Re: [chrony-users] NTP to Chrony migration issue with NTP authentication

Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
From: Michael Krell <mkrell@xxxxxxxxx>
Date: Mon, 6 Nov 2023 10:55:12 -0600
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699289742; x=1699894542; darn=chrony.tuxfamily.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=hBYIZIPiHhNj7vhGy1Oj9J3CfXyG07nApmLDYhx8HZM=; b=OQbbChaWFLAv9T/EHcljM5SlSDAr3YXDxVZbb4inU9ZHRxGP2wj/V0XRQZv0yg8mez 4BErAWjQ3cHnI/axGzM4JK3B1sy9tRmWqkWkNxOWBz+F4b2uDLPigJd+w8oEYVSV4jCh VuaA+C5iq6pXM8k55jceN+FLaj6EbLYf2IuW59SHeYU270CERWu/K2PK4AK2ti38mKr0 cp3Vvas0BmxsYSqKtEfm1IVd7brjL8eZYigSox+xaHCFVo6B231bovx5+M7rLbRZyowd vjVISgi1t7qCKEyxvGQ/DiWLDFBJy+ZZnCvyPF5PwomD5wiz81scEGNIUYGKtGaNUGTh 64/A==

I've modified the value in the chrony.keys file to include "HEX:"; retesting "chronyd -dd", now the output does not show the "(NCR_ProcessRxUnknown)" log message. There is still a "Receive timeout" notice in the logs, and time synchronization is still not occurring.

Updated /etc/chrony.keys :

20 SHA1 HEX:421b67770525bde2e926354a88ae2f81c7c76108

I'm going to debug the NTP server side next and see if I can identify if it is throwing any errors.

-Mike

On Mon, Nov 6, 2023 at 9:36 AM Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:

On Mon, Nov 06, 2023 at 09:00:18AM -0600, Michael Krell wrote:
> Our implementation currently uses ASCII keys, and follows the 'optional'
> usage for ASCII (Per the man page for chrony.conf : " The key can be
> specified as a string of ASCII characters not containing white space with
> an optional *ASCII:* prefix, or...".

> /etc/chrony.keys :
>
> 20 SHA1 421b67770525bde2e926354a88ae2f81c7c76108

> /etc/ntp.keys:
>
> 20 SHA1 421b67770525bde2e926354a88ae2f81c7c76108 #RSA-SHA1-compliant

This is not an ASCII key. ntpd interprets keys longer than 20
characters as hexadecimal values, so you need to add HEX: to the key
in chrony.keys.

--
Miroslav Lichvar

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
  - From: Miroslav Lichvar

References:
- [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
  - From: Michael Krell
- Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
  - From: Miroslav Lichvar
- Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
  - From: Michael Krell

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
Next by Date: Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
Previous by thread: Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys
Next by thread: Re: [chrony-users] NTP to Chrony migration issue with NTP authentication with symmetric keys

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/