Nexus NTP MD5 Hashing

jmh0211 · ‎05-03-2022

Hello,

I am trying to configure NTP authentication between 3 switches. 2 are Nexus 3000s and one is a 9300 switch. Authentication is working fine between the 2 Nexus, but can't get the 9300 to authenticate. When running a debug NTP, I get bad_auth, so I figured the password was wrong.

Upon further investigation, it appears the hash algorithm on the 2 brands are different, yet are both configured to use md5 in the "ntp authentication-key 1 md5 <password>" command. The 9300 seems to be hashing the password correctly, while the 2 Nexus show 8 characters for the hash, with 4 of the characters being part of the password itself.

For example, if the clear test password is P@ssW0rd, the hash would come back with something like U@sHW0ns. In this case, even putting the same clear text passwords on both models, authentication will not take place. Is there something I have to do on the Nexus switches to enable full md5 hashing? An example of the configuration I am using is below...

Nexus:

ntp authenticate

ntp authentication-key 1 md5 <password>

ntp trusted-key 1

9300 Switch:

ntp authenticate

ntp authentication-key 1 md5 <password>

ntp server x.x.x.x key 1

ntp trusted-key 1

ahollifield · ‎05-03-2022

This probably doesn't belong here. Better to post in the one of the dedicated switching communities.

jmh0211 · ‎05-04-2022

Sorry, I don't post in here often. At the top it says I am in Cisco Community->Technology and Support->Networking->Switching. It that not where I want to be?

MHM Cisco World · ‎05-03-2022

N3K
ntp authentication-key 1 md5 <password>0 <- clear text

Cat 9000
ntp authentication-key 1 md5 <password>0 <- clear text

jmh0211 · ‎05-04-2022

Thanks for the reply. I ran that exact command with 0 for clear text at the end on both of them, but it still hashes them and they still show as mismatched passwords when debugging.

MHM Cisco World · ‎05-04-2022

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvq54267