[ntp:questions] Re: NTP server authentication
martin.burnicki at meinberg.de
Fri May 20 12:38:18 UTC 2005
Vladimir Smotlacha wrote:
> I am trying to setup public key authentication of our primary NTP servers
> using IFF identity schema. I do not know how to deal with password
> (un)protected keys.
> I run on server MYSERVER (with hostname and DNS name MYSERVER)
> ntp-keygen -T -m 1024 -c RSA-SHA1 -p PASSWD
> ntp-keygen -T -I -e -m 1024 -c RSA-SHA1 -p PASSWD > iff_key
> I copied iff_key to client keys directory under the name ntpk
AFAIK, if you want to use a different password on the server, you must
export the IFF key on the server. If your server password is PASSWD, and
your client password is CLPASSWD, you should run the following command on
ntp-keygen -e -q PASSWD -p CLPASSWD > ntpkey_iff_hostname
where hostname is the client's hostname. Then copy the file
ntpkey_iff_hostname to the client, AFTER you have generated the cert and
host files on the client.
In order to verify that authentication works, please test running ntpd in
the foreground using the option -ddd.
In ntpd versions after ntpd 4.2.0a at 1.1345 things have been messed up a bit.
If you run "ntpq -c as" as suggested in the docs, the output reports "auth
bad" even if authentication works OK. For details, please refer to
Hope this helps.
More information about the questions