xref: /freebsd/contrib/ntp/ntpd/ntp.keys.man.in (revision d34048812292b714a0bf99967270d18fe3097c62)
ntp.keys 5 "14 Aug 2018" "4.2.8p12" "File Formats"

EDIT THIS FILE WITH CAUTION (ntp.man)

It has been AutoGen-ed August 14, 2018 at 08:28:59 AM by AutoGen 5.18.5
From the definitions ntp.keys.def
and the template file agman-file.tpl
.Sh NAME .Nm ntp.keys .Nd NTP symmetric key file format
NAME
ntp.keys - NTP symmetric key file format configuration file . it 1 an-trap . if \\n[.$] \,\\$*\/ ..
SYNOPSIS
\f\*[B-Font] [\f\*[B-Font]--option-name\f[]] [\f\*[B-Font]--option-name\f[] \f\*[I-Font]value\f[]] All arguments must be options.
DESCRIPTION
This document describes the format of an NTP symmetric key file. For a description of the use of this type of file, see the "Authentication Support" section of the ntp.conf\f[](5)\f[] page. ntpd\f[](8)\f[] reads its keys from a file specified using the \f\*[B-Font]-k\f[] command line option or the \f\*[B-Font]keys\f[] statement in the configuration file. While key number 0 is fixed by the NTP standard (as 56 zero bits) and may not be changed, one or more keys numbered between 1 and 65535 may be arbitrarily set in the keys file. The key file uses the same comment conventions as the configuration file. Key entries use a fixed format of the form \f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[] where \f\*[I-Font]keyno\f[] is a positive integer (between 1 and 65535), \f\*[I-Font]type\f[] is the message digest algorithm, \f\*[I-Font]key\f[] is the key itself, and \f\*[I-Font]opt_IP_list\f[] is an optional comma-separated list of IPs where the \f\*[I-Font]keyno\f[] should be trusted. that are allowed to serve time. Each IP in \f\*[I-Font]opt_IP_list\f[] may contain an optional \f\*[B-Font]/subnetbits\f[] specification which identifies the number of bits for the desired subnet of trust. If \f\*[I-Font]opt_IP_list\f[] is empty, any properly-authenticated message will be accepted. The \f\*[I-Font]key\f[] may be given in a format controlled by the \f\*[I-Font]type\f[] field. The \f\*[I-Font]type\f[] \f[C]MD5\f[] is always supported. If \f[C]ntpd\f[] was built with the OpenSSL library then any digest library supported by that library may be specified. However, if compliance with FIPS 140-2 is required the \f\*[I-Font]type\f[] must be either \f[C]SHA\f[] or \f[C]SHA1\f[]. What follows are some key types, and corresponding formats:

7 .NOP \f[C]MD5\f[] The key is 1 to 16 printable characters terminated by an EOL, whitespace, or a \f[C]#\f[] (which is the "start of comment" character).

.ns

7 .NOP \f[C]SHA\f[]

.ns

7 .NOP \f[C]SHA1\f[]

.ns

7 .NOP \f[C]RMD160\f[] The key is a hex-encoded ASCII string of 40 characters, which is truncated as necessary.

Note that the keys used by the ntpq\f[](8)\f[] and ntpdc\f[](8)\f[] programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in ASCII format.

FILES

14 .NOP /etc/ntp.keys\f[] the default name of the configuration file

"SEE ALSO"
ntp.conf\f[](5)\f[], ntpd\f[](@NTPD_MS@)\f[], ntpdate\f[](@NTPDATE_MS@)\f[], ntpdc\f[](@NTPDC_MS@)\f[], sntp\f[](@SNTP_MS@)\f[]
"AUTHORS"
The University of Delaware and Network Time Foundation
"COPYRIGHT"
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>.
"BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
NOTES
This document was derived from FreeBSD. This manual page was AutoGen-erated from the ntp.keys option definitions.