Re: [ntp:questions] ntpq authentication problem
On Saturday, February 28, 2015 at 2:25:02 AM UTC+8, Jan Ceuleers wrote:
On 27/02/15 10:54, catherine.wei1...@gmail.com wrote:
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank
you so much.
I found that the permissions on the ntp.keys file matter. They should be
600.
(I wrote all this in my email to you and the list on the 11th of Feb;
both points (that you need a controlkey and that you need to set the
permissions on the keys file) were included).
Final point: when you're done and you got it working, throw away your
keys file and generate a new-one, because now everybody in the world
knows your keys.
HTH, Jan
Hi Jan, thank you.
I'm using my own PC as an ntp server, and my embedded box(linux system) as ntp
client. I generate key files through ntp-keygen on my PC and copied it both to
/etc/ntp.keys on ntp client(the box) and my PC, then log on to the box. the
ntp.conf on ntp client is:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 8 600
controlkey 8
restrict default ignore
restrict 127.0.0.1
#enable mode7
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 192.168.1.101 nomodify notrap
server 192.168.1.101 minpoll 3 maxpoll 4
key file is
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
600 MD5 mypassword # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I just changed the 10th one manually. After I logged, and execute: ntpq :config
unconfig 10.172.161.16 . The results still like this:
~ # ntpq
ntpq :config unconfig 10.172.161.16
Keyid: 600
MD5 Password: (mypassword)
***Server disallowed request (authentication?)
ntpq
Is there anything wrong in my operation? Thank you.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 28/02/15 03:47, catherine.wei1...@gmail.com wrote: Is there anything wrong in my operation? Thank you. Only thing I can think of is that the keys file might not be owned by root. Is it? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Could some one help in pointing out the error here
On 2015-02-28, catherine.wei1...@gmail.com catherine.wei1...@gmail.com wrote: On Saturday, April 21, 2007 at 9:50:48 PM UTC+8, Steve Kostecke wrote: On 2007-04-21, Remo madhu_me...@yahoo.co.uk wrote: I was not able to set a remote server's leap. It looks like the NTP packets from the query is not generated at all. Though the sendpkt procedure is being called sendrequest, I am not able to see the packet reaching the other side. I guess that I am missing something as there is a error reported with authentication. I believe that the real issue is that you can't use writevar to set the leap. ntpq asso ind assID status conf reach auth condition last_event cnt === 1 17284 f614 yes yes ok sys.peer reachable 1 2 17285 c000 yes yes badreject ntpq writevar 17284 leap=1 Keyid: 64 MD5 Password: ***Server disallowed request (authentication?) I have flock of systems that are set up to allow remote modification and have a working symmetric key set. When I tried to set the leap on another ntpd I see the same message: steve@stasis:~$ ntpq ntpq as ... 2 20879 7014no yes ok reject reachable 1 ... ntpq writevar 20879 leap=1 Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) I've also tried setting the local ntpd leap and that fails, too: ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 ntpq writevar 0 leap=1 ***Server returned an unspecified error ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 trustedkey 1234 requestkey 61 controlkey 64 All of the keys must be listed on the 'trustedkey' line. This tells ntpd to trust those keys; the default is to trust these keys to authenticate time service. Subsets of the trusted keys may also be specified on the 'trustedkey' and 'requestkey' lines if you wish to allow the use of certain keys by ntpdc and ntpq. This is discussed in the distribution documentation at http://www.cis.udel.edu/~mills/ntp/html/authopt.html#symm (the emphasis is mine): When ntpd is first started, it reads the key file specified in the keys configuration command and installs the keys in the key cache. HOWEVER, INDIVIDUAL KEYS MUST BE ACTIVATED WITH THE TRUSTEDKEY COMMAND BEFORE USE. This allows, for instance, the installation of