1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
@node ntp.keys Notes
@section Notes about ntp.keys
@pindex ntp.keys
@cindex NTP symmetric key file format
@ignore
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
# It has been AutoGen-ed June 23, 2020 at 02:20:33 AM by AutoGen 5.18.5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore
This document describes the format of an NTP symmetric key file.
For a description of the use of this type of file, see the
"Authentication Support"
section of the
@code{ntp.conf(5)}
page.
@code{ntpd(8)}
reads its keys from a file specified using the
@code{-k}
command line option or the
@code{keys}
statement in the configuration file.
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
The key file uses the same comment conventions
as the configuration file.
Key entries use a fixed format of the form
@example
@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list}
@end example
where
@kbd{keyno}
is a positive integer (between 1 and 65535),
@kbd{type}
is the message digest algorithm,
@kbd{key}
is the key itself, and
@kbd{opt_IP_list}
is an optional comma-separated list of IPs
where the
@kbd{keyno}
should be trusted.
that are allowed to serve time.
Each IP in
@kbd{opt_IP_list}
may contain an optional
@code{/subnetbits}
specification which identifies the number of bits for
the desired subnet of trust.
If
@kbd{opt_IP_list}
is empty,
any properly-authenticated message will be
accepted.
The
@kbd{key}
may be given in a format
controlled by the
@kbd{type}
field.
The
@kbd{type}
@code{MD5}
is always supported.
If
@code{ntpd}
was built with the OpenSSL library
then any digest library supported by that library may be specified.
However, if compliance with FIPS 140-2 is required the
@kbd{type}
must be either
@code{SHA}
or
@code{SHA1}.
What follows are some key types, and corresponding formats:
@table @asis
@item @code{MD5}
The key is 1 to 16 printable characters terminated by
an EOL,
whitespace,
or
a
@code{#}
(which is the "start of comment" character).
@item @code{SHA}
@item @code{SHA1}
@item @code{RMD160}
The key is a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
@end table
Note that the keys used by the
@code{ntpq(8)}
and
@code{ntpdc(8)}
programs are checked against passwords
requested by the programs and entered by hand,
so it is generally appropriate to specify these keys in ASCII format.
This section was generated by @strong{AutoGen},
using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program.
This software is released under the NTP license, <http://ntp.org/license>.
@menu
* ntp.keys Files:: Files
* ntp.keys See Also:: See Also
* ntp.keys Notes:: Notes
@end menu
@node ntp.keys Files
@subsection ntp.keys Files
@table @asis
@item @file{/etc/ntp.keys}
the default name of the configuration file
@end table
@node ntp.keys See Also
@subsection ntp.keys See Also
@code{ntp.conf(5)},
@code{ntpd(1ntpdmdoc)},
@code{ntpdate(1ntpdatemdoc)},
@code{ntpdc(1ntpdcmdoc)},
@code{sntp(1sntpmdoc)}
@node ntp.keys Notes
@subsection ntp.keys Notes
This document was derived from FreeBSD.
|
