Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


I've modified the value in the chrony.keys file to include "HEX:"; retesting "chronyd -dd", now the output does not show the "(NCR_ProcessRxUnknown)" log message.  There is still a "Receive timeout" notice in the logs, and time synchronization is still not occurring.

Updated /etc/chrony.keys :
20      SHA1    HEX:421b67770525bde2e926354a88ae2f81c7c76108

I'm going to debug the NTP server side next and see if I can identify if it is throwing any errors.

-Mike









On Mon, Nov 6, 2023 at 9:36 AM Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:
On Mon, Nov 06, 2023 at 09:00:18AM -0600, Michael Krell wrote:
> Our implementation currently uses ASCII keys, and follows the 'optional'
> usage for ASCII (Per the man page for chrony.conf : " The key can be
> specified as a string of ASCII characters not containing white space with
> an optional *ASCII:* prefix, or...".

> /etc/chrony.keys :
>
> 20      SHA1    421b67770525bde2e926354a88ae2f81c7c76108

> /etc/ntp.keys:
>
> 20 SHA1 421b67770525bde2e926354a88ae2f81c7c76108  #RSA-SHA1-compliant

This is not an ASCII key. ntpd interprets keys longer than 20
characters as hexadecimal values, so you need to add HEX: to the key
in chrony.keys.

--
Miroslav Lichvar


--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/