[ntp:questions] ntp authentication problems

Bernhard Dobbels bdobbels at isabel.be
Mon Aug 4 11:20:47 UTC 2003


I have two stratum 1 servers and 10 stratum 2 servers. There should
exist authentication between the peers and also between the stratum 2
and 1 servers.

I'll start with using MD5, but in the end would like to use Autokey
protocol.

I always get the error 'Transmit: no encryption key found', while
updates with ntpdate and encryption do work.

Some details of the setup:

Config server:
	#  ***  LAN TIME  ***
	# NTP.CONF for GPS167 with UNI ERLANGEN(do not modify)

	pps /dev/refclock-0 assert hardpps   # PPS device

	server  127.127.1.0                  # local clock
	fudge   127.127.1.0 stratum 11       # local stratum

	server  127.127.8.0 mode 135 prefer  # Meinberg GPS OCXO UNI Erlangen PPS
	server  127.127.22.0                 # ATOM (PPS)
	fudge   127.127.22.0 flag3 1         # enable PPS API

	enable stats
	statsdir /var/log/
	statistics loopstats
	driftfile /etc/ntp.drift

	authenticate yes
	keys /etc/ntp/keys
	trustedkey 1

	logfile /var/log/ntpd.log
 
Config client:
	server	192.168.151.16 key 1 prefer 	# stratum 1 server cik
	server	127.127.1.0                	# local clock
	fudge	127.127.1.0 stratum 12

	driftfile /etc/ntp/drift
	broadcastdelay	0.008

	authenticate yes
	keys		/etc/ntp/keys

	logfile	/var/log/ntp/ntp.log

	statsdir /var/log/ntp/
	statistics loopstats 
	statistics peerstats
	statistics rawstats


Keys file /etc/ntp/keys (mode 600) on both server and client:
1 M ~rfi%=?/PN2pgu&z   # MD5 key
3 M ;f4Bz02]s%v{TQxt   # MD5 key 

Ntpdate:
/usr/sbin/ntpdate -dddd -s -a 1 -k /etc/ntp/keys -b -p 1 -u 192.168.151.16 >ntpdate.log

	receive: rpkt keyid=1 sys_authkey=1 decrypt=1
	receive: authentication passed
	offset: 0.003616, delay 0.00069
	transmit(192.168.151.16)
	server 192.168.151.16, port 123
	stratum 1, precision -18, leap 00, trust 000
	refid [PPS], delay 0.02631, dispersion 0.00000
	transmitted 1, in filter 1
	reference time:    c2d8be1a.bb3892ee  Mon, Aug  4 2003 13:12:26.731
	originate timestamp: c2d8be2a.c8694034  Mon, Aug  4 2003 13:12:42.782
	transmit timestamp:  c2d8be2a.c750f40e  Mon, Aug  4 2003 13:12:42.778
	filter 	delay:  0.02631  0.00000  0.00000  0.00000 
        		 0.00000  0.00000  0.00000  0.00000 
	 filter offset: 0.003616 0.000000 0.000000 0.000000
	 	         0.000000 0.000000 0.000000 0.000000
	  delay 0.02631, dispersion 0.00000
	  offset 0.003616 

Logfile on Client:
 4 Aug 12:54:25 ntpd[887]: running as uid(38)/gid(38) euid(38)/egid(38).
 4 Aug 12:54:38 ntpd[887]: transmit: no encryption key found
 4 Aug 12:57:39 ntpd[887]: kernel time discipline status change 41
   

I do not understand why authentication for ntpdate works and not for
ntpd. Any suggestions are welcome.


If someone could explain to me how to use autokey (generate keys), I would be gratefull. (and yes, I've read most of the docs about it.)

Bernhard Dobbels
Network engineer.




More information about the questions mailing list