[nsp] NTP authentication keys

atticus at satanic.org atticus at satanic.org
Mon Nov 3 15:19:40 EST 2003


Should've specified it initially, but the passwd 'mode' key at the end of
the string (rather than the front as w/ most everything else) appears to
be ignored in the CLI:

# sh run | inc ntp auth
ntp authentication-key 1 md5 014254570E180208201F1B1A1D0F0416 7
# conf t
(config)#ntp authentication-key 2 md5 014254570E180208201F1B1A1D0F0416 7
(config)#^Z
#show run | inc ntp
ntp authentication-key 1 md5 014254570E180208201F1B1A1D0F0416 7
ntp authentication-key 2 md5 08711D1A5B4C5142455B2955727B76786B6772422147215077087C03725E5749 7

The length is a clue right away, but a cut'n'paste of key 2 results in:
%NTP: Key too long

..clearly the mode is being ignored. Quoting the key has the same effect.

(config)#$ication-key 3 md5 "014254570E180208201F1B1A1D0F0416" 7
#sh run | inc ntp auth
ntp authentication-key 1 md5 014254570E180208201F1B1A1D0F0416 7
ntp authentication-key 2 md5 08711D1A5B4C5142455B2955727B76786B6772422147215077087C03725E5749 7
ntp authentication-key 3 md5 12495443405E58517D7B01796B6570435F44535070087A02755F274830090C06 7

Tried in 12.1(6), 12.1(19)E1, 12.2(13)T, 12.3(1a) all with similar
results.


On Mon, 3 Nov 2003 atticus at satanic.org wrote:

>
> Does anyone know a way to enter encrypted NTP authkeys into a config?
>
> 'ntp-authentication key <0-9> md5' doesn't have a means to specify that
> the key being entered is plain-text or encrypted, so it can't be
> cut'n'pastered across devices (instead, the crypt text is md5'ed again).
> Seeing as how this works for passwords in bgp, ospf, username, etc, my
> only guess is that its an oversight...
>
> Ideas?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list