Fwd: [chrony-users] ntp symmetric auth for internal clients

[Ede Wolf <listac@xxxxxxxxxxxxxxxx>]

Forgott the copy to mailing list.


Am 02.09.24 um 13:06 schrieb Miroslav Lichvar:
> On Mon, Sep 02, 2024 at 12:48:42PM +0200, Ede Wolf wrote:
> > I need to specify a key for the systems I am serving to, however, the local
> > directrive has no key option available.
>
> A server cannot force clients to use a key. The key needs to be
> specified on the client side.
>
> > And a global option, similar to "trustedkey 5" in ntpd.conf, for those who
> > are also familiar with ntpd, seems also not available.
>
> All keys in the chrony key file are trusted. Unlike with ntpd, there
> is no way to trust only a subset of them.
>
> chrony and ntpd should interoperate in both client-server directions.
>
> > So if I want to require, let's say key 5 for internal clients, what would be
> > the proper way to archive this?
>
> Specify it in the server directive in the client's config.

First, thanks very much for your fast response.

As for specifying the key on the client side, that is exactly what I 
have done, still ntpd claims auth = bad

The issue seemd to be sha1, as using a md5 key, something I have avoided 
so far, makes everything work.

But the idea to try another algorithm came with your mail. Thanks very 
much again.


--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.