"Steve Kostecke" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On 2008-07-03, Bob <[EMAIL PROTECTED]> wrote: > >> I'm getting closer... you actually put the key data in a file that you >> point to. OK... how do I generate the keys? For example, I tried the >> below (of course, the keys listed have been erased...) and which file >> do I use the contents of as key material, how much do I use (just the >> data and no headers), and do I have to do it all on one line per key? >> Thanks for the help on this. I've searched for detailed info without >> success. > > You're making this more complicated than it needs to be. > > As Martin stated previously, the keys file is just a list of keyids > and passwords. You can populate this file yourself using your prefered > passwords, or you may use ntp-keygen to generate the passwords, or some > combination of both. > > You may create the manually populated keys file with your favorite > editor and generate the passwords in your preferred manner. The contents > of manually populated keys file looks like this: > > -------------------------8X------------------------- > > 1 M a_password > 2 M another_password > 5 M is_right_out > 42 M themeaningoflife > 255 M yet_another_password > > -------------------------8X------------------------- > > If you wish to use ntp-keygen to create the keys file run the following > command in the directory where you wish to store the file: > > ntp-keygen -M > > The contents of the file generated in this way will look similar to: > > -------------------------8X------------------------- > > # ntpkey_MD5key_stasis.3424023800 > # Wed Jul 2 17:43:20 2008 > > 1 MD5 F<=\Q>+xuk:bMHO # MD5 key > > [snip] > > 16 MD5 uWk>srQSIw0d=0N # MD5 key > > -------------------------8X------------------------- > > To use symmetric keys you must configure them in ntp.conf (we'll use the > keyids shown above): > > Tell ntpd where to find the keys file with: > > keys /etc/ntp.keys > > Tell ntpd which keys in that file to trust with: > > trustedkey 1 2 42 255 > > Tell ntpd which keys may be used to authenticate time service with: > > requestkey 1 2 255 > > Tell ntpd which keys may be used to authenticate remote configuration > with: > > controlkey 42 > > Please note that the 'nomodify' restriction overrides the symmetric keys > configuration. So hosts/sub-nets which are covered by 'nomodify' will > not be able to remotely configure ntpd even if they know the right > keyids and passwords. >
Still not working.... I did restart ntpd after creating the files.... C:\PROGRA~1\NTP\etc>type ntp.keys 1 M a_password 2 M another_password 5 M is_right_out 42 M themeaningoflife 255 M yet_another_password ***> ntp.conf contains: #--# authentication section #--# keys "C:\Program Files\NTP\etc\ntp.keys" enable auth trustedkey 1 2 42 255 requestkey 1 2 255 controlkey 42 #--# end of authentication section #--# ***> Yet, I get Permission denied C:\PROGRA~1\NTP\etc>ntpdc ntpdc> restri 64.198.211.64 255.255.255.255 noserve Keyid: 42 ***Permission denied <**** I entered "themeaningoflife" here ntpdc> vers ntpdc [EMAIL PROTECTED] Jul 25 12:53:26 (UTC+02:00) 2007 (3) _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
