View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  NTP key length TIL

    Posted 10-08-2021 09:10
    While upgrading our NTP to run  chrony  we upgraded to use some new keys with sha256 encryption.
    Tested EX switches 20.4R3 SRX 21.1R1-S1.1 code I was not able to use a key length of 512 but was able to use length of 256 on my Juniper gear.

    Just a share.

    My logs would show the switch was not able to connect to the ntp server , and running from cli on request date  run set date ntp key 199
    8 Oct 08:36:44 ntpdate[8723]: no server suitable for synchronization found
    Also running chronyc clients from ntp server showed the client connected.

    Juniper docs seem to conflicts with what I have seen.
    The password can be up to 20 characters in ASCII format, or 40 characters using hex digits.
    Has anyone seen something different posted ?

    chronyc keygen 99 SHA256 256
    64 characters
    128 characters
    chronyc keygen 199 SHA256 512

    Summary this is how i created the key on my ntp server /etc/chrony.key and it works on my Juniper devices.
    chronyc keygen 99 SHA256 256
    run set date ntp key 99
    8 Oct 08:36:26 ntpdate[8687]: step time server offset -0.019890 sec

    The keys posted are  not used production and are just there for a clear example.