[ntp:questions] ntp symmetric keys - controlkey test is needed
ardi
peter.knezel at gmail.com
Tue Feb 25 08:45:42 UTC 2014
On Friday, February 21, 2014 2:59:54 PM UTC+1, Steve Kostecke wrote:
> On 2014-02-21, ardi <peter.knezel at gmail.com> wrote: > I have defined symmetric keys on 2 ntp servers. > How can I test whether controlkey is working? > Is it used for ntpq? http://doc.ntp.org/4.2.6p5/authopt.html explains Symmetric Key Cryptography; and the controlkey, requestkey and trustedkey commands. -- Steve Kostecke <kostecke at ntp.org> NTP Public Services Project - http://support.ntp.org/
Hello Steve,
I have tried the requestkey with the following setup - and I think it is working:
/etc/init.d/ntp stop
Update file: /etc/ntp.keys with:
66 M thisispswd #note 66 is key-id, M is type of password (M=MD5); thisispswd is the password
and update /etc/ntp.conf with:
trustedkey 2 66
requestkey 66
controlkey 66
start ntp daemon on server
Let's try requestkey in ntpdc - we are trying to add a new server xx.xx.xx.88
ntpdc> addserver xx.xx.xx.88
Keyid: 66 <---the requestkey we defined in /etc/ntp.conf
MD5 Password: <---here we fill the password: thisispsw
done!
ntpdc> q
root at server:~#
root at server:~# ntpq
ntpq> pee
remote refid st t when poll reach delay offset jitter
==============================================================================
*xx .GPS. 1 u 15 16 377 0.422 0.099 0.078
-server1 xx.xx.xx.xx 2 u - 16 377 0.252 -0.066 0.022
+server2 xx.xx.xx.xx 2 u 11 16 377 0.385 0.069 0.016
+server3 xx.xx.xx.xx 2 u - 16 377 0.350 -0.040 0.080
xx.xx.xx.88 .INIT. 16 u - 64 0 0.000 0.000 0.000
ntpq>
To remove it from this list we can use the following command:
ntpdc> unconfig xx.xx.xx.88
Keyid: 66
MD5 Password: <--we insert thisispwd as password
done!
ntpdc>
ntpdc> q
root at server:~# ntpq
ntpq> pee
remote refid st t when poll reach delay offset jitter
==============================================================================
*xx .GPS. 1 u 15 16 377 0.422 0.099 0.078
-server1 xx.xx.xx.xx 2 u - 16 377 0.252 -0.066 0.022
+server2 xx.xx.xx.xx 2 u 11 16 377 0.385 0.069 0.016
+server3 xx.xx.xx.xx 2 u - 16 377 0.350 -0.040 0.080
is it a good example for requestkey testing?
But I am not able to test the controlkey for ntpq.
Can you give me some hint or example?
Thanks and kind regards,
ardi
More information about the questions
mailing list