- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
+* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
---
(4.2.8p11) 2018/02/27 Released by Harlan Stenn <stenn@ntp.org>
--
-NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
+NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/08/07)
NOTE: this NEWS file will be undergoing more revisions.
Severity: MEDIUM
+This release fixes a "hole" in the noepeer capability introduced to ntpd
+in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
+ntpq and ntpdc. It also provides 25 other bugfixes, and 3 other improvements:
+
+* [Sec 3505]
+
+* [Sec 3012]
+
+* Bug Fixes:
+ [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
+ - rework of ntpq 'nextvar()' key/value parsing
+ [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
+ - applied patch by Gerry Garvey (with mods)
+ [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
+ - applied patch by Gerry Garvey (with mods)
+ [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
+ - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
+ [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
+ - add #define ENABLE_CMAC support in configure. HStenn.
+ [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
+ [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
+ - patch by Stephen Friedl
+ [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
+ - fixed IO redirection and CTRL-C handling in ntq and ntpdc
+ [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
+ [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
+ - initial patch by Hal Murray; also fixed refclock_report() trouble
+ [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
+ [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
+ - According to Brooks Davis, there was only one location <perlinger@ntp.org>
+ [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
+ - applied patch by Gerry Garvey
+ [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
+ with modifications
+ New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
+ [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
+ - applied patch by Miroslav Lichvar
+ [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
+ [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
+ - integrated patch by Reinhard Max
+ [Bug 2821] minor build issues <perlinger@ntp.org>
+ - applied patches by Christos Zoulas, including real bug fixes
+ html/authopt.html: cleanup, from <stenn@ntp.org>
+ ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
+ Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
+
+--
+NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
+
+Focus: Security, Bug fixes, enhancements.
+
+Severity: MEDIUM
+
This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
provides 65 other non-security fixes and improvements:
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Our resident cryptographer; now you see him, now you don't.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->25-May-2018 00:53<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<dd>Specifies the key ID for the <a
href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the
standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
- key</a>, where the value can be in the range 1 to 65534,
+ key</a>, where the value can be in the range 1 to 65535,
inclusive.</dd>
<dt id="crypto"><tt>crypto [digest <i>digest</i>] [host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
<dd>This command activates the Autokey public key cryptography
<dd>Specifies the key ID for the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which
uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
for a <a href="#trustedkey">trusted key</a>, in the range 1 to
- 65534, inclusive.</dd>
+ 65535, inclusive.</dd>
<dt id="revoke"><tt>revoke [<i>logsec</i>]</tt></dt>
<dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds, with default 17 (36 hr). See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt id="trustedkey"><tt>trustedkey [<i>keyid</i> | (<i>lowid</i> ... <i>highid</i>)] [...]</tt></dt>
Walt Kelly</a>
<p>The chicken is getting configuration advice.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->10-Mar-2014 05:01<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<dt><tt>ident</tt> <em><tt>group</tt></em></dt>
<dd>Specify the group name for the association. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
<dt><tt>key</tt> <i><tt>key</tt></i></dt>
- <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
+ <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
</i></tt><tt>maxpoll <i>maxpoll</i></tt></dt>
<dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd>
<dt><tt>mode <i>option</i></tt></dt>
<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
<p>Alice holds the key.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->11-Jan-2018 11:55<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
</pre></td></tr></table>
<p>Figure 1 shows a typical symmetric keys file used by the reference
implementation. Each line of the file contains three or four fields,
- first an integer between 1 and 65534, inclusive, representing the key
+ first an integer between 1 and 65535, inclusive, representing the key
identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
commands. Second is the key type for the message digest algorithm,
which in the absence of the OpenSSL library must be <tt>MD5</tt> to
revoke 10
keysdir "/etc/ntp/keys"
keys "/etc/ntp.keys"
-trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65534)
+trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65535)
controlkey 12
requestkey 12
enable auth ntp monitor stats
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
-# It has been AutoGen-ed February 27, 2018 at 05:14:34 PM by AutoGen 5.18.5
+# It has been AutoGen-ed July 24, 2018 at 07:23:47 AM by AutoGen 5.18.5
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
@kbd{key}
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
@item @code{minpoll} @kbd{minpoll}
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
-# It has been AutoGen-ed February 27, 2018 at 05:14:37 PM by AutoGen 5.18.5
+# It has been AutoGen-ed July 24, 2018 at 07:23:49 AM by AutoGen 5.18.5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
The key file uses the same comment conventions
where
@kbd{keyno}
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
@kbd{type}
is the message digest algorithm,
@kbd{key}
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp.conf 5man "27 Feb 2018" "4.2.8p11" "File Formats"
+.TH ntp.conf 5man "24 Jul 2018" "4.2.8p11" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:50 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
\f\*[I-Font]key\f[]
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.TP 7
-.Dd February 27 2018
+.Dd July 24 2018
.Dt NTP_CONF 5mdoc File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:43 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
.Ar key
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.It Cm minpoll Ar minpoll
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
.Ar key
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.It Cm minpoll Ar minpoll
<br><dt><code>key</code> <kbd>key</kbd><dd>All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
<kbd>key</kbd>
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
<br><dt><code>minpoll</code> <kbd>minpoll</kbd><br><dt><code>maxpoll</code> <kbd>maxpoll</kbd><dd>These options specify the minimum and maximum poll intervals
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp.conf 5 "27 Feb 2018" "4.2.8p11" "File Formats"
+.TH ntp.conf 5 "24 Jul 2018" "4.2.8p11" "File Formats"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:50 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
\f\*[I-Font]key\f[]
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.TP 7
-.Dd February 27 2018
+.Dd July 24 2018
.Dt NTP_CONF 5 File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:43 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
All packets sent to and received from the server or peer are to
include authentication fields encrypted using the specified
.Ar key
-identifier with values from 1 to 65534, inclusive.
+identifier with values from 1 to 65535, inclusive.
The
default is to include no encryption field.
.It Cm minpoll Ar minpoll
-.TH ntp.keys 5man "27 Feb 2018" "4.2.8p11" "File Formats"
+.TH ntp.keys 5man "24 Jul 2018" "4.2.8p11" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:51 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.sp \n(Ppu
.ne 2
where
\f\*[I-Font]keyno\f[]
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
\f\*[I-Font]type\f[]
is the message digest algorithm,
\f\*[I-Font]key\f[]
-.Dd February 27 2018
+.Dd July 24 2018
.Dt NTP_KEYS 5mdoc File Formats
-.Os SunOS 5.10
+.Os Linux 3.2.0-4-686-pae
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:46 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
.Pp
where
.Ar keyno
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
.Ar type
is the message digest algorithm,
.Ar key
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
.Pp
where
.Ar keyno
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
.Ar type
is the message digest algorithm,
.Ar key
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
<p>The key file uses the same comment conventions
</pre>
<p>where
<kbd>keyno</kbd>
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
<kbd>type</kbd>
is the message digest algorithm,
<kbd>key</kbd>
-.TH ntp.keys 5 "27 Feb 2018" "4.2.8p11" "File Formats"
+.TH ntp.keys 5 "24 Jul 2018" "4.2.8p11" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:51 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.sp \n(Ppu
.ne 2
where
\f\*[I-Font]keyno\f[]
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
\f\*[I-Font]type\f[]
is the message digest algorithm,
\f\*[I-Font]key\f[]
-.Dd February 27 2018
+.Dd July 24 2018
.Dt NTP_KEYS 5 File Formats
-.Os SunOS 5.10
+.Os Linux 3.2.0-4-686-pae
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:46 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
While key number 0 is fixed by the NTP standard
(as 56 zero bits)
and may not be changed,
-one or more keys numbered between 1 and 65534
+one or more keys numbered between 1 and 65535
may be arbitrarily set in the keys file.
.Pp
The key file uses the same comment conventions
.Pp
where
.Ar keyno
-is a positive integer (between 1 and 65534),
+is a positive integer (between 1 and 65535),
.Ar type
is the message digest algorithm,
.Ar key
<title>ntpq: Network Time Protocol Query User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="ntpq: Network Time Protocol Query User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family: serif; font-weight: normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#ntpq-Description">ntpq Description</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-Description">ntpq Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
<h2 class="unnumbered">ntpq: Network Time Protocol Query User Manual</h2>
</ul>
<div class="node">
+<a name="ntpq-Description"></a>
<p><hr>
-
<a name="ntpq-Description"></a>Next: <a rel="next" accesskey="n" href="#Usage">Usage</a>,
+Next: <a rel="next" accesskey="n" href="#Usage">Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<p>For examples and usage, see the <a href="debug.html">NTP Debugging Techniques</a> page.
<div class="node">
-<p><hr>
<a name="ntpq-Invocation"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Invoking ntpq</h3>
<code>-6</code>
qualifier forces resolution to the IPv6 namespace.
For examples and usage, see the
-NTP Debugging Techniques
+“NTP Debugging Techniques”
page.
<p>Specifying a
These are described following.
<dl>
<dt><code>?</code> <code>[</code><kbd>command</kbd><code>]</code><br><dt><code>help</code> <code>[</code><kbd>command</kbd><code>]</code><dd>A
-?
+‘?’
by itself will print a list of all the commands
known to
<code>ntpq</code>
A
-?
+‘?’
followed by a command name will print function and usage
information about the command.
<br><dt><code>addvars</code> <kbd>name</kbd><code>[=</code><kbd>value</kbd><code>]</code><code>[,...]</code><br><dt><code>rmvars</code> <kbd>name</kbd><code>[,...]</code><br><dt><code>clearvars</code><br><dt><code>showvars</code><dd>The arguments to this command consist of a list of
<code>ntpq</code>
could not decode completely are
marked with a trailing
-?.