possibly several batches of keys and then activating or deactivating each batch remotely using ntpdc. This also provides a revocation capability that can be used if a key becomes compromised. THE REQUESTKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPDC UTILITY, WHILE THE CONTROLKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPQ UTILITY. This is also documented in section 6.1.3.3 at http://www.eecis.udel.edu/~ntp/ntpfaq/NTP-s-config.htm Is this possible to work without authentication. Please help. You could disable authentication when ntpd is started, but this will leave your ntpd open to being remotely modified by anyone who can connect to it. Or could you not use restrict to restrict who is able to change things on your machine. That does not necessarily stop people from getting time from it (not sure what you meant by anyone who can connect to it) ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Could some one help in pointing out the error here
On Saturday, April 21, 2007 at 9:50:48 PM UTC+8, Steve Kostecke wrote: On 2007-04-21, Remo madhu_me...@yahoo.co.uk wrote: I was not able to set a remote server's leap. It looks like the NTP packets from the query is not generated at all. Though the sendpkt procedure is being called sendrequest, I am not able to see the packet reaching the other side. I guess that I am missing something as there is a error reported with authentication. I believe that the real issue is that you can't use writevar to set the leap. ntpq asso ind assID status conf reach auth condition last_event cnt === 1 17284 f614 yes yes ok sys.peer reachable 1 2 17285 c000 yes yes badreject ntpq writevar 17284 leap=1 Keyid: 64 MD5 Password: ***Server disallowed request (authentication?) I have flock of systems that are set up to allow remote modification and have a working symmetric key set. When I tried to set the leap on another ntpd I see the same message: steve@stasis:~$ ntpq ntpq as ... 2 20879 7014no yes ok reject reachable 1 ... ntpq writevar 20879 leap=1 Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) I've also tried setting the local ntpd leap and that fails, too: ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 ntpq writevar 0 leap=1 ***Server returned an unspecified error ntpq rv 0 leap assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, leap=00 trustedkey 1234 requestkey 61 controlkey 64 All of the keys must be listed on the 'trustedkey' line. This tells ntpd to trust those keys; the default is to trust these keys to authenticate time service. Subsets of the trusted keys may also be specified on the 'trustedkey' and 'requestkey' lines if you wish to allow the use of certain keys by ntpdc and ntpq. This is discussed in the distribution documentation at http://www.cis.udel.edu/~mills/ntp/html/authopt.html#symm (the emphasis is mine): When ntpd is first started, it reads the key file specified in the keys configuration command and installs the keys in the key cache. HOWEVER, INDIVIDUAL KEYS MUST BE ACTIVATED WITH THE TRUSTEDKEY COMMAND BEFORE USE. This allows, for instance, the installation of possibly several batches of keys and then activating or deactivating each batch remotely using ntpdc. This also provides a revocation capability that can be used if a key becomes compromised. THE REQUESTKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPDC UTILITY, WHILE THE CONTROLKEY COMMAND SELECTS THE KEY USED AS THE PASSWORD FOR THE NTPQ UTILITY. This is also documented in section 6.1.3.3 at http://www.eecis.udel.edu/~ntp/ntpfaq/NTP-s-config.htm Is this possible to work without authentication. Please help. You could disable authentication when ntpd is started, but this will leave your ntpd open to being remotely modified by anyone who can connect to it. -- Steve Kostecke koste...@ntp.isc.org NTP Public Services Project - http://ntp.isc.org/ Hi, does that mean I need to know the controlkey and corresponding password on the ntp server, if I want to use ntpq :config on ntp client? If so, how could I get the key and password in remote ntp server? Appreciate for you quick response. Thank you. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq controlling xntpd ?
