[ntp:questions] Configuring ntpd to use multiple NTP servers with authentication

Subhendu Malakar deathholes at outlook.com
Fri Jun 5 13:16:41 UTC 2020


Hi all,
I’m trying to setup a system which connects to multiple NTP server with symmetric key authentication.
For testing, I’m creating my own NTP servers  and client taking help from this link. https://access.redhat.com/solutions/393663
I’m using SHA1 as the type of authentication.

While I was able to connect to each NTP server, but when tried adding all of them in the ntp.conf file, it is connecting to only one of them, rest of them it is not at all connecting.
Looking at the “ntpq -c as” output, it shows auth as “bad” for the server which it is not able to connect. But I was able to connect to the same server in a single server setting.
ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 49718  f65a   yes   yes   ok   sys.peer    sys_peer  5
  2 49719  c01c   yes    no   bad    reject              1
  3 49720  c01c   yes    no   bad    reject              1
  4 49721  903a   yes   yes  none    reject    sys_peer  3

Also, looking at the “ntpq -p” output, I see that the refid is stuck at .INIT.

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
server1  216.239.35.4     2 u   55   64  377    0.560   78.660   1.358
*server2    .INIT.          16 u    -  512    0    0.000    0.000   0.000
server3    .INIT.          16 u    -  512    0    0.000    0.000   0.000
127.127.1.0     .LOCL.          11 l   57   64  377    0.000    0.000   0.000

ntpstat output:
synchronised to NTP server (server1) at stratum 3
   time correct to within 123 ms
   polling server every 64 s


content of ntp.conf:
#----------------------------------------------------
#  DO NOT EDIT THIS FILE - it is machine generated
#----------------------------------------------------
# /etc/ntp.conf, configuration for ntpd

# Interface IP addresses to listen
interface listen xx.xx.xx.xx
# Drift file
driftfile /var/lib/ntp/drift

# Enable authentication
enable auth
# Restrictions
disable monitor
restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
restrict 127.0.0.1 # trust ourself
restrict ::1 # trust ourself

# Authenticated Server(s)
keys /etc/ntp/keys
server server1 iburst minpoll 3 key 1
server server2 iburst minpoll 3 key 2
server server3 iburst minpoll 3 key 3
# Specify the key identifiers which are trusted.
trustedkey 1 2 3
# Specify the key identifier to use with the ntpq utility.
controlkey 1
# Specify the key identifier to use with the ntpdc utility.
requestkey 1
server 127.127.1.0 # local clock
fudge  127.127.1.0 stratum 11


So, my question here is how to configure ntpd to use multiple ntp servers with authentication (SHA-1 only).

Thanks,
Subhendu.


More information about the questions mailing list