+‘?’.
<br><dt><code>debug</code> <code>[more|less|off]</code><dd>With no argument, displays the current debug level.
Otherwise, the debugging level is changed as indicated.
<br><dt><code>delay</code> <code>[</code><kbd>milliseconds</kbd><code>]</code><dd>Specify a time interval to be added to timestamps included in
<dl>
<dt><code>apeers</code><dd>Display a list of peers in the form:
<pre class="example"> [tally]remote refid assid st t when pool reach delay offset jitter
- </pre>
+</pre>
<p>where the output is just like the
<code>peers</code>
command except that the
is displayed in hex format and the association number is also displayed.
<br><dt><code>associations</code><dd>Display a list of mobilized associations in the form:
<pre class="example"> ind assid status conf reach auth condition last_event cnt
- </pre>
+</pre>
<dl>
<dt>Sy Variable Ta Sy Description<br><dt><code>ind</code> <code>Ta</code> <code>index</code> <code>on</code> <code>this</code> <code>list</code><br><dt><code>assid</code> <code>Ta</code> <code>association</code> <code>id</code><br><dt><code>status</code> <code>Ta</code> <code>peer</code> <code>status</code> <code>word</code><br><dt><code>conf</code> <code>Ta</code> <code>yes</code>: <code>No</code> <code>persistent,</code> <code>no</code>: <code>No</code> <code>ephemeral</code><br><dt><code>reach</code> <code>Ta</code> <code>yes</code>: <code>No</code> <code>reachable,</code> <code>no</code>: <code>No</code> <code>unreachable</code><br><dt><code>auth</code> <code>Ta</code> <code>ok</code>, <code>yes</code>, <code>bad</code> <code>No</code> <code>and</code> <code>none</code><br><dt><code>condition</code> <code>Ta</code> <code>selection</code> <code>status</code> <code>(see</code> <code>the</code> <code>select</code> <code>No</code> <code>field</code> <code>of</code> <code>the</code> <code>peer</code> <code>status</code> <code>word)</code><br><dt><code>last_event</code> <code>Ta</code> <code>event</code> <code>report</code> <code>(see</code> <code>the</code> <code>event</code> <code>No</code> <code>field</code> <code>of</code> <code>the</code> <code>peer</code> <code>status</code> <code>word)</code><br><dt><code>cnt</code> <code>Ta</code> <code>event</code> <code>count</code> <code>(see</code> <code>the</code> <code>count</code> <code>No</code> <code>field</code> <code>of</code> <code>the</code> <code>peer</code> <code>status</code> <code>word)</code><dd></dl>
<br><dt><code>authinfo</code><dd>Display the authentication statistics counters:
<code>count</code>,
<code>lstint</code>,
or any of those preceded by
--
+‘-’
to reverse the sort order.
The output columns are:
<dl>
except that it uses previously stored data rather than making a new query.
<br><dt><code>peers</code><dd>Display a list of peers in the form:
<pre class="example"> [tally]remote refid st t when pool reach delay offset jitter
- </pre>
+</pre>
<dl>
<dt>Variable<dd>Description
<br><dt><code>[tally]</code><dd>single-character code indicating current value of the
multicast server
<br><dt><code>when</code><dd>time in seconds, minutes, hours, or days since the last packet
was received, or
--
+‘-’
if a packet has never been received
<br><dt><code>poll</code><dd>poll interval (s)
<br><dt><code>reach</code><dd>reach shift register (octal)
<code>date(1)</code>
format specifiers to substitute the current date and time, for
example,
- <pre class="example"> <code>saveconfig</code> <span class="file">ntp-%Y%m%d-%H%M%S.conf</span>.
- </pre>
+ <pre class="example"> <code>saveconfig</code> <samp><span class="file">ntp-%Y%m%d-%H%M%S.conf</span></samp>.
+</pre>
<p>The filename used is stored in system variable
<code>savedconfig</code>.
Authentication is required.
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntpq-usage">ntpq usage</a>: ntpq help/usage (<span class="option">--help</span>)
+<li><a accesskey="1" href="#ntpq-usage">ntpq usage</a>: ntpq help/usage (<samp><span class="option">--help</span></samp>)
<li><a accesskey="2" href="#ntpq-ipv4">ntpq ipv4</a>: ipv4 option (-4)
<li><a accesskey="3" href="#ntpq-ipv6">ntpq ipv6</a>: ipv6 option (-6)
<li><a accesskey="4" href="#ntpq-command">ntpq command</a>: command option (-c)
</ul>
<div class="node">
+<a name="ntpq-usage"></a>
<p><hr>
-
<a name="ntpq-usage"></a>Next: <a rel="next" accesskey="n" href="#ntpq-ipv4">ntpq ipv4</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-ipv4">ntpq ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
-<h4 class="subsection">ntpq help/usage (<span class="option">--help</span>)</h4>
+<h4 class="subsection">ntpq help/usage (<samp><span class="option">--help</span></samp>)</h4>
<p><a name="index-ntpq-help-3"></a>
This is the automatically generated usage text for ntpq.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <span class="file">more</span>. Both will exit
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
with a status code of 0.
-<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p10
+<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p11
Usage: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 name resolution
Please send bug reports to: <http://bugs.ntp.org, bugs@ntp.org>
</pre>
<div class="node">
+<a name="ntpq-ipv4"></a>
<p><hr>
-
<a name="ntpq-ipv4"></a>Next: <a rel="next" accesskey="n" href="#ntpq-ipv6">ntpq ipv6</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-ipv6">ntpq ipv6</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-usage">ntpq usage</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ipv4 option (-4)</h4>
<p>Force resolution of following host names on the command line
to the IPv4 namespace.
<div class="node">
+<a name="ntpq-ipv6"></a>
<p><hr>
-
<a name="ntpq-ipv6"></a>Next: <a rel="next" accesskey="n" href="#ntpq-command">ntpq command</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-command">ntpq command</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-ipv4">ntpq ipv4</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ipv6 option (-6)</h4>
<p>Force resolution of following host names on the command line
to the IPv6 namespace.
<div class="node">
+<a name="ntpq-command"></a>
<p><hr>
-
<a name="ntpq-command"></a>Next: <a rel="next" accesskey="n" href="#ntpq-interactive">ntpq interactive</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-interactive">ntpq interactive</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-ipv6">ntpq ipv6</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">command option (-c)</h4>
<p><a name="index-ntpq_002dcommand-6"></a>
This is the “run a command and exit” option.
-This option takes a string argument <span class="file">cmd</span>.
+This option takes a string argument <samp><span class="file">cmd</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
and is added to the list of commands to be executed on the specified
host(s).
<div class="node">
+<a name="ntpq-interactive"></a>
<p><hr>
-
<a name="ntpq-interactive"></a>Next: <a rel="next" accesskey="n" href="#ntpq-numeric">ntpq numeric</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-numeric">ntpq numeric</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-command">ntpq command</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">interactive option (-i)</h4>
Prompts will be written to the standard output and
commands read from the standard input.
<div class="node">
+<a name="ntpq-numeric"></a>
<p><hr>
-
<a name="ntpq-numeric"></a>Next: <a rel="next" accesskey="n" href="#ntpq-old_002drv">ntpq old-rv</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-old_002drv">ntpq old-rv</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-interactive">ntpq interactive</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">numeric option (-n)</h4>
Output all host addresses in dotted-quad numeric format rather than
converting to the canonical host names.
<div class="node">
+<a name="ntpq-old-rv"></a>
+<a name="ntpq-old_002drv"></a>
<p><hr>
-
<a name="ntpq-old_002drv"></a>Next: <a rel="next" accesskey="n" href="#ntpq-peers">ntpq peers</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-peers">ntpq peers</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-numeric">ntpq numeric</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">old-rv option</h4>
preset this option in a script will enable both older and
newer <code>ntpq</code> to behave identically in this regard.
<div class="node">
+<a name="ntpq-peers"></a>
<p><hr>
-
<a name="ntpq-peers"></a>Next: <a rel="next" accesskey="n" href="#ntpq-refid">ntpq refid</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-refid">ntpq refid</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-old_002drv">ntpq old-rv</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">peers option (-p)</h4>
<p>Print a list of the peers known to the server as well as a summary
of their state. This is equivalent to the 'peers' interactive command.
<div class="node">
+<a name="ntpq-refid"></a>
<p><hr>
-
<a name="ntpq-refid"></a>Next: <a rel="next" accesskey="n" href="#ntpq-wide">ntpq wide</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-wide">ntpq wide</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-peers">ntpq peers</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">refid option (-r)</h4>
The argument sets an enumeration value that can be tested by comparing the option value macro (OPT_VALUE_REFID).
The available keywords are:
<pre class="example"> hash ipv4
- </pre>
+</pre>
<p>or their numeric equivalent.</ul>
<p>Set the default display format for S2+ refids.
<div class="node">
+<a name="ntpq-wide"></a>
<p><hr>
-
<a name="ntpq-wide"></a>Next: <a rel="next" accesskey="n" href="#ntpq-config">ntpq config</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-config">ntpq config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-refid">ntpq refid</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">wide option (-w)</h4>
and continue the data display properly indented on the next line.