On Tuesday, July 30, 1991 at 1:26:40 AM UTC+9, Nick Sayer wrote: Since I run a CHU clock, it is sometimes the case that the clock will be doing a bunch of cron jobs at night, so the clock will run slightly slow, xntpd will adjust for that, then it will lose propagation from CHU, and be stuck thinking the clock is running slow when all the heavy cron jobs finish. So by the time CHU comes back in the morning, the clock is off by a bunch in the other direction. When I try to fix the frequency with ntpq, here's what happens: quack% ntpq ntpq authen yes ntpq addvar freq=-0.01 ntpq key 2 ntpq passw Password: [not shown] ntpq writelist ***Server disallowed request (authentication?) ntpq quack% key 2 is properly listed as the requestkey in /etc/ntp.conf. The error message listed is NOT the same message you get if you use the wrong key or wrong password. What's the deal? -- Nick Sayer | Think of me as a recombinant| RIP: Mel Blanc mrap...@quack.sac.ca.us | Simpson: Homer's looks, Lisa's | 1908-1989 N6QQQ | brains, Bart's manners, and | May he never 209-952-5347 (Telebit) | Maggie's appetite for TV. --Me | be silenced. If you use ntpq, key 2 should be listed as the controlkey in /etc/ntp.conf. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] IERS Leapseconds Web Service
K ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
Ggg ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On 27/02/15 10:54, catherine.wei1...@gmail.com wrote: However, when I run ntpq : ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 5 MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys) ***Server disallowed request (authentication?) I don't know why this happens? Do I need some other configurations? Thank you so much. I found that the permissions on the ntp.keys file matter. They should be 600. (I wrote all this in my email to you and the list on the 11th of Feb; both points (that you need a controlkey and that you need to set the permissions on the keys file) were included). Final point: when you're done and you got it working, throw away your keys file and generate a new-one, because now everybody in the world knows your keys. HTH, Jan ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
catherine.wei1...@gmail.com writes: Hi, if I add :config in front of addpeer, it seems that an authentication is required. When I specify the keyid to 0, it said invalid key identifier. If you are going to use :config you will need to specify a 'controlkey' entry in your ntp.conf file (see the ntp.conf man page) and create a corresponding key in your ntp.keys file -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member! ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Authentication problem
catherine.wei1...@gmail.com schrieb:
On Wednesday, February 27, 2008 at 3:29:58 AM UTC+8, Dennis Hilberg, Jr. wrote:
# Authentication
keys /etc/ntp/keys
trustedkey 1
requestkey 1
controlkey 1
And my keys file looks like this:
1 M somepassword
Thanks,
Dennis
--
Dennis Hilberg, Jr. \ timekeeper(at)dennishilberg(dot)com
NTP Server Information: \ http://saturn.dennishilberg.com/ntp.php
Hi, I'm lately upgrading the ntp from 4.6.5 to 4.8.1p, ...
Hm, I guess you mean from 4.2.6p5 to 4.2.8p1, and I hope your spelling
is more accurate in your config files. ;-)
... when I use ntpq to add server, it prompted for a keyid and MD5
password. I don't know how to get this keyid and password. Before the
upgrade, the keyid is 0, so it doesn't need authentification. Can you
tell me how to get the keyid and password? Thank you.
Have you read what Dennis has written, quoted above?
If you are using symmetric key authentication as for use with ntpq then
you have to create a text file containing one or more keys, for example
a file /etc/ntp.keys with these lines:
1 M somepassword
5 M anotherpassword
In ntp.conf you have to specify a path to this file, e.g.:
keys /etc/ntp.keys # path for keys file
and you need to specify which of the keys (1 or 5 in this example)
should be used for which purposes, e.g.
trustedkey 1 5 # define trusted keys
controlkey 5 # this key to be used with ntpq (mode 6 packets)
In NTP 4.2.6p5 you could also specify
requestkey 5 # this key to be used with ntpdc (mode 7 packets)
but the latter should be obsolete in 4.2.8 since the functionality of
ntpdc has been moved to the ntpq utility, and ntpdc isn't used anymore
by default.
When ntpq asks you for a key ID and password you have to enter key ID
5 (since this is the control key) and the associated password
anotherpassword, or whatever your file contains.
