Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  NTP key length TIL

    Posted 18 days ago
    While upgrading our NTP to run  chrony  we upgraded to use some new keys with sha256 encryption.
    Tested EX switches 20.4R3 SRX 21.1R1-S1.1 code I was not able to use a key length of 512 but was able to use length of 256 on my Juniper gear.

    Just a share.

    My logs would show the switch was not able to connect to the ntp server , and running from cli on request date  run set date ntp 192.168.2.3 key 199
    8 Oct 08:36:44 ntpdate[8723]: no server suitable for synchronization found
    Also running chronyc clients from ntp server showed the client connected.

    Juniper docs seem to conflicts with what I have seen.
    The password can be up to 20 characters in ASCII format, or 40 characters using hex digits.
    Has anyone seen something different posted ?


    chronyc keygen 99 SHA256 256
    64 characters
    HEX:4FCFA911B8018F2DBD34F3EA6B390615617975351CDE4D9B5E58115A5D5C78A9
    128 characters
    chronyc keygen 199 SHA256 512
    HEX:26C96807485BE1C9E27F78B885A642179D6E678578DDC18CC3BC6BA46DD17707A229B018301C52CF0278615063677474B1E06050611468BA1EE20913D96DDF60

    Summary this is how i created the key on my ntp server /etc/chrony.key and it works on my Juniper devices.
    chronyc keygen 99 SHA256 256
    run set date ntp 192.168.2.3 key 99
    8 Oct 08:36:26 ntpdate[8687]: step time server 192.168.2.3 offset -0.019890 sec

    The keys posted are  not used production and are just there for a clear example.