On 2022-04-22, A C <4433...@gmail.com> wrote: > Recently I was looking at the output of the ntpq -np command on a > stratum 2 server I manage and noticed an IP I did not recognized in > the output. (The 3 usual stratum 1s were there, but then a fourth one > (a stratum 3) was also listed.) That fourth entry is listed as a > stratum 3, and the associations details show that it is using NTP > authentication, so I assume this is a legitimate client that is using > a symmetric key to authenticate with my NTP server.
> My ntp stratum 2 server is configured with the "restrict default > nomodify notrap nopeer noquery" so I assume that external clients > cannot add servers to the list using tools such as ntpq/ntpdc. If they have a valid key, they can create symmetric associations with your server by specifying your server as a peer in their config. You would need to have the "noepeer" option in the restrictions to prevent that, but this option is not supported in the ntp package you are using. -- Miroslav Lichvar -- This is questions@lists.ntp.org Subscribe: questions+subscr...@lists.ntp.org Unsubscribe: questions+unsubscr...@lists.ntp.org
