Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Washi

They are plaintext, but have to follow the correct format in the config file or in the keys file.

Did you try the Access Labs link for NTP configuration that I sent earlier?

Here is a sample of what it generates for /etc/ntp.conf using 111.222.333.444 for the NTP server:

# START FILE
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

server 111.222.333.444 iburst key 1

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
trustedkey 1

# Specify the key identifier to use with the ntpdc utility.
requestkey 1

# Specify the key identifier to use with the ntpq utility.
controlkey 1

# Enable writing of statistics records.
statistics clockstats cryptostats loopstats peerstats sysstats rawstats
# END FILE

The /etc/ntp/keys file contains:

1 MD5 }Vp72N9amdf-Qa6`FQ^Y

the part that looks like this: }Vp72N9amdf-Qa6`FQ^Y
should be the same as the key that your NTP server is using to authenticate the other clients on your network. I generated the key with the ntp-keygen command.

The /etc/ntp/crypto/pw file can be empty, but must exist.


30 posted on 01/25/2016 4:32:16 PM PST by DataDink
[ Post Reply | Private Reply | To 29 | View Replies ]

To: DataDink
The /etc/ntp/keys file contains:

1 MD5 }Vp72N9amdf-Qa6`FQ^Y

the part that looks like this: }Vp72N9amdf-Qa6`FQ^Y should be the same as the key that your NTP server is using to authenticate the other clients on your network. I generated the key with the ntp-keygen command.

Okay, so does the ntp-keygen command just spit out random ASCII text, or do you supply a plaintext word, and it spits out ASCII text representing the MD5 hash of the plaintext?

31 posted on 01/25/2016 7:12:40 PM PST by Washi (All lives matter, or none do.)
[ Post Reply | Private Reply | To 30 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson