Switching

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  NTP key length TIL

    Posted 10-08-2021 09:10
    While upgrading our NTP to run  chrony  we upgraded to use some new keys with sha256 encryption.
    Tested EX switches 20.4R3 SRX 21.1R1-S1.1 code I was not able to use a key length of 512 but was able to use length of 256 on my Juniper gear.

    Just a share.

    My logs would show the switch was not able to connect to the ntp server , and running from cli on request date  run set date ntp 192.168.2.3 key 199
    8 Oct 08:36:44 ntpdate[8723]: no server suitable for synchronization found
    Also running chronyc clients from ntp server showed the client connected.

    Juniper docs seem to conflicts with what I have seen.
    The password can be up to 20 characters in ASCII format, or 40 characters using hex digits.
    Has anyone seen something different posted ?


    chronyc keygen 99 SHA256 256
    64 characters
    HEX:4FCFA911B8018F2DBD34F3EA6B390615617975351CDE4D9B5E58115A5D5C78A9
    128 characters
    chronyc keygen 199 SHA256 512
    HEX:26C96807485BE1C9E27F78B885A642179D6E678578DDC18CC3BC6BA46DD17707A229B018301C52CF0278615063677474B1E06050611468BA1EE20913D96DDF60

    Summary this is how i created the key on my ntp server /etc/chrony.key and it works on my Juniper devices.
    chronyc keygen 99 SHA256 256
    run set date ntp 192.168.2.3 key 99
    8 Oct 08:36:26 ntpdate[8687]: step time server 192.168.2.3 offset -0.019890 sec

    The keys posted are  not used production and are just there for a clear example.