[ntp:questions] generating GQ keys in /etc/ntp1

ardi peter.knezel at gmail.com
Mon Jan 27 10:16:49 UTC 2014


hello all:
according to http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#STEP-AUTOKEY-SERVER-GQ
i was able to generate GQ keys on server and copy
parameter file to client:

NOTE: i have used /etc/ntp1; chmod 600 /etc/ntp1 for this purpose
and changed ntp.conf on server and client machines as well.

NOTE2: ntp-keygen -e -q clientpassword -p serverpassword > tempgq
server-vm/etc/ntp1#cat tempgq
# ntpkey_gqpar_server-vm.3599804828
# Mon Jan 27 10:47:08 2014

-----BEGIN PRIVATE KEY-----
M..
.....
....==
-----END PRIVATE KEY-----

so i renamed: server-vm/etc/ntp1#mv tempgq ntpkey_gqpar_server-vm.3599804828

and did on client:
cd mkdir /etc/ntpq
ntk-keygen -H -p clientpassword

and copied the file ntpkey_gqpar_server-vm.3599804828 from server-vm
to client's /etc/ntp1:
vi ntpkey_gqpar_server-vm.3599804828
and copied the content here, then saved.

in addition i created a link:
ln -s ntpkey_gqpar_server-vm.3599804828 ntpkey_gqpar_server-vm

After update on server-vm's ntp.conf: 
crypto pw serverpassword
keysdir /etc/ntp1

i started ntp daemon.

After update on client's ntp.conf: 
crypto pw clientpassword
keysdir /etc/ntp1

After 5 min i started ntp daemon on client:

using:
ntpq>pee

ntpq> ass

ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 53397  f63a   yes   yes   ok   sys.peer    sys_peer  3
  2 53398  9424   yes   yes  none candidate   reachable  2
ntpq> rv 53397

output - not copied here, but 

flags=0x87f41

shows that digit 4 means that GQ keys are used.
Is it ok for verification?

Peter



More information about the questions mailing list