Dustin,

Keep in mind that those are just examples using the basic capabilities of NTP authentication.  Please see other documents, such as System Management Configuration Guide, Cisco IOS XE Bengaluru 17.6.x (Catalyst 9300 Switches) - in this case, it shows that there are multiple authentication options under Step 4.

See my first post back in 2020 on this thread.  Said functionality was suppose to be introduced in 17.x code.  Given none of this seems to function and the document you reference is 2 years older than the new document published in August 2023, I'd say the writer of that document is fixing previous incorrect information.  The detailed steps in that document completely remove the "{ }" which define the authentication key options.  Only MD5 remains which makes sense if that is the only one that actually works.  If you have a documentation and proof that these other authentication keys work, everyone following this trail since 2017 would love to know.  https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/syst-mgmt/b-system-management/m_bsm-time-calendar-set.html

Dustin,

Not all documents are written the same and there is always room for clarity.  In this case, the document you referenced did not have all of the available options included.

Here is an example point-to-point client/server NTP topology.  C8000v0 is the NTP Master and C8000v1 is the NTP Client (NTP Topology.png).  The two Config pictures show the basic interface and NTP configuration on each device.  The NTP C8000v1 Ciphers.png shows the available ciphers in 17.6.X.  The two NTP Debug.png files show the HMAC-SHA2-256 authentication keys being used between the routers.  The final picture (NTP C8000v1 Association.png) shows the "show ntp association detail" output, including the HMAC-SHA2-256 algorithm being used with a full association.

You can substitute any of the other hashing algorithms as your business needs require.  Depending on the algorithm (i.e., cmac-aes-128), you may have an absolute minimum/maximum of byte values that must be entered in the NTP authentication-key.

Cheers

That is great news if this functionality is now working. Thank you.

I'd recommend the author of that new document follow Cisco's standard command line documentation practice when writing examples of commands.

If you read through that document, you will see the use of { } (Braces) when command line options are available.

It was not used with the "ntp authentication-key" example but then used with the "sntp server" example on the same page.

Typically the lack of { } (Braces) has always meant there are no options.

I.E. MD5 is the only key type available.  Consistency in documentation is essential for customers to understand functionality.

Here is an example from the Cisco IOS Basic System Management Command Reference that illustrates that point:

ntp authentication-key

To define an authentication key for Network Time Protocol (NTP), use the ntp authentication-key command in global configuration mode. To remove the authentication key for NTP, use the no form of this command.

ntp authentication-key number md5 key [encryption-type]

no ntp [authentication-key number]

Syntax Description

We're on 17.9.4a Cupertino (previous recommended). The IOS will only for: cmac-aes-128, hmac-sha1, hmac-sha2-256, md5, sha1, sha2

I suspect this is also the case with the latest and recommended 17.9.5 as well. 

As I have dug into this some more, I think there is a flaw in Cisco's implementation of NTP Authentication with symmetric keys.  The documentation indicates you should be able to input a 32 byte key (64 HEX Characters) but only allows a 16 byte key (32 Hex Characters). It has been a few years since college but my recollection is that each hex digit is a nibble (4 bits) / half a byte. Consequently, 2 hex digits is equal 8 bits/a byte. 

Further, I am pretty sure NTP servers. other than another Cisco Switch expect to see a 160-bit key expressed in HEX format (40 Hex Characters) for SHA type keys.  If the key provided is not 160 bits/40 Hex characters, the servers truncate or zero-fill keys to make them meet that criteria. Consequently, I think Cisco's implementation is fundamentally flawed as it won't work with NTP servers other than Cisco devices acting as servers. 

Paragraph 4.5.1 Symmetric Key Cryptography describes truncation/zero filling. https://www.nwtime.org/wp-content/uploads/2016/04/NTP-Handbook.pdf

Roger:

This is very interesting.  I will pass it along to engineering.  I did get some feedback from the developers,

"All NTP authentication methods are disabled by default. They can be enabled by the user when needed.

Users have the option to use SHA-1 and SHA-2 in 17.4.1."   We will get it figured out.

-- David

I got some clarification from Engineering.  They confirmed that the supported key length is up to 32 characters for HMAC-SHA256.   They are researching a plan to change support key lengths of 64.   

-- David

Router(config)#ntp authentication-key 1 ?

  cmac-aes-128   CMAC-AES-128 (digest length = 128 bits, key length = [16 or

                 32] bytes)

  hmac-sha1      HMAC-SHA1 (digest length = 160 bits, key length = [1-32]

                 bytes)

  hmac-sha2-256  HMAC-SHA2-256 (digest length = 256 bits, key length = [1-32]

                 bytes)

  md5            MD5 authentication

  sha1           SHA1 (digest length = 160 bits, key length = [1-32] bytes)

  sha2           SHA-256 (digest length = 256 bits, key length = [1-32] bytes)

USNO is requiring 64 HEX Characters (32 Bytes) but they're using the full HEX table, to include all sorts of special characters otherwise disallowed. Is there planned support for using HEX keys?

It's the middle of 2023 and our Nexus 9ks still only support MD5 with the latest NXOS. Not meeting FIPS standard is now a Category-1 finding for DoD shops.

I will pass this on to product management for a response.

-- David

 We use a Microchip NTP with atomic clock. It only allows for MD5, SHA-1, or SHA-512. We can't use MD5 or SHA-1 due to those being "unsecure" algorithms in today's landscape. @kellymur or @dlapier .....any suggestions or updates? @Roger3 ,thanks for your input.

We're looking to use the SHA-512, btw.