While upgrading our NTP to run chrony we upgraded to use some new keys with sha256 encryption.
Tested EX switches 20.4R3 SRX 21.1R1-S1.1 code I was not able to use a key length of 512 but was able to use length of 256 on my Juniper gear.
Just a share.
My logs would show the switch was not able to connect to the ntp server , and running from cli on request date run set date ntp 192.168.2.3 key 199
8 Oct 08:36:44 ntpdate[8723]: no server suitable for synchronization found
Also running chronyc clients from ntp server showed the client connected.
Juniper docs seem to conflicts with what I have seen.
The password can be up to 20 characters in ASCII format, or 40 characters using hex digits.
Has anyone seen something different posted ?
chronyc keygen 99 SHA256 256
64 characters
HEX:4FCFA911B8018F2DBD34F3EA6B390615617975351CDE4D9B5E58115A5D5C78A9
128 characters
chronyc keygen 199 SHA256 512
HEX:26C96807485BE1C9E27F78B885A642179D6E678578DDC18CC3BC6BA46DD17707A229B018301C52CF0278615063677474B1E06050611468BA1EE20913D96DDF60
Summary this is how i created the key on my ntp server /etc/chrony.key and it works on my Juniper devices.
chronyc keygen 99 SHA256 256
run set date ntp 192.168.2.3 key 99
8 Oct 08:36:26 ntpdate[8687]: step time server 192.168.2.3 offset -0.019890 sec
The keys posted are not used production and are just there for a clear example.