<div class="node">
+<a name="ntpq-config"></a>
<p><hr>
-
<a name="ntpq-config"></a>Next: <a rel="next" accesskey="n" href="#ntpq-exit-status">ntpq exit status</a>,
+Next: <a rel="next" accesskey="n" href="#ntpq-exit-status">ntpq exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-wide">ntpq wide</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">presetting/configuring ntpq</h4>
<li>$PWD
</ul>
The environment variables <code>HOME</code>, and <code>PWD</code>
-are expanded and replaced when <span class="file">ntpq</span> runs.
+are expanded and replaced when <samp><span class="file">ntpq</span></samp> runs.
For any of these that are plain files, they are simply processed.
-For any that are directories, then a file named <span class="file">.ntprc</span> is searched for
+For any that are directories, then a file named <samp><span class="file">.ntprc</span></samp> is searched for
within that directory and processed.
<p>Configuration files may be in a wide variety of formats.
Only the first letter of the argument is examined:
<dl>
-<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
-<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
+<a name="ntpq-exit-status"></a>
<p><hr>
-
<a name="ntpq-exit-status"></a>Previous: <a rel="previous" accesskey="p" href="#ntpq-config">ntpq config</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntpq-config">ntpq config</a>,
Up: <a rel="up" accesskey="u" href="#ntpq-Invocation">ntpq Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntpq exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
-<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
-<br><dt><span class="samp">66 (EX_NOINPUT)</span><dd>A specified configuration file could not be loaded.
-<br><dt><span class="samp">70 (EX_SOFTWARE)</span><dd>libopts had an internal operational error. Please report
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<br><dt>‘<samp><span class="samp">66 (EX_NOINPUT)</span></samp>’<dd>A specified configuration file could not be loaded.
+<br><dt>‘<samp><span class="samp">70 (EX_SOFTWARE)</span></samp>’<dd>libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
</dl>
<div class="node">
+<a name="Usage"></a>
<p><hr>
-
<a name="Usage"></a>Next: <a rel="next" accesskey="n" href="#Internal-Commands">Internal Commands</a>,
+Next: <a rel="next" accesskey="n" href="#Internal-Commands">Internal Commands</a>,
Previous: <a rel="previous" accesskey="p" href="#ntpq-Description">ntpq Description</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<br></td></tr></table>
<div class="node">
+<a name="Internal-Commands"></a>
<p><hr>
-
<a name="Internal-Commands"></a>Next: <a rel="next" accesskey="n" href="#Control-Message-Commands">Control Message Commands</a>,
+Next: <a rel="next" accesskey="n" href="#Control-Message-Commands">Control Message Commands</a>,
Previous: <a rel="previous" accesskey="p" href="#Usage">Usage</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<p>Interactive format commands consist of a keyword followed by zero to four arguments. Only enough characters of the full keyword to uniquely identify the command need be typed. The output of a command is normally sent to the standard output, but optionally the output of individual commands may be sent to a file by appending a <code>></code>, followed by a file name, to the command line. A number of interactive format commands are executed entirely within the <code>ntpq</code> program itself and do not result in NTP mode-6 requests being sent to a server. These are described following.
<dl>
-<dt><code><a name="help"></a> ? [</code><kbd>command_keyword</kbd><code>]</code><dt><code>help [</code><kbd>command_keyword</kbd><code>]</code><dd>A <code>?</code> by itself will print a list of all the command keywords known to <code>ntpq</code>. A <code>?</code> followed by a command keyword will print function and usage information about the command.
+<dt><code><a name="help"></a>? [</code><kbd>command_keyword</kbd><code>]</code><dt><code>help [</code><kbd>command_keyword</kbd><code>]</code><dd>A <code>?</code> by itself will print a list of all the command keywords known to <code>ntpq</code>. A <code>?</code> followed by a command keyword will print function and usage information about the command.
- <br><dt><code><a name="addvars"></a> >addvars </code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code>] [...]</code><dt><code>rmvars </code><kbd>name</kbd><code> [...]</code><dt><code>clearvars</dt></code><dd>The arguments to these commands consist of a list of items of the form
+ <br><dt><code><a name="addvars"></a>>addvars </code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code>] [...]</code><dt><code>rmvars </code><kbd>name</kbd><code> [...]</code><dt><code>clearvars</dt></code><dd>The arguments to these commands consist of a list of items of the form
<kbd>name</kbd><code> = </code><kbd>value</kbd>, where the <code>= </code><kbd>value</kbd> is ignored,
and can be omitted in read requests.
<code>ntpq</code> maintains an internal list in which data to be included
from the list,
while the <code>clearlist</code> command removes all variables from the list.
- <br><dt><code><a name="cooked"></a> cooked</code><dd>Display server messages in prettyprint format.
+ <br><dt><code><a name="cooked"></a>cooked</code><dd>Display server messages in prettyprint format.
- <br><dt><code><a name="debug"></a> debug more | less | off</code><dd>Turns internal query program debugging on and off.
+ <br><dt><code><a name="debug"></a>debug more | less | off</code><dd>Turns internal query program debugging on and off.
- <br><dt><code><a name="delay"></a> delay </code><kbd>milliseconds</kbd><dd>Specify a time interval to be added to timestamps included in requests which require authentication. This is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. Actually the server does not now require timestamps in authenticated requests, so this command may be obsolete.
+ <br><dt><code><a name="delay"></a>delay </code><kbd>milliseconds</kbd><dd>Specify a time interval to be added to timestamps included in requests which require authentication. This is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. Actually the server does not now require timestamps in authenticated requests, so this command may be obsolete.
- <br><dt><code><a name="host"></a> host </code><kbd>name</kbd><dd>Set the host to which future queries will be sent.
+ <br><dt><code><a name="host"></a>host </code><kbd>name</kbd><dd>Set the host to which future queries will be sent.
The name may be either a DNS name or a numeric address.
- <br><dt><code><a name="hostnames"></a> hostnames [yes | no]</code><dd>If <code>yes</code> is specified, host names are printed in information displays.
+ <br><dt><code><a name="hostnames"></a>hostnames [yes | no]</code><dd>If <code>yes</code> is specified, host names are printed in information displays.
If <code>no</code> is specified, numeric addresses are printed instead.
The default is <code>yes</code>,
unless modified using the command line <code>-n</code> switch.
- <br><dt><code><a name="keyid"></a> keyid </code><kbd>keyid</kbd><dd>This command specifies the key number to be used
+ <br><dt><code><a name="keyid"></a>keyid </code><kbd>keyid</kbd><dd>This command specifies the key number to be used
to authenticate configuration requests.
This must correspond to a key ID configured in <code>ntp.conf</code> for this purpose.
- <br><dt><code><a name="keytype"></a> keytype</code><dd>Specify the digest algorithm to use for authenticated requests,
+ <br><dt><code><a name="keytype"></a>keytype</code><dd>Specify the digest algorithm to use for authenticated requests,
with default <code>MD5</code>.
If the OpenSSL library is installed,
digest can be be any message digest algorithm supported by the library.
The current selections are: <code>AES128CMAC</code>, <code>MD2</code>, <code>MD4</code>, <code>MD5</code>, <code>MDC2</code>, <code>RIPEMD160</code>, <code>SHA</code> and <code>SHA1</code>.
- <br><dt><code><a name="ntpversion"></a> ntpversion 1 | 2 | 3 | 4</code><dd>Sets the NTP version number which <code>ntpq</code> claims in packets.
+ <br><dt><code><a name="ntpversion"></a>ntpversion 1 | 2 | 3 | 4</code><dd>Sets the NTP version number which <code>ntpq</code> claims in packets.
Defaults to 2.
Note that mode-6 control messages (and modes, for that matter)
didn't exist in NTP version 1.
- <br><dt><code><a name="passwd"></a> passwd</code><dd>This command prompts for a password to authenticate requests.
+ <br><dt><code><a name="passwd"></a>passwd</code><dd>This command prompts for a password to authenticate requests.
The password must correspond to the key ID configured in <code>ntp.conf</code> for this purpose.
- <br><dt><code><a name="quit"></a> quit</code><dd>Exit <code>ntpq</code>.
+ <br><dt><code><a name="quit"></a>quit</code><dd>Exit <code>ntpq</code>.
- <br><dt><code><a name="raw"></a> raw</code><dd>Display server messages as received and without reformatting.
+ <br><dt><code><a name="raw"></a>raw</code><dd>Display server messages as received and without reformatting.
- <br><dt><code><a name="timeout"></a> timeout </code><kbd>millseconds</kbd><dd>Specify a timeout period for responses to server queries.
+ <br><dt><code><a name="timeout"></a>timeout </code><kbd>milliseconds</kbd><dd>Specify a timeout period for responses to server queries.
The default is about 5000 milliseconds.
Note that since <code>ntpq</code> retries each query once after a timeout
the total waiting time for a timeout will be twice the timeout value set.
</dl>
<div class="node">
+<a name="Control-Message-Commands"></a>
<p><hr>
-
<a name="Control-Message-Commands"></a>Next: <a rel="next" accesskey="n" href="#Status-Words-and-Kiss-Codes">Status Words and Kiss Codes</a>,
+Next: <a rel="next" accesskey="n" href="#Status-Words-and-Kiss-Codes">Status Words and Kiss Codes</a>,
Previous: <a rel="previous" accesskey="p" href="#Internal-Commands">Internal Commands</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<br></td></tr></table>
- <br><dt><code><a name="cv"></a>
clockvar </code><kbd>assocID</kbd><code> [</code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> [...]] [...]]</code><dt><code>cv </code><kbd>assocID</kbd><code> [</code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> [...] ][...]]</code><dd>Display a list of <a href="#clock">clock variables</a> for those associations supporting a reference clock.
