[ntp:questions] Generating keys for ntpdc control

Steve Kostecke kostecke at ntp.org
Fri Jul 4 14:44:33 UTC 2008

On 2008-07-04, Bob <bobsjunkmail at bellsouth.net> wrote:

> There's not really a space in the file name. Type in Dos / Windoze is
> similar in function to cat in *nix.. Basically, I did a cat ntp.keys.

I've used DOS/Windows in the past so I do know what 'type' is.

> I've got something called filemon that shows file system activity. I
> see ntp.keys being read by ntpd upon restart. I never see ntpdc touch
> the ntp.keys file - not sure if it's supposed to.

ntpdc does not access any files.

> Also, it appears from your example, which I assume is from BSD / Linux
> / Mac,

Debian (Linux)

> that ntpdc is supposed to prompt for a password.

It has to.

> The windows version says nothing after you respond to Keyid. If
> figured you have to enter a password (key contents?) because it does
> say "Invalid password" if you press enter at the flashing cursor after
> Keyid.

With ntp-dev-4.2.5p118 I see the "Invalid password" message if I enter
no password at all (i.e. just hit return as the "MD5 Password:" prompt)
and a "***Permission denied" message I enter the wrong password or
use an untrusted key.

It is possible that ntpdc is not seeing the password you typed in.

> Here's the contents of my ntp.conf except for comments, and server addresses 
> other than my local GPS / OCXO clock - no 1pps doesn't work under windows.

None of the following is germane to your symmetric key issue, but ...

> keys "C:\Program Files\NTP\etc\ntp.keys"
> enable auth

Auth is enabled by default. It can be disabled on the command-line. The
worst that can happen is this line will generate an extra log entry.

> trustedkey 1 2 42 255
> requestkey 1 2 255
> controlkey 42
> driftfile "C:\Program Files\NTP\etc\ntp.drift"
> server minpoll 4 maxpoll 10
> fudge stratum 10
>  server minpoll 4 maxpoll 4 iburst

This minpoll/maxpoll combination means that you are polling this server
every 16 seconds. That's generally considered to be "unfriendly" unless
it's your server.

ntpd has been designed to choose the correct poll interval to strike a
balance between quick short term correction and long term stability. It
is generally considered better to allow ntpd to manage the poll

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list