[ntp:questions] Re: symmetric-active mode (peer) and autokey

Steve Kostecke kostecke at ntp.isc.org
Wed Feb 1 22:45:48 UTC 2006

On 2006-02-01, Peter Pramberger <peter.pramberger at 1012surf.net> wrote:

> Anyone else running autokey successfully with symmetric-active mode?

I just brought up one of those associations between two of my systems.

Both peers were configured with identical crypto passwords to keep
things simple. Here's the steps I used on EACH peer:

1. Starting with an empty keysdir

2. Generate trusted host parameters and IFF parameters:

	ntp-keygen -T -I -p password

3. Export the IFFkey:

	ntp-keygen -e -q password -p password

4. Paste the IFFkey text into an editor, save the file and create the
symlink on the other peer (via an ssh session).

5. Add 'peer the.other.peer autokey' in the ntp.conf on each peer
along with the 'crypto pw' and 'keysdir' lines.

6. Restart both ntpds and wait a bit.


Peer #1:
version="ntpd 4.2.0a at 1:4.2.0a+stable-2-r Fri Aug 26 10:30:12 UTC 2005 (1)"?,

Peer #2:
version="ntpd 4.2.0a at 1:4.2.0a+stable-2-r Sun Jan  9 16:13:27 CET 2005 (1)"?,

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/

More information about the questions mailing list