+ <br><dt><code><a name="cv"></a>clockvar </code><kbd>assocID</kbd><code> [</code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> [...]] [...]]</code><dt><code>cv </code><kbd>assocID</kbd><code> [</code><kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> [...] ][...]]</code><dd>Display a list of <a href="#clock">clock variables</a> for those associations supporting a reference clock.
- <br><dt><code><a name="_003aconfig"></a> :config [...]</code><dd>Send the remainder of the command line, including whitespace, to the server
+ <br><dt><code><a name="g_t_003aconfig"></a>:config [...]</code><dd>Send the remainder of the command line, including whitespace, to the server
as a run-time configuration command in the same format
as the configuration file.
This command is experimental until further notice and clarification.
Authentication is of course required.
- <br><dt><code><a name="config_002dfrom_002dfile"></a> config-from-file </code><kbd>filename</kbd><dd>Send the each line of <kbd>filename</kbd> to the server as
+ <br><dt><code><a name="config_002dfrom_002dfile"></a>config-from-file </code><kbd>filename</kbd><dd>Send the each line of <kbd>filename</kbd> to the server as
run-time configuration commands in the same format as the configuration file.
This command is experimental until further notice and clarification.
Authentication is required.
- <br><dt><code><a name="ifstats"></a> ifstats</code><dd>Display statistics for each local network address.
+ <br><dt><code><a name="ifstats"></a>ifstats</code><dd>Display statistics for each local network address.
Authentication is required.
- <br><dt><code><a name="iostats"></a> iostats</code><dd>Display network and reference clock I/O statistics.
+ <br><dt><code><a name="iostats"></a>iostats</code><dd>Display network and reference clock I/O statistics.
- <br><dt><code><a name="kerninfo"></a> kerninfo</code><dd>Display kernel loop and PPS statistics.
+ <br><dt><code><a name="kerninfo"></a>kerninfo</code><dd>Display kernel loop and PPS statistics.
As with other ntpq output, times are in milliseconds.
The precision value displayed is in milliseconds as well,
unlike the precision system variable.
- <br><dt><code><a name="lassoc"></a> lassociations</code><dd>Perform the same function as the associations command,
+ <br><dt><code><a name="lassoc"></a>lassociations</code><dd>Perform the same function as the associations command,
except display mobilized and unmobilized associations.
- <br><dt><code><a name="monstats"></a> monstats</code><dd>Display monitor facility statistics.
+ <br><dt><code><a name="monstats"></a>monstats</code><dd>Display monitor facility statistics.
- <br><dt><code><a name="mrulist"></a> mrulist [limited | kod | mincount=</code><kbd>count</kbd><code> | laddr=</code><kbd>localaddr</kbd><code> | sort=</code><kbd>sortorder</kbd><code> | resany=</code><kbd>hexmask</kbd><code> | resall=</code><kbd>hexmask</kbd><code>]</code><dd>Obtain and print traffic counts collected and maintained by
+ <br><dt><code><a name="mrulist"></a>mrulist [limited | kod | mincount=</code><kbd>count</kbd><code> | laddr=</code><kbd>localaddr</kbd><code> | sort=</code><kbd>sortorder</kbd><code> | resany=</code><kbd>hexmask</kbd><code> | resall=</code><kbd>hexmask</kbd><code>]</code><dd>Obtain and print traffic counts collected and maintained by
the monitor facility.
With the exception of <code>sort=</code><kbd>sortorder</kbd>,
the options filter the list returned by <code>ntpd</code>.
<br></td></tr></table>
- <br><dt><code><a name="mreadvar"></a> mreadvar </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code><dt><code><a name="mrv"></a> mrv </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code><dd>Perform the same function as the <code>readvar</code> command,
+ <br><dt><code><a name="mreadvar"></a>mreadvar </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code><dt><code><a name="mrv"></a>mrv </code><kbd>assocID</kbd> <kbd>assocID</kbd><code> [ </code><kbd>variable_name</kbd><code> [ = </code><kbd>value</kbd><code>[ ... ]</code><dd>Perform the same function as the <code>readvar</code> command,
except for a range of association IDs.
This range is determined from the association list cached by
the most recent <code>associations</code> command.
- <br><dt><code><a name="passoc"></a> passociations</code><dd>Perform the same function as the <code>associations command</code>, except that
+ <br><dt><code><a name="passoc"></a>passociations</code><dd>Perform the same function as the <code>associations command</code>, except that
it uses previously stored data rather than making a new query.
- <br><dt><code><a name="pe"></a> peers</code><dd>Display a list of peers in the form:
+ <br><dt><code><a name="pe"></a>peers</code><dd>Display a list of peers in the form:
<br>
<code>[tally]remote refid st t when pool reach delay offset jitter</code>
<br></td></tr></table>
- <br><dt><code><a name="rv"></a> readvar </code><kbd>assocID</kbd> <kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> ] [,...]</code><dt><code>rv </code><kbd>assocID</kbd><code> [ </code><kbd>name</kbd><code> ] [,...]</code><dd>Display the specified variables.
+ <br><dt><code><a name="rv"></a>readvar </code><kbd>assocID</kbd> <kbd>name</kbd><code> [ = </code><kbd>value</kbd><code> ] [,...]</code><dt><code>rv </code><kbd>assocID</kbd><code> [ </code><kbd>name</kbd><code> ] [,...]</code><dd>Display the specified variables.
If <kbd>assocID</kbd> is zero,
the variables are from the <a href="#system">system variables</a> name space,
otherwise they are from the <a href="#peer">peer variables</a> name space.
where YYYY is the year, MM the month of year, DD the day of month and
TTTT the time of day.
- <br><dt><code><a name="saveconfig"></a> saveconfig </code><kbd>filename</kbd><dd>Write the current configuration, including any runtime modifications
+ <br><dt><code><a name="saveconfig"></a>saveconfig </code><kbd>filename</kbd><dd>Write the current configuration, including any runtime modifications
given with <code>:config</code> or <code>config-from-file</code>,
to the ntpd host's file <kbd>filename</kbd>.
This command will be rejected by the server unless
The filename used is stored in system variable <code>savedconfig</code>.
Authentication is required.
- <br><dt><code><a name="writevar"></a> writevar </code><kbd>assocID</kbd> <kbd>name</kbd><code> = </code><kbd>value</kbd><code> [,...]</code><dd>Write the specified variables.
+ <br><dt><code><a name="writevar"></a>writevar </code><kbd>assocID</kbd> <kbd>name</kbd><code> = </code><kbd>value</kbd><code> [,...]</code><dd>Write the specified variables.
If the <kbd>assocID</kbd> is zero, the variables are from the
<a href="#system">system variables</a> name space, otherwise they are from the
<a href="#peer">peer variables</a> name space.
The <kbd>assocID</kbd> is required,
as the same name can occur in both spaces.
- <br><dt><code><a name="sysinfo"></a> sysinfo</code><dd>Display operational summary.
+ <br><dt><code><a name="sysinfo"></a>sysinfo</code><dd>Display operational summary.
- <br><dt><code><a name="sysstats"></a> sysstats</code><dd>Print statistics counters maintained in the protocol module.
+ <br><dt><code><a name="sysstats"></a>sysstats</code><dd>Print statistics counters maintained in the protocol module.
</dl>
<div class="node">
+<a name="Status-Words-and-Kiss-Codes"></a>
<p><hr>
-
<a name="Status-Words-and-Kiss-Codes"></a>Next: <a rel="next" accesskey="n" href="#System-Variables">System Variables</a>,
+Next: <a rel="next" accesskey="n" href="#System-Variables">System Variables</a>,
Previous: <a rel="previous" accesskey="p" href="#Control-Message-Commands">Control Message Commands</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
in the reference identifier field in various billboards.
