[ntp:questions] Generating keys for ntpdc control

Bob bobsjunkmail at bellsouth.net
Thu Jul 3 22:40:07 UTC 2008


"Steve Kostecke" <kostecke at ntp.org> wrote in message 
news:slrng6pi3j.bj6.kostecke at stasis.kostecke.net...
> On 2008-07-03, Bob <bobsjunkmail at bellsouth.net> wrote:
>
>> I'm getting closer... you actually put the key data in a file that you
>> point to. OK... how do I generate the keys? For example, I tried the
>> below (of course, the keys listed have been erased...) and which file
>> do I use the contents of as key material, how much do I use (just the
>> data and no headers), and do I have to do it all on one line per key?
>> Thanks for the help on this. I've searched for detailed info without
>> success.
>
> You're making this more complicated than it needs to be.
>
> As Martin stated previously, the keys file is just a list of keyids
> and passwords. You can populate this file yourself using your prefered
> passwords, or you may use ntp-keygen to generate the passwords, or some
> combination of both.
>
> You may create the manually populated keys file with your favorite
> editor and generate the passwords in your preferred manner. The contents
> of manually populated keys file looks like this:
>
> -------------------------8X-------------------------
>
> 1 M a_password
> 2 M another_password
> 5 M is_right_out
> 42 M themeaningoflife
> 255 M yet_another_password
>
> -------------------------8X-------------------------
>
> If you wish to use ntp-keygen to create the keys file run the following
> command in the directory where you wish to store the file:
>
> ntp-keygen -M
>
> The contents of the file generated in this way will look similar to:
>
> -------------------------8X-------------------------
>
> # ntpkey_MD5key_stasis.3424023800
> # Wed Jul  2 17:43:20 2008
>
> 1 MD5  F<=\Q>+xuk:bMHO # MD5 key
>
> [snip]
>
> 16 MD5  uWk>srQSIw0d=0N # MD5 key
>
> -------------------------8X-------------------------
>
> To use symmetric keys you must configure them in ntp.conf (we'll use the
> keyids shown above):
>
> Tell ntpd where to find the keys file with:
>
> keys    /etc/ntp.keys
>
> Tell ntpd which keys in that file to trust with:
>
> trustedkey 1 2 42 255
>
> Tell ntpd which keys may be used to authenticate time service with:
>
> requestkey 1 2 255
>
> Tell ntpd which keys may be used to authenticate remote configuration
> with:
>
> controlkey 42
>
> Please note that the 'nomodify' restriction overrides the symmetric keys
> configuration. So hosts/sub-nets which are covered by 'nomodify' will
> not be able to remotely configure ntpd even if they know the right
> keyids and passwords.
>

Still not working....  I did restart ntpd after creating the files....

C:\PROGRA~1\NTP\etc>type ntp.keys
1 M a_password
2 M another_password
5 M is_right_out
42 M themeaningoflife
255 M yet_another_password

***> ntp.conf contains:

#--# authentication section #--#
keys "C:\Program Files\NTP\etc\ntp.keys"
enable auth
trustedkey 1 2 42 255
requestkey 1 2 255
controlkey 42
#--# end of authentication section #--#

***> Yet, I get Permission denied

C:\PROGRA~1\NTP\etc>ntpdc
ntpdc> restri 64.198.211.64 255.255.255.255 noserve
Keyid: 42
***Permission denied                     <**** I entered "themeaningoflife" 
here
ntpdc> vers
ntpdc 4.2.4p3 at 1.1502-foehr-o Jul 25 12:53:26 (UTC+02:00) 2007  (3)





More information about the questions mailing list