[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[questions] Re: Unknown peer listed in ntpq -p output

On 2022-04-22, A C <4433258@xxxxxxxxx> wrote:
> Recently I was looking at the output of the ntpq -np command on a
> stratum 2 server I manage and noticed an IP I did not recognized in
> the output.  (The 3 usual stratum 1s were there, but then a fourth one
> (a stratum 3) was also listed.)  That fourth entry is listed as a
> stratum 3, and the associations details show that it is using NTP
> authentication, so I assume this is a legitimate client that is using
> a symmetric key to authenticate with my NTP server.

> My ntp stratum 2 server is configured with the "restrict default
> nomodify notrap nopeer noquery" so I assume that external clients
> cannot add servers to the list using tools such as ntpq/ntpdc.

If they have a valid key, they can create symmetric associations
with your server by specifying your server as a peer in their config.

You would need to have the "noepeer" option in the restrictions to
prevent that, but this option is not supported in the ntp package you
are using.

Miroslav Lichvar
This is questions@xxxxxxxxxxxxx
Subscribe: questions+subscribe@xxxxxxxxxxxxx
Unsubscribe: questions+unsubscribe@xxxxxxxxxxxxx