<div class="node">
+<a name="System-Variables"></a>
<p><hr>
-
<a name="System-Variables"></a>Next: <a rel="next" accesskey="n" href="#Peer-Variables">Peer Variables</a>,
+Next: <a rel="next" accesskey="n" href="#Peer-Variables">Peer Variables</a>,
Previous: <a rel="previous" accesskey="p" href="#Status-Words-and-Kiss-Codes">Status Words and Kiss Codes</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<br></td></tr></table>
<div class="node">
+<a name="Peer-Variables"></a>
<p><hr>
-
<a name="Peer-Variables"></a>Next: <a rel="next" accesskey="n" href="#Clock-Variables">Clock Variables</a>,
+Next: <a rel="next" accesskey="n" href="#Clock-Variables">Clock Variables</a>,
Previous: <a rel="previous" accesskey="p" href="#System-Variables">System Variables</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<br></td></tr></table>
<div class="node">
+<a name="Clock-Variables"></a>
<p><hr>
-
<a name="Clock-Variables"></a>Previous: <a rel="previous" accesskey="p" href="#Peer-Variables">Peer Variables</a>,
+Previous: <a rel="previous" accesskey="p" href="#Peer-Variables">Peer Variables</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp-keygen.texi)
#
-# It has been AutoGen-ed February 27, 2018 at 05:15:57 PM by AutoGen 5.18.5
+# It has been AutoGen-ed July 24, 2018 at 07:24:01 AM by AutoGen 5.18.5
# From the definitions ntp-keygen-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@end example
where
@kbd{keyno}
-is a positive integer in the range 1-65534;
+is a positive integer in the range 1-65535;
@kbd{type}
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
@exampleindent 0
@example
-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.7p245
-USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p11
+Usage: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description
+ -b Num imbits identity modulus bits
+ - it must be in the range:
+ 256 to 2048
-c Str certificate certificate scheme
-C Str cipher privatekey cipher
-d no debug-level Increase debug verbosity level
- may appear multiple times
- -D Str set-debug-level Set the debug verbosity level
+ -D Num set-debug-level Set the debug verbosity level
- may appear multiple times
-e no id-key Write IFF or GQ identity keys
-G no gq-params Generate GQ parameters and keys
-I no iffkey generate IFF parameters
-i Str ident set Autokey group name
-l Num lifetime set certificate lifetime
- -M no md5key generate MD5 keys
- -m Num modulus modulus
- - It must be in the range:
+ -m Num modulus prime modulus
+ - it must be in the range:
256 to 2048
+ -M no md5key generate symmetric keys
-P no pvt-cert generate PC private certificate
- -p Str pvt-passwd output private password
- -q Str get-pvt-passwd input private password
- -S Str sign-key generate sign key (RSA or DSA)
+ -p Str password local private password
+ -q Str export-passwd export IFF or GQ group keys with password
-s Str subject-name set host and optionally group name
+ -S Str sign-key generate sign key (RSA or DSA)
-T no trusted-cert trusted certificate (TC scheme)
-V Num mv-params generate <num> MV parameters
-v Num mv-keys update <num> MV keys
- opt version Output version information and exit
- -? no help Display extended usage information and exit
- -! no more-help Extended usage information passed thru pager
- -> opt save-opts Save the option state to a config file
- -< Str load-opts Load options from a config file
- - disabled as --no-load-opts
+ opt version output version information and exit
+ -? no help display extended usage information and exit
+ -! no more-help extended usage information passed thru pager
+ -> opt save-opts save the option state to a config file
+ -< Str load-opts load options from a config file
+ - disabled as '--no-load-opts'
- may appear multiple times
Options are specified by doubled hyphens and their name or by a single
hyphen and the flag character.
-
The following option preset mechanisms are supported:
- reading file $HOME/.ntprc
- reading file ./.ntprc
- examining environment variables named NTP_KEYGEN_*
-please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org
+Please send bug reports to: <http://bugs.ntp.org, bugs@@ntp.org>
@end example
@exampleindent 4
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c)
*
- * It has been AutoGen-ed February 27, 2018 at 05:15:44 PM by AutoGen 5.18.5
+ * It has been AutoGen-ed July 24, 2018 at 07:23:54 AM by AutoGen 5.18.5
* From the definitions ntp-keygen-opts.def
* and the template file options
*
.D1 Ar keyno Ar type Ar key
where
.Ar keyno
-is a positive integer in the range 1-65534;
+is a positive integer in the range 1-65535;
.Ar type
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h)
*
- * It has been AutoGen-ed February 27, 2018 at 05:15:43 PM by AutoGen 5.18.5
+ * It has been AutoGen-ed July 24, 2018 at 07:23:53 AM by AutoGen 5.18.5
* From the definitions ntp-keygen-opts.def
* and the template file options
*
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp-keygen 1ntp-keygenman "27 Feb 2018" "ntp (4.2.8p11)" "User Commands"
+.TH ntp-keygen 1ntp-keygenman "24 Jul 2018" "ntp (4.2.8p11)" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-bBa46V/ag-nBaW5V)
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:15:53 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:24:02 AM by AutoGen 5.18.5
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
.in -4
where
\f\*[I-Font]keyno\f[]
-is a positive integer in the range 1-65534;
+is a positive integer in the range 1-65535;
\f\*[I-Font]type\f[]
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
-.Dd February 27 2018
+.Dd July 24 2018
.Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:16:00 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:59 AM by AutoGen 5.18.5
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.D1 Ar keyno Ar type Ar key
where
.Ar keyno
-is a positive integer in the range 1\-65534;
+is a positive integer in the range 1\-65535;
.Ar type
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
<title>Ntp-keygen User's Manual</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="Ntp-keygen User's Manual">
-<meta name="generator" content="makeinfo 4.7">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="top" href="#Top">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
- span.sc { font-variant:small-caps }
- span.roman { font-family: serif; font-weight: normal; }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
+
</div>
<h2 class="unnumbered">Top</h2>
</ul>
<div class="node">
+<a name="Top"></a>
<p><hr>
-
<a name="Top"></a>Next: <a rel="next" accesskey="n" href="#Description">Description</a>,
+Next: <a rel="next" accesskey="n" href="#Description">Description</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
<h2 class="unnumbered">NTP Key Generation Program User Manual</h2>
<p>This document applies to version 4.2.8p11 of <code>ntp-keygen</code>.
<div class="node">
+<a name="Description"></a>
<p><hr>
-
<a name="Description"></a>Next: <a rel="next" accesskey="n" href="#Running-the-Program">Running the Program</a>,
+Next: <a rel="next" accesskey="n" href="#Running-the-Program">Running the Program</a>,
Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
as described in the <a href="#Cryptographic-Data-Files">Cryptographic Data Files</a> section below.
<div class="node">
+<a name="Running-the-Program"></a>
<p><hr>
-
<a name="Running-the-Program"></a>Next: <a rel="next" accesskey="n" href="#Random-Seed-File">Random Seed File</a>,
+Next: <a rel="next" accesskey="n" href="#Random-Seed-File">Random Seed File</a>,
Previous: <a rel="previous" accesskey="p" href="#Description">Description</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
Autokey Public-Key Authentication page.
<div class="node">
-<p><hr>
+<a name="ntp-keygen-Invocation"></a>
<a name="ntp_002dkeygen-Invocation"></a>
-<br>
+<p><hr>
+
+
</div>
<h3 class="section">Invoking ntp-keygen</h3>
used only by that host, although exceptions exist as noted later on
this page.
The symmetric keys file, normally called
-<span class="file">ntp.keys</span>,
+<samp><span class="file">ntp.keys</span></samp>,
is usually installed in
-<span class="file">/etc</span>.
+<samp><span class="file">/etc</span></samp>.
Other files and links are usually installed in
-<span class="file">/usr/local/etc</span>,
+<samp><span class="file">/usr/local/etc</span></samp>,
which is normally in a shared filesystem in
NFS-mounted networks and cannot be changed by shared clients.
In these cases, NFS clients can specify the files in another
directory such as
-<span class="file">/etc</span>
+<samp><span class="file">/etc</span></samp>
using the
<code>keysdir</code>
<code>ntpd(1ntpdmdoc)</code>
<p>This program directs commentary and error messages to the standard
error stream
-<span class="file">stderr</span>
+<samp><span class="file">stderr</span></samp>
and remote files to the standard output stream
-<span class="file">stdout</span>
+<samp><span class="file">stdout</span></samp>
where they can be piped to other applications or redirected to files.
The names used for generated files and links all begin with the
string
-<span class="file">ntpkey*</span>
+<samp><span class="file">ntpkey*</span></samp>
and include the file type, generating host and filestamp,
as described in the
<a href="#Cryptographic-Data-Files">Cryptographic Data Files</a>
The recommended procedure is change to the
<kbd>keys</kbd>
directory, usually
-<span class="file">/usr/local/etc</span>,
+<samp><span class="file">/usr/local/etc</span></samp>,
then run the program.
<p>To test and gain experience with Autokey concepts, log in as root and
change to the
<kbd>keys</kbd>
directory, usually
-<span class="file">/usr/local/etc</span>.
+<samp><span class="file">/usr/local/etc</span></samp>.
When run for the first time, or if all files with names beginning with
-<span class="file">ntpkey*</span>
+<samp><span class="file">ntpkey*</span></samp>
have been removed, use the
<code>ntp-keygen</code>
command without arguments to generate a default
command
to assume root may not work properly, since by default the OpenSSL library
looks for the random seed file
-<span class="file">.rnd</span>
+<samp><span class="file">.rnd</span></samp>
in the user home directory.
However, there should be only one
-<span class="file">.rnd</span>,
+<samp><span class="file">.rnd</span></samp>,
most conveniently
in the root directory, so it is convenient to define the
.Ev RANDFILE
environment variable used by the OpenSSL library as the path to
-<span class="file">.rnd</span>.
+<samp><span class="file">.rnd</span></samp>.
<p>Installing the keys as root might not work in NFS-mounted
shared file systems, as NFS clients may not be able to write
to the shared keys directory, even as root.
In this case, NFS clients can specify the files in another
directory such as
-<span class="file">/etc</span>
+<samp><span class="file">/etc</span></samp>
using the
<code>keysdir</code>
<code>ntpd(1ntpdmdoc)</code>
while the trusted name is used for the identity files.
<p>All files are installed by default in the keys directory
-<span class="file">/usr/local/etc</span>,
+<samp><span class="file">/usr/local/etc</span></samp>,
which is normally in a shared filesystem
in NFS-mounted networks.
The actual location of the keys directory
certificate should be re-generated.
<p>Additional information on trusted groups and identity schemes is on the
-Autokey Public-Key Authentication
+“Autokey Public-Key Authentication”
page.
<p>File names begin with the prefix
-<span class="file">ntpkey</span>_
+<samp><span class="file">ntpkey</span></samp>_
and end with the suffix
-<span class="file">_</span><kbd>hostname</kbd>. <kbd>filestamp</kbd>,
+<samp><span class="file">_</span></samp><kbd>hostname</kbd>. <kbd>filestamp</kbd>,
where
<kbd>hostname</kbd>
is the owner name, usually the string returned
This both guarantees uniqueness and simplifies maintenance
procedures, since all files can be quickly removed
by a
-<code>rm</code> <span class="file">ntpkey*</span>
+<code>rm</code> <samp><span class="file">ntpkey*</span></samp>
command or all files generated
at a specific time can be removed by a
-<code>rm</code> <span class="file">*</span><kbd>filestamp</kbd>
+<code>rm</code> <samp><span class="file">*</span></samp><kbd>filestamp</kbd>
command.
