Hi all Just an update to close this thread. I just saw that keyid of all 0 as MAC is the crypto-nak and so will pursue that line of investigation.
Thanks Srihari On Tue, May 18, 2021, 3:41 PM Srihari Raghavan <srihari.ragha...@gmail.com> wrote: > Hi all > > I was trying to get SHA1 based symmetric key authentication and MAC work > with a standard Linux NTP server. > > I have root access to the Linux NTP server but the NTP server there is > ALWAYS sending back replies with 'key id: 00000000' with no MAC in reply to > an NTP client sending valid packets. > > 1. Linux test_ntp 3.10.0-957.27.2.el7.x86_64 #1 SMP Tue Jul 9 16:53:14 > UTC 2019 x86_64 x86_64 x86_64 GNU/Linux > 2. ntpd 4.2.6p5 in Red Hat Enterprise Linux Server release 7.6 (Maipo) > 3. I have the following /etc/ntp/keys file as generated by 'ntpkeygen > -M' > 1. # id type key > 21 SHA1 bfe521e1c452d12885dd25ce889 # > <deliberately_truncated_for_this_msg> > 4. openssl is supported - OpenSSL 1.0.2k-fips 26 Jan 2017 > 5. As seen in the attached images, the NTP client sends a key ID: 21 > with a MAC, while the server ALWAYS replies with key ID:0 and no MAC. > 6. Between the same server and client, MD5 configuration and MAC works > perfectly fine. > > I also saw that the RHEL version that I have, has the fixes for the > following issue. > https://bugzilla.redhat.com/show_bug.cgi?id=641800 > > Thoughts? > > Thanks > Srihari > > > _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
