[ntp:questions] ntpq authentication problem

catherine.wei1989 at gmail.com catherine.wei1989 at gmail.com
Mon Mar 2 05:03:46 UTC 2015


On Friday, February 27, 2015 at 7:45:03 PM UTC+8, Martin Burnicki wrote:
> catherine.wei1989 at gmail.com wrote:
> > On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin... at gmail.com wrote:
> >> On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
> >>> catherine.wei1989 at gmail.com wrote:
> >>>> I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem.
> >>>>
> >>>> When I first set the keyid to 0, it said "Invalid key identifier", so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password.
> >>>>
> >>>> Can you give me some advice? Appreciate your help very much.
> >>>>
> >>>>
> >>>> ~ # ntpq
> >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> >>>> Keyid: 0
> >>>> Invalid key identifier
> >>>> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> >>>> Keyid: 1
> >>>> MD5 Password:
> >>>> ***Server disallowed request (authentication?)
> >>>> ntpq>
> >>>>
> >>>
> >>> Please see my reply to your other posting. Why do you post basically the
> >>> same question three times?
> >>>
> >>> Martin
> >>> --
> >>> Martin Burnicki
> >>>
> >>> Meinberg Funkuhren
> >>> Bad Pyrmont
> >>> Germany
> >>
> >> Hi,appreciate for your kind response. I've generate a file
> >>   1 MD5 P[G\;5Ob@[\[Ni4PJx3&  # MD5 key
> >>   2 MD5 z}6`X[cpV%UDktmbghiA  # MD5 key
> >>   3 MD5 %(4%pM<~(8p[cn,,S/0N  # MD5 key
> >>   4 MD5 TT_QA;=x*G$4p1-d"1;C  # MD5 key
> >>   5 MD5 ml~KoJ*<`vM&7fxTeR.@  # MD5 key
> >>   6 MD5 +wc93d8[~tBRyzd<GL{L  # MD5 key
> >>   7 MD5 _WMzU`YQpwN&?5TYJ^5i  # MD5 key
> >>   8 MD5 ~1zzyA.9-fM[|>Zv|mpv  # MD5 key
> >>   9 MD5 ?N4f+')!S9 at 7.V*G3,xI  # MD5 key
> >> 10 MD5 <>u;LcQ*cJ8{%yKo`z1?  # MD5 key
> >> 11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea  # SHA1 key
> >> 12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112  # SHA1 key
> >> 13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832  # SHA1 key
> >> 14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58  # SHA1 key
> >> 15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276  # SHA1 key
> >> 16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11  # SHA1 key
> >> 17 SHA1 14321c68317d531e004497bd9b6b0d475630a291  # SHA1 key
> >> 18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5  # SHA1 key
> >> 19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb  # SHA1 key
> >> 20 SHA1 80515077771a9e6d5bb70d6985b236008d962f34  # SHA1 key
> >>
> >>   I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is like this:
> >>
> >> driftfile /etc/ntp.drift
> >> keys /etc/ntp.keys
> >> trustedkey 1 5
> >> controlkey 5
> >> restrict default ignore
> >> restrict 127.0.0.1
> >> broadcastdelay 0.008
> >> #6000000000s because we start at 1970
> >> tinker panic 6000000000
> >> restrict 3.cn.pool.ntp.org nomodify notrap
> >> server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
> >>
> >> However, when I run ntpq :
> >> ~ # ntpq
> >> ntpq> :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
> >> Keyid: 5
> >> MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
> >> ***Server disallowed request (authentication?)
> >>
> >> I don't know why this happens? Do I need some other configurations? Thank you so much.
> 
> Hm, that should work.
> Can you try it with a simple password first? E.g.:
> 
> 1 MD5 passwd1
> 5 MD5 passwd5
> 
> > By the way, how can I define the controlkey for ntpq. In my case, I just define the controlkey to 5 randomly, is there any rule?
> 
> AFAIK there is no rule. The keys file is just a list of passwords. If 
> you have more than one machines running ntpd then every other machine 
> may have a single, individual trusted key, each with index 1.
> 
> If your local ntpd should talk to all the others then of course you 
> can't add several keys with inde 1 in your local file, so you need to 
> have a keys fle containing all the keys of the other servers, for time 
> sync, plus the control key for your local ntpd. The number is just 
> associated to the entry number of the keys file you are supplying to 
> your local ntpd.
> 
> This is very flexible, but you need to take care to get the keys and 
> index/ID numbers right.
> 
> The third column in /etc/ntp.keys is the password of MD5, right?
> 
> Yes.
> 
> 
> Martin
> -- 
> Martin Burnicki
> 
> Meinberg Funkuhren
> Bad Pyrmont
> Germany

Hi, thank you for your answer, I typed the wrong password. When I changed the complicated password to a simple one say "mypassword" and I tested it again, then authenticate passed, but it's strange why can I change the password ? As it is generated by ntp md5 algorithm, if I change the password, then authenticate should fail and the ntp server can't parse the new password in my understanding.



More information about the questions mailing list