To further reduce the risk of misconfiguration,
the first two lines of a file contain the file name
<p>On each trusted host as root, change to the keys directory.
To insure a fresh fileset, remove all
-<span class="file">ntpkey</span>
+<samp><span class="file">ntpkey</span></samp>
files.
Then run
<code>ntp-keygen</code>
<code>-P</code>
<code>-p</code> <kbd>password</kbd>
to generate the host key file
-<span class="file">ntpkey</span>_ <code>RSA</code> <span class="file">key_alice.</span> <kbd>filestamp</kbd>
+<samp><span class="file">ntpkey</span></samp>_ <code>RSA</code> <samp><span class="file">key_alice.</span></samp> <kbd>filestamp</kbd>
and trusted private certificate file
-<span class="file">ntpkey</span>_ <code>RSA-MD5</code> <code>_</code> <span class="file">cert_alice.</span> <kbd>filestamp</kbd>,
+<samp><span class="file">ntpkey</span></samp>_ <code>RSA-MD5</code> <code>_</code> <samp><span class="file">cert_alice.</span></samp> <kbd>filestamp</kbd>,
and soft links.
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
On each host
<kbd>bob</kbd>
install a soft link from the generic name
-<span class="file">ntpkey_host_</span><kbd>bob</kbd>
+<samp><span class="file">ntpkey_host_</span></samp><kbd>bob</kbd>
to the host key file and soft link
-<span class="file">ntpkey_cert_</span><kbd>bob</kbd>
+<samp><span class="file">ntpkey_cert_</span></samp><kbd>bob</kbd>
to the private certificate file.
Note the generic links are on bob, but point to files generated
by trusted host alice.
<code>-I</code>
<code>-p</code> <kbd>password</kbd>
to produce her parameter file
-<span class="file">ntpkey_IFFpar_alice.</span><kbd>filestamp</kbd>,
+<samp><span class="file">ntpkey_IFFpar_alice.</span></samp><kbd>filestamp</kbd>,
which includes both server and client keys.
Copy this file to all group hosts that operate as both servers
and clients and install a soft link from the generic
-<span class="file">ntpkey_iff_alice</span>
+<samp><span class="file">ntpkey_iff_alice</span></samp>
to this file.
If there are no hosts restricted to operate only as clients,
there is nothing further to do.
and pipe the output to a file or email program.
Copy or email this file to all restricted clients.
On these clients install a soft link from the generic
-<span class="file">ntpkey_iff_alice</span>
+<samp><span class="file">ntpkey_iff_alice</span></samp>
to this file.
To further protect the integrity of the keys,
each file can be encrypted with a secret password.
<code>-G</code>
<code>-p</code> <kbd>password</kbd>
to produce her parameter file
-<span class="file">ntpkey_GQpar_alice.</span><kbd>filestamp</kbd>,
+<samp><span class="file">ntpkey_GQpar_alice.</span></samp><kbd>filestamp</kbd>,
which includes both server and client keys.
Copy this file to all group hosts and install a soft link
from the generic
-<span class="file">ntpkey_gq_alice</span>
+<samp><span class="file">ntpkey_gq_alice</span></samp>
to this file.
In addition, on each host
<kbd>bob</kbd>
install a soft link
from generic
-<span class="file">ntpkey_gq_</span><kbd>bob</kbd>
+<samp><span class="file">ntpkey_gq_</span></samp><kbd>bob</kbd>
to this file.
As the
<code>GQ</code>
<kbd>n</kbd>
is the number of revokable keys (typically 5) to produce
the parameter file
-<span class="file">ntpkeys_MVpar_trish.</span><kbd>filestamp</kbd>
+<samp><span class="file">ntpkeys_MVpar_trish.</span></samp><kbd>filestamp</kbd>
and client key files
-<span class="file">ntpkeys_MVkey</span><kbd>d</kbd> <kbd>_</kbd> <span class="file">trish.</span> <kbd>filestamp</kbd>
+<samp><span class="file">ntpkeys_MVkey</span></samp><kbd>d</kbd> <kbd>_</kbd> <samp><span class="file">trish.</span></samp> <kbd>filestamp</kbd>
where
<kbd>d</kbd>
is the key number (0 <
<kbd>n</kbd>).
Copy the parameter file to alice and install a soft link
from the generic
-<span class="file">ntpkey_mv_alice</span>
+<samp><span class="file">ntpkey_mv_alice</span></samp>
to this file.
Copy one of the client key files to alice for later distribution
to her clients.
since they all work the same way.
Alice copies the client key file to all of her clients.
On client bob install a soft link from generic
-<span class="file">ntpkey_mvkey_bob</span>
+<samp><span class="file">ntpkey_mvkey_bob</span></samp>
to the client key file.
As the
<code>MV</code>
<kbd>IFFkey</kbd> <kbd>or</kbd> <kbd>GQkey</kbd>
client keys file previously specified
as unencrypted data to the standard output stream
-<span class="file">stdout</span>.
+<samp><span class="file">stdout</span></samp>.
This is intended for automatic key distribution by email.
<br><dt><code>-G</code> <code>--gq-params</code><dd>Generate a new encrypted
<code>GQ</code>
or
<code>-s</code>
following an
-@
+‘@’
character, is also used in certificate subject and issuer names in the form
<kbd>host</kbd> <kbd>@</kbd> <kbd>group</kbd>
and should match the group specified via
<br><dt><code>-q</code> <code>--export-passwd</code>= <kbd>passwd</kbd><dd>Set the password for writing encrypted
<code>IFF</code>, <code>GQ</code> <code>and</code> <code>MV</code>
identity files redirected to
-<span class="file">stdout</span>
+<samp><span class="file">stdout</span></samp>
to
<kbd>passwd</kbd>.
In effect, these files are decrypted with the
<p>The entropy seed used by the OpenSSL library is contained in a file,
usually called
-<span class="file">.rnd</span>,
+<samp><span class="file">.rnd</span></samp>,
which must be available when starting the NTP daemon
or the
<code>ntp-keygen</code>
.Ev RANDFILE
environment variable is not present,
the library will look for the
-<span class="file">.rnd</span>
+<samp><span class="file">.rnd</span></samp>
file in the user home directory.
Since both the
<code>ntp-keygen</code>
program and
<code>ntpd(1ntpdmdoc)</code>
daemon must run as root, the logical place to put this file is in
-<span class="file">/.rnd</span>
+<samp><span class="file">/.rnd</span></samp>
or
-<span class="file">/root/.rnd</span>.
+<samp><span class="file">/root/.rnd</span></samp>.
If the file is not available or cannot be written,
the daemon exits with a message to the system log and the program
exits with a suitable error message.
<p>All file formats begin with two nonencrypted lines.
The first line contains the file name, including the generated host name
and filestamp, in the format
-<span class="file">ntpkey_</span><kbd>key</kbd> <kbd>_</kbd> <kbd>name</kbd>. <kbd>filestamp</kbd>,
+<samp><span class="file">ntpkey_</span></samp><kbd>key</kbd> <kbd>_</kbd> <kbd>name</kbd>. <kbd>filestamp</kbd>,
where
<kbd>key</kbd>
is the key or parameter type,
names in generated link names include only lower case characters.
The filestamp is not used in generated link names.
The second line contains the datestamp in conventional Unix
-<span class="file">date</span>
+<samp><span class="file">date</span></samp>
format.
Lines beginning with
-#
+‘#’
are considered comments and ignored by the
<code>ntp-keygen</code>
program and
printable ASCII text, preceded and followed by MIME content identifier lines.
<p>The format of the symmetric keys file, ordinarily named
-<span class="file">ntp.keys</span>,
+<samp><span class="file">ntp.keys</span></samp>,
is somewhat different than the other files in the interest of backward compatibility.
Ordinarily, the file is generated by this program, but it can be constructed
and edited using an ordinary text editor.
-<pre class="verbatim">
-# ntpkey_MD5key_bk.ntp.org.3595864945
+<pre class="verbatim"># ntpkey_MD5key_bk.ntp.org.3595864945
# Thu Dec 12 19:22:25 2013
1 MD5 L";Nw<\`.I<f4U0)247"i # MD5 key
</pre>
<p>where
<kbd>keyno</kbd>
-is a positive integer in the range 1-65534;
+is a positive integer in the range 1-65535;
<kbd>type</kbd>
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
which is a printable ASCII string 20 characters or less in length:
each character is chosen from the 93 printable characters
in the range 0x21 through 0x7e (
-!
+‘’!
through
-~
+‘~’
) excluding space and the
-#
+‘#’
character, and terminated by whitespace or a
-#
+‘#’
character.
An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which
is truncated as necessary.
<p>The
<code>ntp-keygen</code>
program generates a symmetric keys file
-<span class="file">ntpkey_MD5key_</span><kbd>hostname</kbd>. <kbd>filestamp</kbd>.
+<samp><span class="file">ntpkey_MD5key_</span></samp><kbd>hostname</kbd>. <kbd>filestamp</kbd>.
Since the file contains private shared keys,
it should be visible only to root and distributed by secure means
to other subnet hosts.
The NTP daemon loads the file
-<span class="file">ntp.keys</span>,
+<samp><span class="file">ntp.keys</span></samp>,
so
<code>ntp-keygen</code>
installs a soft link from this name to the generated file.
