1NTPKEYGEN(8)                        NTPsec                        NTPKEYGEN(8)
2
3
4

NAME

6       ntpkeygen - create and manage NTP host keys
7

SYNOPSIS

9       ntpkeygen [-V]
10

DESCRIPTION

12       This program generates a file containing keys that can be used in NTP’s
13       symmetric key cryptography.
14
15       The program produces a file containing ten pseudo-random printable
16       ASCII strings suitable for the MD5 message digest algorithm. It also
17       produces an additional ten hex-encoded random bit strings suitable for
18       the SHA-1 and other message digest algorithms.
19
20       The keys file must be distributed and stored using secure means beyond
21       the scope of NTP itself. The keys can also be used as passwords for the
22       ntpq <ntpq.html> utility program.
23

COMMAND LINE OPTIONS

25       -V, --version
26           Print the version string and exit.
27

RUNNING THE PROGRAM

29       The simplest way to run the ntpkeygen program is logged in directly as
30       root. The recommended procedure is to change to the keys directory,
31       usually /etc/ntp/, then run the program. Then chown the output file to
32       ntp:ntp. It should be mode 400.
33
34           Warning
35           ntpkeygen uses the system randomness source. On a POSIX system,
36           this is usually /dev/urandom. Immediately after a reboot, on any
37           OS, there may not be sufficient entropy available for this program
38           to perform well. Do not run this program from any startup scripts.
39           Only run this program on an active host with a lot of available
40           entropy.
41

KEY FILE ACCESS AND LOCATION

43       File names begin with the prefix ntpkey and end with the postfix
44       hostname.filestamp, where hostname is the owner name, usually the
45       string returned by the Unix gethostname() routine, and filestamp is the
46       NTP seconds when the file was generated, in decimal digits.
47
48       ntpkeygen also makes a soft link from ntp.keys to the generated file.
49       ntp.keys is the normal file used in ntp.conf.
50

RANDOM SEED FILE

52       All key generation schemes must have means to randomize the entropy
53       seed used to initialize the internal pseudo-random number generator
54       used by the library routines.
55
56       It is important to understand that entropy must be evolved for each
57       generation, for otherwise the random number sequence would be
58       predictable. Various means dependent on external events, such as
59       keystroke intervals can be used to do this and some systems have
60       built-in entropy sources.
61
62       This implementation uses Python’s random.SystemRandom class, which
63       relies on os.urandom(). The security of os.urandom() is improved in
64       Python 3.5+ <https://docs.python.org/library/os.html#os.urandom>.
65

CRYPTOGRAPHIC DATA FILES

67       Unlike NTP Classic, this implementation generates only AES keys, not
68       MD5 or SHA1.
69
70       Since the file contains private shared keys, it should be visible only
71       to root or ntp.
72
73       In order to use a shared key, the line to be used must also be setup on
74       the target server.
75
76       This file is also used to authenticate remote configuration commands
77       used by the ntpq(1) utility.
78
79       Comments may appear in the file and are preceded with the # character.
80
81       Following any headers the keys are entered one per line in the format:
82
83       ┌──────┬───────────────────────────┐
84       │      │                           │
85       │Field │ Meaning                   │
86       ├──────┼───────────────────────────┤
87       │      │                           │
88       │keyno │ Positive integer in the   │
89       │      │ range 1-65,535            │
90       ├──────┼───────────────────────────┤
91       │      │                           │
92       │type  │ Type of key (MD5, SHA-1,  │
93       │      │ AES-CMAC etc). This       │
94       │      │ program generates only    │
95       │      │ AES.                      │
96       ├──────┼───────────────────────────┤
97       │      │                           │
98       │key   │ the actual key, printable │
99       │      │ ASCII or hex              │
100       └──────┴───────────────────────────┘
101

EXIT STATUS

103       One of the following exit values will be returned:
104
105       0 (EXIT_SUCCESS)
106           Successful program execution.
107
108       1 (EXIT_FAILURE)
109           The operation failed or the command syntax was not valid.
110
111
112
113NTPsec                            2023-01-02                      NTPKEYGEN(8)
Impressum