You can also use the ntp-keygen utility to generate a file with several
keys. For example, ntp_keygen -M generates a file containing lines like
this:
1 MD5 758gBsvq9OEG@;l;niFT # MD5 key
2 MD5 5oL9nE/B3![kpc\Tv0 # MD5 key
3 MD5 w5t/1(E@,lGJi^-]3Fh # MD5 key
4 MD5 QzH$eq/yAb;x38Ga)0^ # MD5 key
5 MD5 *CUj^t)L0XL;=[L7-KW # MD5 key
6 MD5 x?_q^3Xd:d[im[iBvM%[ # MD5 key
7 MD5 Zd5wky*r;[0e?h2l{%]t # MD5 key
8 MD5 f[N'S7'c...@wd.qu^JpB # MD5 key
9 MD5 =[)AG6WZQK-'gFDrmNV # MD5 key
10 MD5 -3OB0VbnAV0/O=HT5he) # MD5 key
11 SHA1 9b759ab4409e0e24d3949d07e3cf52c2f0e7e2c4 # SHA1 key
12 SHA1 7335501b2b8fbfe622f4d14ad5636ddbcde648ed # SHA1 key
13 SHA1 67b52deb3ff2b5efdc318da522c0f88403e31f8e # SHA1 key
14 SHA1 c0b539b695002f8ce912d8c7ef2a6caa019b5838 # SHA1 key
15 SHA1 0eba962d966aa1723d679dbec08f0f4bc4cc3afa # SHA1 key
16 SHA1 f46a4b9adec3a11abdeb9e55b50ea7fdb775f951 # SHA1 key
17 SHA1 dc50c6de43b7953a87386e4babd0188e36f74527 # SHA1 key
18 SHA1 2ea2a9237824f9e7098c539604de518b89eee2ad # SHA1 key
19 SHA1 5b835caa6409adf2ead5c6639897c20bcf073c39 # SHA1 key
20 SHA1 3826bb111ab07755d790a8d81bb6139991c87e9c # SHA1 key
However, the name of the created file is somewhat different, so either
you have to copy/rename it to /etc/ntp.keys, or you have to specify the
real file name in ntp.conf.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
catherine.wei1...@gmail.com schrieb: On Saturday, February 7, 2015 at 11:25:02 AM UTC+8, Harlan Stenn wrote: Pretty much the same thing, except with :config addpeer ... and :config unconfig I think... Please feel free to add examples to: http://support.ntp.org/Support/MonitoringAndControllingNTP http://support.ntp.org/Dev/DeprecatingNtpdate H Richard writes: What is ntpq's equivelant of -c addpeer ntp host and -c unconfig ntp host ? I just upgraded from ntp 4.2.6 to 4.2.8 and ntpdc isn't connecting to my local ntpd. According to the ntpdc man page: ntpdc is deprecated. Please use ntpq(1) instead - it can do everything ntpdc used to do, In ntpq how do I do the equivalent of ntpdc's -c addpeer or -c unconfig commands? Here is part of what previously did with ntpdc: /usr/sbin/ntpc -4 -c keyid 5 -c passwd mypassword \ -c addpeer ntp server localhost ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions Hi, if I add :config in front of addpeer, it seems that an authentication is required. When I specify the keyid to 0, it said invalid key identifier. Please see my reply to your other posting. Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote: catherine.wei1...@gmail.com wrote: I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1 version. And I met a problem. When I first set the keyid to 0, it said Invalid key identifier, so I set it to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and password. Can you give me some advice? Appreciate your help very much. ~ # ntpq ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 0 Invalid key identifier ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst Keyid: 1 MD5 Password: ***Server disallowed request (authentication?) ntpq Please see my reply to your other posting. Why do you post basically the same question three times? Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany OK, thank you. Very sorry for my repeat post here, my network is not stable and quite slow, I thought I had failed to posted it so I posted again. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] moving from ntpdc to ntpq
On Friday, February 27, 2015 at 5:10:02 PM UTC+8, Harlan Stenn wrote: catherine.wei1...@gmail.com writes: Hi, if I add :config in front of addpeer, it seems that an authentication is required. When I specify the keyid to 0, it said invalid key identifier. If you are going to use :config you will need to specify a 'controlkey' entry in your ntp.conf file (see the ntp.conf man page) and create a corresponding key in your ntp.keys file -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member! Hi, Harlan In my system, ntpdc was used to add an ntp server and the command is like this: ntpdc -c keyid 0 -c addserver 10.172.161.16 minpoll 3 maxpoll 4 burst since keyid is 0, we don't need authentication. But now, I use ntpq to replace ntpdc, if I add :config before addserver, I need to authenticate. Is there any way to avoid authenticate in ntpq utility? Thank you. I don't know how to addserver in ntpq. There's little knowledge about this on the Internet. Thank you so much. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated in
4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I set
it to 1, but it requires a MD5 Password. I don't quite understand how to
get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some
commands which depend on ntpdc to ntpq since ntpdc has been depreciated
in 4.8.1 version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I
set it to 1, but it requires a MD5 Password. I don't quite understand how
to get the keyid and password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
By the way, how can I define the controlkey for ntpq. In my case, I just define
the controlkey to 5 randomly, is there any rule? The third column in
/etc/ntp.keys is the password of MD5, right?