This software is released under the NTP license, <http://ntp.org/license>.
<ul class="menu">
-<li><a accesskey="1" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>: ntp-keygen help/usage (<span class="option">--help</span>)
+<li><a accesskey="1" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>: ntp-keygen help/usage (<samp><span class="option">--help</span></samp>)
<li><a accesskey="2" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>: imbits option (-b)
<li><a accesskey="3" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>: certificate option (-c)
<li><a accesskey="4" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>: cipher option (-C)
</ul>
<div class="node">
+<a name="ntp-keygen-usage"></a>
+<a name="ntp_002dkeygen-usage"></a>
<p><hr>
-
<a name="ntp_002dkeygen-usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
-<h4 class="subsection">ntp-keygen help/usage (<span class="option">--help</span>)</h4>
+<h4 class="subsection">ntp-keygen help/usage (<samp><span class="option">--help</span></samp>)</h4>
<p><a name="index-ntp_002dkeygen-help-3"></a>
This is the automatically generated usage text for ntp-keygen.
<p>The text printed is the same whether selected with the <code>help</code> option
-(<span class="option">--help</span>) or the <code>more-help</code> option (<span class="option">--more-help</span>). <code>more-help</code> will print
+(<samp><span class="option">--help</span></samp>) or the <code>more-help</code> option (<samp><span class="option">--more-help</span></samp>). <code>more-help</code> will print
the usage text by passing it through a pager program.
<code>more-help</code> is disabled on platforms without a working
<code>fork(2)</code> function. The <code>PAGER</code> environment variable is
-used to select the program, defaulting to <span class="file">more</span>. Both will exit
+used to select the program, defaulting to <samp><span class="file">more</span></samp>. Both will exit
with a status code of 0.
-<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p10
+<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p11
Usage: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
Flg Arg Option-Name Description
-b Num imbits identity modulus bits
Please send bug reports to: <http://bugs.ntp.org, bugs@ntp.org>
</pre>
<div class="node">
+<a name="ntp-keygen-imbits"></a>
+<a name="ntp_002dkeygen-imbits"></a>
<p><hr>
-
<a name="ntp_002dkeygen-imbits"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-usage">ntp-keygen usage</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">imbits option (-b)</h4>
<p><a name="index-ntp_002dkeygen_002dimbits-4"></a>
This is the “identity modulus bits” option.
-This option takes a number argument <span class="file">imbits</span>.
+This option takes a number argument <samp><span class="file">imbits</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>The number of bits in the identity modulus. The default is 256.
<div class="node">
+<a name="ntp-keygen-certificate"></a>
+<a name="ntp_002dkeygen-certificate"></a>
<p><hr>
-
<a name="ntp_002dkeygen-certificate"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-imbits">ntp-keygen imbits</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">certificate option (-c)</h4>
<p><a name="index-ntp_002dkeygen_002dcertificate-5"></a>
This is the “certificate scheme” option.
-This option takes a string argument <span class="file">scheme</span>.
+This option takes a string argument <samp><span class="file">scheme</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
schemes must be used with a DSA sign key. The default without
this option is RSA-MD5.
<div class="node">
+<a name="ntp-keygen-cipher"></a>
+<a name="ntp_002dkeygen-cipher"></a>
<p><hr>
-
<a name="ntp_002dkeygen-cipher"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-certificate">ntp-keygen certificate</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">cipher option (-C)</h4>
<p><a name="index-ntp_002dkeygen_002dcipher-6"></a>
This is the “privatekey cipher” option.
-This option takes a string argument <span class="file">cipher</span>.
+This option takes a string argument <samp><span class="file">cipher</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
equivalent to "<code>-C des-ede3-cbc</code>". The openssl tool lists ciphers
available in "<code>openssl -h</code>" output.
<div class="node">
+<a name="ntp-keygen-id-key"></a>
+<a name="ntp_002dkeygen-id_002dkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-id_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-cipher">ntp-keygen cipher</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">id-key option (-e)</h4>
the standard output.
This is intended for automatic key distribution by email.
<div class="node">
+<a name="ntp-keygen-gq-params"></a>
+<a name="ntp_002dkeygen-gq_002dparams"></a>
<p><hr>
-
<a name="ntp_002dkeygen-gq_002dparams"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-id_002dkey">ntp-keygen id-key</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">gq-params option (-G)</h4>
<p>Generate parameters and keys for the GQ identification scheme,
obsoleting any that may exist.
<div class="node">
+<a name="ntp-keygen-host-key"></a>
+<a name="ntp_002dkeygen-host_002dkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-host_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-gq_002dparams">ntp-keygen gq-params</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">host-key option (-H)</h4>
<p>Generate new host keys, obsoleting any that may exist.
<div class="node">
+<a name="ntp-keygen-iffkey"></a>
+<a name="ntp_002dkeygen-iffkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-iffkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-host_002dkey">ntp-keygen host-key</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">iffkey option (-I)</h4>
<p>Generate parameters for the IFF identification scheme, obsoleting
any that may exist.
<div class="node">
+<a name="ntp-keygen-ident"></a>
+<a name="ntp_002dkeygen-ident"></a>
<p><hr>
-
<a name="ntp_002dkeygen-ident"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-iffkey">ntp-keygen iffkey</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ident option (-i)</h4>
<p><a name="index-ntp_002dkeygen_002dident-11"></a>
This is the “set autokey group name” option.
-This option takes a string argument <span class="file">group</span>.
+This option takes a string argument <samp><span class="file">group</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
'<code>crypto ident</code>' or '<code>server ident</code>' configuration in the
<code>ntpd</code> configuration file.
<div class="node">
+<a name="ntp-keygen-lifetime"></a>
+<a name="ntp_002dkeygen-lifetime"></a>
<p><hr>
-
<a name="ntp_002dkeygen-lifetime"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-ident">ntp-keygen ident</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">lifetime option (-l)</h4>
<p><a name="index-ntp_002dkeygen_002dlifetime-12"></a>
This is the “set certificate lifetime” option.
-This option takes a number argument <span class="file">lifetime</span>.
+This option takes a number argument <samp><span class="file">lifetime</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Set the certificate expiration to lifetime days from now.
<div class="node">
+<a name="ntp-keygen-modulus"></a>
+<a name="ntp_002dkeygen-modulus"></a>
<p><hr>
-
<a name="ntp_002dkeygen-modulus"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-lifetime">ntp-keygen lifetime</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">modulus option (-m)</h4>
<p><a name="index-ntp_002dkeygen_002dmodulus-13"></a>
This is the “prime modulus” option.
-This option takes a number argument <span class="file">modulus</span>.
+This option takes a number argument <samp><span class="file">modulus</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>The number of bits in the prime modulus. The default is 512.
<div class="node">
+<a name="ntp-keygen-md5key"></a>
+<a name="ntp_002dkeygen-md5key"></a>
<p><hr>
-
<a name="ntp_002dkeygen-md5key"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-modulus">ntp-keygen modulus</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">md5key option (-M)</h4>
This is the “generate symmetric keys” option.
Generate symmetric keys, obsoleting any that may exist.
<div class="node">
+<a name="ntp-keygen-pvt-cert"></a>
+<a name="ntp_002dkeygen-pvt_002dcert"></a>
<p><hr>
-
<a name="ntp_002dkeygen-pvt_002dcert"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-password">ntp-keygen password</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-password">ntp-keygen password</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-md5key">ntp-keygen md5key</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">pvt-cert option (-P)</h4>
<p>Generate a private certificate. By default, the program generates
public certificates.
<div class="node">
+<a name="ntp-keygen-password"></a>
+<a name="ntp_002dkeygen-password"></a>
<p><hr>
-
<a name="ntp_002dkeygen-password"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-export_002dpasswd">ntp-keygen export-passwd</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-export_002dpasswd">ntp-keygen export-passwd</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-pvt_002dcert">ntp-keygen pvt-cert</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">password option (-p)</h4>
<p><a name="index-ntp_002dkeygen_002dpassword-16"></a>
This is the “local private password” option.
-This option takes a string argument <span class="file">passwd</span>.
+This option takes a string argument <samp><span class="file">passwd</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
configuration command. The default password is the local
hostname.
<div class="node">
+<a name="ntp-keygen-export-passwd"></a>
+<a name="ntp_002dkeygen-export_002dpasswd"></a>
<p><hr>
-
<a name="ntp_002dkeygen-export_002dpasswd"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-password">ntp-keygen password</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">export-passwd option (-q)</h4>
<p><a name="index-ntp_002dkeygen_002dexport_002dpasswd-17"></a>
This is the “export iff or gq group keys with password” option.
-This option takes a string argument <span class="file">passwd</span>.
+This option takes a string argument <samp><span class="file">passwd</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
"crypto pw password" configuration command. See also the option
–id-key (-e) for unencrypted exports.
<div class="node">
+<a name="ntp-keygen-subject-name"></a>
+<a name="ntp_002dkeygen-subject_002dname"></a>
<p><hr>
-
<a name="ntp_002dkeygen-subject_002dname"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-export_002dpasswd">ntp-keygen export-passwd</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">subject-name option (-s)</h4>
<p><a name="index-ntp_002dkeygen_002dsubject_002dname-18"></a>
This is the “set host and optionally group name” option.
-This option takes a string argument <span class="file">host@group</span>.
+This option takes a string argument <samp><span class="file">host@group</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
if not provided, the host name are also used in the file names
of IFF, GQ, and MV client parameter files.
