[ntp:questions] ntp symmetric keys - controlkey test is needed

ardi peter.knezel at gmail.com
Tue Feb 25 08:45:42 UTC 2014


On Friday, February 21, 2014 2:59:54 PM UTC+1, Steve Kostecke wrote:
> On 2014-02-21, ardi <peter.knezel at gmail.com> wrote: > I have defined symmetric keys on 2 ntp servers. > How can I test whether controlkey is working? > Is it used for ntpq? http://doc.ntp.org/4.2.6p5/authopt.html explains Symmetric Key Cryptography; and the controlkey, requestkey and trustedkey commands. -- Steve Kostecke <kostecke at ntp.org> NTP Public Services Project - http://support.ntp.org/

Hello Steve,

I have tried the requestkey with the following setup - and I think it is working:
/etc/init.d/ntp stop

Update file: /etc/ntp.keys with:

66 M thisispswd #note 66 is key-id, M is type of password (M=MD5);  thisispswd is the password

and update /etc/ntp.conf with:

trustedkey 2 66
requestkey 66
controlkey 66

start ntp daemon on server

Let's try requestkey in ntpdc - we are trying to add a new server xx.xx.xx.88 

ntpdc> addserver xx.xx.xx.88
Keyid: 66    <---the requestkey we defined in /etc/ntp.conf
MD5 Password: <---here we fill the password: thisispsw
done!
ntpdc> q

root at server:~#

root at server:~# ntpq
ntpq> pee
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*xx              .GPS.            1 u   15   16  377    0.422    0.099   0.078
-server1           xx.xx.xx.xx    2 u    -   16  377    0.252   -0.066   0.022
+server2           xx.xx.xx.xx    2 u   11   16  377    0.385    0.069   0.016
+server3           xx.xx.xx.xx    2 u    -   16  377    0.350   -0.040   0.080
xx.xx.xx.88      .INIT.          16 u    -   64    0    0.000    0.000   0.000
ntpq>

To remove it from this list we can use the following command:

ntpdc> unconfig xx.xx.xx.88
Keyid: 66
MD5 Password: <--we insert thisispwd as password 
done!
ntpdc>

ntpdc> q
root at server:~# ntpq
ntpq> pee
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*xx              .GPS.            1 u   15   16  377    0.422    0.099   0.078
-server1           xx.xx.xx.xx    2 u    -   16  377    0.252   -0.066   0.022
+server2           xx.xx.xx.xx    2 u   11   16  377    0.385    0.069   0.016
+server3           xx.xx.xx.xx    2 u    -   16  377    0.350   -0.040   0.080

is it a good example for requestkey testing?


But I am not able to test the controlkey for ntpq.
Can you give me some hint or example?

Thanks and kind regards,
ardi




More information about the questions mailing list