1@node ntp.keys Notes 2@section Notes about ntp.keys 3@pindex ntp.keys 4@cindex NTP symmetric key file format 5@ignore 6# 7# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) 8# 9# It has been AutoGen-ed May 25, 2024 at 12:03:59 AM by AutoGen 5.18.16 10# From the definitions ntp.keys.def 11# and the template file agtexi-file.tpl 12@end ignore 13 14 15 16This document describes the format of an NTP symmetric key file. 17For a description of the use of this type of file, see the 18"Authentication Support" 19section of the 20@code{ntp.conf(5)} 21page. 22 23@code{ntpd(8)} 24reads its keys from a file specified using the 25@code{-k} 26command line option or the 27@code{keys} 28statement in the configuration file. 29While key number 0 is fixed by the NTP standard 30(as 56 zero bits) 31and may not be changed, 32one or more keys numbered between 1 and 65535 33may be arbitrarily set in the keys file. 34 35The key file uses the same comment conventions 36as the configuration file. 37Key entries use a fixed format of the form 38 39@example 40@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list} 41@end example 42 43where 44@kbd{keyno} 45is a positive integer (between 1 and 65535), 46@kbd{type} 47is the message digest algorithm, 48@kbd{key} 49is the key itself, and 50@kbd{opt_IP_list} 51is an optional comma-separated list of IPs 52where the 53@kbd{keyno} 54should be trusted. 55that are allowed to serve time. 56Each IP in 57@kbd{opt_IP_list} 58may contain an optional 59@code{/subnetbits} 60specification which identifies the number of bits for 61the desired subnet of trust. 62If 63@kbd{opt_IP_list} 64is empty, 65any properly-authenticated message will be 66accepted. 67 68The 69@kbd{key} 70may be given in a format 71controlled by the 72@kbd{type} 73field. 74The 75@kbd{type} 76@code{MD5} 77is always supported. 78If 79@code{ntpd} 80was built with the OpenSSL library 81then any digest library supported by that library may be specified. 82However, if compliance with FIPS 140-2 is required the 83@kbd{type} 84must be either 85@code{SHA} 86or 87@code{SHA1}. 88 89What follows are some key types, and corresponding formats: 90 91@table @asis 92@item @code{MD5} 93The key is 1 to 16 printable characters terminated by 94an EOL, 95whitespace, 96or 97a 98@code{#} 99(which is the "start of comment" character). 100 101@item @code{SHA} 102@item @code{SHA1} 103@item @code{RMD160} 104The key is a hex-encoded ASCII string of 40 characters, 105which is truncated as necessary. 106@end table 107 108Note that the keys used by the 109@code{ntpq(8)} 110and 111@code{ntpdc(8)} 112programs are checked against passwords 113requested by the programs and entered by hand, 114so it is generally appropriate to specify these keys in ASCII format. 115 116This section was generated by @strong{AutoGen}, 117using the @code{agtexi-cmd} template and the option descriptions for the @code{ntp.keys} program. 118This software is released under the NTP license, <http://ntp.org/license>. 119 120@menu 121* ntp.keys Files:: Files 122* ntp.keys See Also:: See Also 123* ntp.keys Notes:: Notes 124@end menu 125 126@node ntp.keys Files 127@subsection ntp.keys Files 128@table @asis 129@item @file{/etc/ntp.keys} 130the default name of the configuration file 131@end table 132@node ntp.keys See Also 133@subsection ntp.keys See Also 134@code{ntp.conf(5)}, 135@code{ntpd(1ntpdmdoc)}, 136@code{ntpdate(1ntpdatemdoc)}, 137@code{ntpdc(1ntpdcmdoc)}, 138@code{sntp(1sntpmdoc)} 139@node ntp.keys Notes 140@subsection ntp.keys Notes 141This document was derived from FreeBSD. 142