<div class="node">
+<a name="ntp-keygen-sign-key"></a>
+<a name="ntp_002dkeygen-sign_002dkey"></a>
<p><hr>
-
<a name="ntp_002dkeygen-sign_002dkey"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-subject_002dname">ntp-keygen subject-name</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">sign-key option (-S)</h4>
<p><a name="index-ntp_002dkeygen_002dsign_002dkey-19"></a>
This is the “generate sign key (rsa or dsa)” option.
-This option takes a string argument <span class="file">sign</span>.
+This option takes a string argument <samp><span class="file">sign</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
that may exist. By default, the program uses the host key as the
sign key.
<div class="node">
+<a name="ntp-keygen-trusted-cert"></a>
+<a name="ntp_002dkeygen-trusted_002dcert"></a>
<p><hr>
-
<a name="ntp_002dkeygen-trusted_002dcert"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-sign_002dkey">ntp-keygen sign-key</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">trusted-cert option (-T)</h4>
<p>Generate a trusted certificate. By default, the program generates
a non-trusted certificate.
<div class="node">
+<a name="ntp-keygen-mv-params"></a>
+<a name="ntp_002dkeygen-mv_002dparams"></a>
<p><hr>
-
<a name="ntp_002dkeygen-mv_002dparams"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-trusted_002dcert">ntp-keygen trusted-cert</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">mv-params option (-V)</h4>
<p><a name="index-ntp_002dkeygen_002dmv_002dparams-21"></a>
This is the “generate <num> mv parameters” option.
-This option takes a number argument <span class="file">num</span>.
+This option takes a number argument <samp><span class="file">num</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<p>Generate parameters and keys for the Mu-Varadharajan (MV)
identification scheme.
<div class="node">
+<a name="ntp-keygen-mv-keys"></a>
+<a name="ntp_002dkeygen-mv_002dkeys"></a>
<p><hr>
-
<a name="ntp_002dkeygen-mv_002dkeys"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-mv_002dparams">ntp-keygen mv-params</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">mv-keys option (-v)</h4>
<p><a name="index-ntp_002dkeygen_002dmv_002dkeys-22"></a>
This is the “update <num> mv keys” option.
-This option takes a number argument <span class="file">num</span>.
+This option takes a number argument <samp><span class="file">num</span></samp>.
<p class="noindent">This option has some usage constraints. It:
<ul>
<li>must be compiled in by defining <code>AUTOKEY</code> during the compilation.
</ul>
- <p>This option has no <span class="samp">doc</span> documentation.
+ <p>This option has no ‘<samp><span class="samp">doc</span></samp>’ documentation.
<div class="node">
+<a name="ntp-keygen-config"></a>
+<a name="ntp_002dkeygen-config"></a>
<p><hr>
-
<a name="ntp_002dkeygen-config"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-mv_002dkeys">ntp-keygen mv-keys</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">presetting/configuring ntp-keygen</h4>
<li>$PWD
</ul>
The environment variables <code>HOME</code>, and <code>PWD</code>
-are expanded and replaced when <span class="file">ntp-keygen</span> runs.
+are expanded and replaced when <samp><span class="file">ntp-keygen</span></samp> runs.
For any of these that are plain files, they are simply processed.
-For any that are directories, then a file named <span class="file">.ntprc</span> is searched for
+For any that are directories, then a file named <samp><span class="file">.ntprc</span></samp> is searched for
within that directory and processed.
<p>Configuration files may be in a wide variety of formats.
Only the first letter of the argument is examined:
<dl>
-<dt><span class="samp">version</span><dd>Only print the version. This is the default.
-<br><dt><span class="samp">copyright</span><dd>Name the copyright usage licensing terms.
-<br><dt><span class="samp">verbose</span><dd>Print the full copyright usage licensing terms.
+<dt>‘<samp><span class="samp">version</span></samp>’<dd>Only print the version. This is the default.
+<br><dt>‘<samp><span class="samp">copyright</span></samp>’<dd>Name the copyright usage licensing terms.
+<br><dt>‘<samp><span class="samp">verbose</span></samp>’<dd>Print the full copyright usage licensing terms.
</dl>
<div class="node">
+<a name="ntp-keygen-exit-status"></a>
+<a name="ntp_002dkeygen-exit-status"></a>
<p><hr>
-
<a name="ntp_002dkeygen-exit-status"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-config">ntp-keygen config</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen exit status</h4>
<p>One of the following exit values will be returned:
<dl>
-<dt><span class="samp">0 (EXIT_SUCCESS)</span><dd>Successful program execution.
-<br><dt><span class="samp">1 (EXIT_FAILURE)</span><dd>The operation failed or the command syntax was not valid.
-<br><dt><span class="samp">66 (EX_NOINPUT)</span><dd>A specified configuration file could not be loaded.
-<br><dt><span class="samp">70 (EX_SOFTWARE)</span><dd>libopts had an internal operational error. Please report
+<dt>‘<samp><span class="samp">0 (EXIT_SUCCESS)</span></samp>’<dd>Successful program execution.
+<br><dt>‘<samp><span class="samp">1 (EXIT_FAILURE)</span></samp>’<dd>The operation failed or the command syntax was not valid.
+<br><dt>‘<samp><span class="samp">66 (EX_NOINPUT)</span></samp>’<dd>A specified configuration file could not be loaded.
+<br><dt>‘<samp><span class="samp">70 (EX_SOFTWARE)</span></samp>’<dd>libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
</dl>
<div class="node">
+<a name="ntp-keygen-Usage"></a>
+<a name="ntp_002dkeygen-Usage"></a>
<p><hr>
-
<a name="ntp_002dkeygen-Usage"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-exit-status">ntp-keygen exit status</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen Usage</h4>
<div class="node">
+<a name="ntp-keygen-Notes"></a>
+<a name="ntp_002dkeygen-Notes"></a>
<p><hr>
-
<a name="ntp_002dkeygen-Notes"></a>Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a>,
+Next: <a rel="next" accesskey="n" href="#ntp_002dkeygen-Bugs">ntp-keygen Bugs</a>,
Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Usage">ntp-keygen Usage</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen Notes</h4>
<div class="node">
+<a name="ntp-keygen-Bugs"></a>
+<a name="ntp_002dkeygen-Bugs"></a>
<p><hr>
-
<a name="ntp_002dkeygen-Bugs"></a>Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
+Previous: <a rel="previous" accesskey="p" href="#ntp_002dkeygen-Notes">ntp-keygen Notes</a>,
Up: <a rel="up" accesskey="u" href="#ntp_002dkeygen-Invocation">ntp-keygen Invocation</a>
-<br>
+
</div>
<h4 class="subsection">ntp-keygen Bugs</h4>
<div class="node">
+<a name="Random-Seed-File"></a>
<p><hr>
-
<a name="Random-Seed-File"></a>Next: <a rel="next" accesskey="n" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>,
+Next: <a rel="next" accesskey="n" href="#Cryptographic-Data-Files">Cryptographic Data Files</a>,
Previous: <a rel="previous" accesskey="p" href="#Running-the-Program">Running the Program</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
with a message to the system log.
<div class="node">
+<a name="Cryptographic-Data-Files"></a>
<p><hr>
-
<a name="Cryptographic-Data-Files"></a>Previous: <a rel="previous" accesskey="p" href="#Random-Seed-File">Random Seed File</a>,
+Previous: <a rel="previous" accesskey="p" href="#Random-Seed-File">Random Seed File</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
<!-- node-name, next, previous, up -->
<p>Figure 1 shows a typical symmetric keys file used by the reference
implementation.
Each line of the file contains three fields, first an
-integer between 1 and 65534, inclusive, representing the key identifier
+integer between 1 and 65535, inclusive, representing the key identifier
used in the server and peer configuration commands.
Next is the key type for the message digest algorithm,
which in the absence of the
.ds B-Font B
.ds I-Font I
.ds R-Font R
-.TH ntp-keygen @NTP_KEYGEN_MS@ "27 Feb 2018" "ntp (4.2.8p11)" "User Commands"
+.TH ntp-keygen @NTP_KEYGEN_MS@ "24 Jul 2018" "ntp (4.2.8p11)" "User Commands"
.\"
-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-bBa46V/ag-nBaW5V)
+.\" EDIT THIS FILE WITH CAUTION (in-mem file)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:15:53 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:24:02 AM by AutoGen 5.18.5
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
.in -4
where
\f\*[I-Font]keyno\f[]
-is a positive integer in the range 1-65534;
+is a positive integer in the range 1-65535;
\f\*[I-Font]type\f[]
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
-.Dd February 27 2018
+.Dd July 24 2018
.Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
.\"
-.\" It has been AutoGen-ed February 27, 2018 at 05:16:00 PM by AutoGen 5.18.5
+.\" It has been AutoGen-ed July 24, 2018 at 07:23:59 AM by AutoGen 5.18.5
.\" From the definitions ntp-keygen-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
.D1 Ar keyno Ar type Ar key
where
.Ar keyno
-is a positive integer in the range 1\-65534;
+is a positive integer in the range 1\-65535;
.Ar type
is the key type for the message digest algorithm, which in the absence of the
OpenSSL library must be
Figure 1 shows a typical symmetric keys file used by the reference
implementation.
Each line of the file contains three fields, first an
-integer between 1 and 65534, inclusive, representing the key identifier
+integer between 1 and 65535, inclusive, representing the key identifier
used in the server and peer configuration commands.
Next is the key type for the message digest algorithm,
which in the absence of the
projects / thirdparty / ntp.git / commitdiff
