       The University of Delaware and Network Time Foundation
68
70       Copyright  (C)  1992-2017  The  University of Delaware and Network Time
71       Foundation all rights reserved.  This program  is  released  under  the
72       terms of the NTP license, <http://ntp.org/license>.
73

BUGS

75       Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
76

NOTES

78       This document was derived from FreeBSD.
79
80       This  manual  page  was AutoGen-erated from the ntp.keys option defini‐
81       tions.
82
83
84
854.2.8p13                          20 Feb 2019                      ntp.keys(5)
Impressum