[ntp:questions] Generating keys for ntpdc control

Bob bobsjunkmail at bellsouth.net
Thu Jul 3 04:34:44 UTC 2008


Can someone run me through the steps necessary to generate, and apply keys 
so I can use ntpdc to make on the fly changes to ntpd? I've read through the 
docs - repeatedly! - and tried every incarnation of ntp-keygen listed. What 
I seem not to be able to get is what the "key number" represents. I suspect 
that it's got something to do with the -v option where it generates numbered 
keys, but creating them with a password ,and then specifying one  - like key 
1 - after entering password in ntpdc results in the cursor simply staring 
back at me. The keygen section of the docs includes the statement "Following 
hte heard the keys are entered one per line in the format keyno type key", 
which I suspect is a typo, but I'm still not getting it. I suspect there 
needs to be a file referring to what key number is what.

I'm running the current Meinberg windows port. This comes about because of a 
question I asked last week about KOD. It was suggested that I could use 
ntpdc to effect the necessary changes by either setting up symmetric keys or 
disabling authentication. Well, I didn't have any luck with the keys, so I 
disabled authentication.

That didn't work for two reasons: ntpdc still wouldn't talk to ntpd, and I 
found that someone at 66.80.7.58 does know how to reconfigure ntpd remotely. 
I looked at my logs on the morning of 26 June, and found that I was now 
polling that address several times a second for time. Looking at my host 
server list, I showed that address listed about 20 times as mode 1 (whatever 
that is???) I didn't do it, and it wasn't in the config file.Also, it 
started after I disabled auth.  Enabling auth, and restarting fixed it, 
although he kept trying  for the rest of the day. I think the intention was 
to make himself an authoritive source and force my clock to drift, as his 
incoming timestamps looked to be off by at least a minute. Hackers......... 
And not the good definition, either. 





More information about the questions mailing list