Steve, When I wrote the ntp-keygen page I was mostly concerned to demistify the autokey files; a casual reader could well drown before figuring out all that is needed is the -M option. I put a note to that effect on the page.
Dave Steve Kostecke wrote: > On 2008-07-03, Bob <[EMAIL PROTECTED]> wrote: > > >>I'm getting closer... you actually put the key data in a file that you >>point to. OK... how do I generate the keys? For example, I tried the >>below (of course, the keys listed have been erased...) and which file >>do I use the contents of as key material, how much do I use (just the >>data and no headers), and do I have to do it all on one line per key? >>Thanks for the help on this. I've searched for detailed info without >>success. > > > You're making this more complicated than it needs to be. > > As Martin stated previously, the keys file is just a list of keyids > and passwords. You can populate this file yourself using your prefered > passwords, or you may use ntp-keygen to generate the passwords, or some > combination of both. > > You may create the manually populated keys file with your favorite > editor and generate the passwords in your preferred manner. The contents > of manually populated keys file looks like this: > > -------------------------8X------------------------- > > 1 M a_password > 2 M another_password > 5 M is_right_out > 42 M themeaningoflife > 255 M yet_another_password > > -------------------------8X------------------------- > > If you wish to use ntp-keygen to create the keys file run the following > command in the directory where you wish to store the file: > > ntp-keygen -M > > The contents of the file generated in this way will look similar to: > > -------------------------8X------------------------- > > # ntpkey_MD5key_stasis.3424023800 > # Wed Jul 2 17:43:20 2008 > > 1 MD5 F<=\Q>+xuk:bMHO # MD5 key > > [snip] > > 16 MD5 uWk>srQSIw0d=0N # MD5 key > > -------------------------8X------------------------- > > To use symmetric keys you must configure them in ntp.conf (we'll use the > keyids shown above): > > Tell ntpd where to find the keys file with: > > keys /etc/ntp.keys > > Tell ntpd which keys in that file to trust with: > > trustedkey 1 2 42 255 > > Tell ntpd which keys may be used to authenticate time service with: > > requestkey 1 2 255 > > Tell ntpd which keys may be used to authenticate remote configuration > with: > > controlkey 42 > > Please note that the 'nomodify' restriction overrides the symmetric keys > configuration. So hosts/sub-nets which are covered by 'nomodify' will > not be able to remotely configure ntpd even if they know the right > keyids and passwords. > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
