View Only


This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

NTP key length TIL

This thread has been viewed 2 times
  • 1.  NTP key length TIL

    Posted 10-08-2021 09:10
    While upgrading our NTP to run  chrony  we upgraded to use some new keys with sha256 encryption.
    Tested EX switches 20.4R3 SRX 21.1R1-S1.1 code I was not able to use a key length of 512 but was able to use length of 256 on my Juniper gear.

    Just a share.

    My logs would show the switch was not able to connect to the ntp server , and running from cli on request date  run set date ntp key 199
    8 Oct 08:36:44 ntpdate[8723]: no server suitable for synchronization found
    Also running chronyc clients from ntp server showed the client connected.

    Juniper docs seem to conflicts with what I have seen.
    The password can be up to 20 characters in ASCII format, or 40 characters using hex digits.
    Has anyone seen something different posted ?

    chronyc keygen 99 SHA256 256
    64 characters
    128 characters
    chronyc keygen 199 SHA256 512

    Summary this is how i created the key on my ntp server /etc/chrony.key and it works on my Juniper devices.
    chronyc keygen 99 SHA256 256
    run set date ntp key 99
    8 Oct 08:36:26 ntpdate[8687]: step time server offset -0.019890 sec

    The keys posted are  not used production and are just there for a clear example.