[ntp:questions] NTP server authentication

Vladimir Smotlacha vs at cesnet.cz
Fri May 20 10:36:26 UTC 2005


I am trying to setup public key authentication of our primary NTP servers 
using IFF identity schema. I do not know how to deal with password 
(un)protected keys.

I run on server MYSERVER (with hostname and DNS name MYSERVER)

   ntp-keygen -T -m 1024 -c RSA-SHA1 -p PASSWD

   ntp-keygen -T -I -e -m 1024 -c RSA-SHA1 -p PASSWD > iff_key

I copied iff_key to client keys directory under the name ntpk


On client, I run:

   ntp-keygen -m 1024 -c RSA-SHA1 -p PASSWD

and ntp.conf contains:

  crypto pw PASSWD

  server MYSERVER autokey

This works very well when I use the same password on both client and server 
but it does not work without password (i.e. neither '-p' in ntp-keygen nor 
'pw' in ntp.conf) in both server and client. Why?

Using a password avoids applying two or more servers of different 
authorities in a client configuration. Doesn't it?

Vladimir Smotlacha, vs at cesnet.cz


More information about the questions mailing list