[ntp:questions] Generating keys for ntpdc control

Per Hedeland per at hedeland.org
Fri Jul 4 21:48:54 UTC 2008


In article <uCubk.27069$s77.14269 at bignews3.bellsouth.net> "Bob"
<bobsjunkmail at bellsouth.net> writes:
>
>"Steve Kostecke" <kostecke at ntp.org> wrote in message 
>news:slrng6sdqh.lip.kostecke at stasis.kostecke.net...
>
>> None of the following is germane to your symmetric key issue, but ...
>>
>>> keys "C:\Program Files\NTP\etc\ntp.keys"
>>> enable auth
>>
>> Auth is enabled by default. It can be disabled on the command-line. The
>> worst that can happen is this line will generate an extra log entry.
>
>I disabled auth earlier this week, and promptly got attacked. I did an 
>enable auth with the intention of reversing my disable auth.

Unless someone has done something really bad to current versions of the
code, enable/disable auth has nothing to do with ntpdc control commands
- those *always* require authentication, and if you haven't configured a
key file, they just cannot be done. If (as you claimed earlier) your
config got changed by someone else, you have bigger problems to chase
(as in someone has broken into your system). I suspect that you were
just seeing a badly-behaved client trying to get time from your server,
though.

--Per Hedeland
per at hedeland.org




More information about the questions mailing list