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpq authentication problem
catherine.wei1...@gmail.com wrote:
On Friday, February 27, 2015 at 5:54:41 PM UTC+8, catherin...@gmail.com wrote:
On Friday, February 27, 2015 at 4:45:03 PM UTC+8, Martin Burnicki wrote:
catherine.wei1...@gmail.com wrote:
I've upgrading the ntp from 4.6.1 to 4.8.1, and need to change some commands
which depend on ntpdc to ntpq since ntpdc has been depreciated in 4.8.1
version. And I met a problem.
When I first set the keyid to 0, it said Invalid key identifier, so I set it
to 1, but it requires a MD5 Password. I don't quite understand how to get the keyid and
password.
Can you give me some advice? Appreciate your help very much.
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 0
Invalid key identifier
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 1
MD5 Password:
***Server disallowed request (authentication?)
ntpq
Please see my reply to your other posting. Why do you post basically the
same question three times?
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
Hi,appreciate for your kind response. I've generate a file
1 MD5 P[G\;5Ob@[\[Ni4PJx3 # MD5 key
2 MD5 z}6`X[cpV%UDktmbghiA # MD5 key
3 MD5 %(4%pM~(8p[cn,,S/0N # MD5 key
4 MD5 TT_QA;=x*G$4p1-d1;C # MD5 key
5 MD5 ml~KoJ*`vM7fxTeR.@ # MD5 key
6 MD5 +wc93d8[~tBRyzdGL{L # MD5 key
7 MD5 _WMzU`YQpwN?5TYJ^5i # MD5 key
8 MD5 ~1zzyA.9-fM[|Zv|mpv # MD5 key
9 MD5 ?N4f+')!S9@7.V*G3,xI # MD5 key
10 MD5 u;LcQ*cJ8{%yKo`z1? # MD5 key
11 SHA1 591701ab51fd2936651ce6920ffecc3ea5b99dea # SHA1 key
12 SHA1 6fe71721baef0e91c41e23984cf9f663f18ba112 # SHA1 key
13 SHA1 bb96c2b73f01659194a94cadc496cedfa12f3832 # SHA1 key
14 SHA1 51f5237ef46c99492070deb5a762d7f434794b58 # SHA1 key
15 SHA1 21c578d9e5d56a8bdc0560443f96f1047c93a276 # SHA1 key
16 SHA1 5c3927c1e05559f5695a353636d4c3ddff6e7e11 # SHA1 key
17 SHA1 14321c68317d531e004497bd9b6b0d475630a291 # SHA1 key
18 SHA1 89ac3debc33937ba25638ef0fc035d830fea6fe5 # SHA1 key
19 SHA1 9f47dda7ae80426c6aa8acac22dc9afef4b900fb # SHA1 key
20 SHA1 8051501a9e6d5bb70d6985b236008d962f34 # SHA1 key
I've renamed it to npt.keys, put it /etc/ntp.keys. My /etc/ntp.conf file is
like this:
driftfile /etc/ntp.drift
keys /etc/ntp.keys
trustedkey 1 5
controlkey 5
restrict default ignore
restrict 127.0.0.1
broadcastdelay 0.008
#60s because we start at 1970
tinker panic 60
restrict 3.cn.pool.ntp.org nomodify notrap
server 3.cn.pool.ntp.org minpoll 3 maxpoll 4
However, when I run ntpq :
~ # ntpq
ntpq :config addserver 192.168.1.101 minpoll 3 maxpoll 4 burst
Keyid: 5
MD5 Password:(password corresponding to keyid 5 in /etc/ntp.keys)
***Server disallowed request (authentication?)
I don't know why this happens? Do I need some other configurations? Thank you
so much.
Hm, that should work.
Can you try it with a simple password first? E.g.:
1 MD5 passwd1
5 MD5 passwd5
By the way, how can I define the controlkey for ntpq. In my case, I just define
the controlkey to 5 randomly, is there any rule?
AFAIK there is no rule. The keys file is just a list of passwords. If
you have more than one machines running ntpd then every other machine
may have a single, individual trusted key, each with index 1.
If your local ntpd should talk to all the others then of course you
can't add several keys with inde 1 in your local file, so you need to
have a keys fle containing all the keys of the other servers, for time
sync, plus the control key for your local ntpd. The number is just
associated to the entry number of the keys file you are supplying to
your local ntpd.
This is very flexible, but you need to take care to get the keys and
index/ID numbers right.
The third column in /etc/ntp.keys is the password of MD5, right?
Yes.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
