[email protected] wrote: Joe Smithian wrote: >> Hi, I've defined the following symmetric keys in my NTP >> client and serve but they didn't work. >> I defined them based on my understanding of the ntp key >> man page which doesn't have sample keys. >> 1 A passA1 >> 2 N 0xC7D3C7D3C7D3C7D3 >> 3 S 0xD7DAD7DAD7DAD7DA >> 4 S 0xd5b5cdd9dcfec1f1 >> NTP Associations Status: >> ind assid status conf reach auth condition last_event cnt >> 1 21670 963a yes yes none sys.peer sys_peer 3 >> 2 21671 c02c yes *no bad * reject 2 > I'd appreciate it if some one can post sample of A,M,N and S keys > > I have question. it seems you have already pass md5 and sha1 test. > Would you tell me these lines below you added directly into > ntp.keys or you use ntp-keygen -M to generate? >> 1 A passA1 >> 2 N 0xC7D3C7D3C7D3C7D3 >> 3 S 0xD7DAD7DAD7DAD7DA >> 4 S 0xd5b5cdd9dcfec1f1
<http://www.eecis.udel.edu/~mills/ntp/html/keygen.html> <http://www.eecis.udel.edu/~mills/ntp/html/authentic.html> Figure 1. Typical Symmetric Key File Is there a trustedkey line in the ntp.conf ? Matching keys on the other end ? and also on the trustedkey line at the other end ? I remember there being issues circa Fed 2011 ? with using old versions of OPENSSL openssl-0.9.8 ? with current NTP 4.2.7p1xx or later and 4.2.6p4 or later ? that needed to be upgraded to openssl-1.0+; although I think it may have been related to just windows libeay32.dll ? See Also: 16 vs 20 byte keys thread <https://groups.google.com/group/comp.protocols.time.ntp/browse_thread/thread/e02d22106a25988e> -- E-Mail Sent to this address <[email protected]> will be added to the BlackLists. _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
