Re: [chrony-users] how to create a hashed chrony command password, it does not seem to work..

[ Thread Index | Date Index | More Archives ]

On Sat, Feb 08, 2014 at 02:05:32PM +0100, Ferry de Jong wrote:
> Hello chrony users,
> How do I generate a hashed password for the /etc/chrony.keys file? The
> instructions in the man pages and documentation I found seem incomplete and
> my 'normal' hashing method leads to "Reply not authenticated" errors.
> Assuming a password of    foobar    , I assume to generate a hash like this:
> echo -n foobar | md5sum
> 3858f62230ac3c915f300c664312c63f  -
> But if I add to /etc/chrony.keys
> 99 MD5 HEX:3858f62230ac3c915f300c664312c63f

The string in the keyfile is the password, it's not a hash of a
password. The hash function specified in the file is used to generate
and verify message authentication codes (MAC) in the NTP and control

I agree this should be explained better in the documentation.

> Now I restart the chronyd so the changed content of both files is read, but
> the password is not accepted.
> chronyc> password
> Password: [typing foobar]

It should be HEX:3858f62230ac3c915f300c664312c63f here, not foobar.
It's better to use the -a option to let chronyc get the password from
the keyfile and authenticate automatically.

> 501 Not authorised --- Reply not authenticated
> What is puzzling me is that on in
> the "4.2.10 commandkey" section it states that the hash for foobar is a
> different one, being B028F91EA5C38D06C2E140B26C7F41EC.

I'll fix that. Thanks.

Miroslav Lichvar

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+