NTP client authenticate server using Autokey protocol without server key - ntp

I am trying to create a NTP client-server setup using Autokey authentication for server validations. I have followed the instruction on link http://support.ntp.org/bin/view/Support/ConfiguringAutokey to setup client and server on NTP 4.2.6 . The setup I had created is working in some unexpected manner.
I had created server and client certificates using ntp-keygen as mentioned in the above link. I have edited the client's ntp.conf to use autokey to authenticate server. As mentioned in the above link, I have to copy the server key to client for authentication to work, but while testing I have found that client is able to verify the server even if I do not copy the server certificate on the client. The result for "ntpq -c as" show auth field "ok" for the server and ntpq -c "rv 0 certs" shows the server certificate bindings.
Can someone explain me why NTP is able to verify server without copying the server certificate on client ?
If this is not the expected behavior, what are the changes I have to make in the configuration to get it working correctly.

See
CVE-2014-9295
Just don't do it

Related

AWS RDS Instance is not connecting to Jmeter

I am trying to connect my RDS instance to a Jmeter load test however no matter what I try, I keep getting this error message in the Results Tree:
Cannot create PoolableConnectionFactory (The connection to the host database-1.cqdkrfikhe1t.us-east-1.rds.amazonaws.com, named instance database-1 failed. Error: "java.net.SocketTimeoutException: Receive timed out". Verify the server and instance names and check that no firewall is blocking UDP traffic to port 1434. For SQL Server 2005 or later, verify that the SQL Server Browser Service is running on the host.)
I feel it may be a problem with my Database URL in JDBC Connection Configuration.
The picture below shows the summary report.
I have mainly tried rewriting the Database URL multiple different ways but none of them seem to work. I have also tried removing and reinstalling the JDBC Drivers but that doesn't seem to work either. I have absolutely no idea what the problem could be. Could someone please help me out with this problem?
Edit: When I change the Database URL I sometimes get this error
message as well:
Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets
Layer (SSL) encryption. Error: "PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target".
ClientConnectionId:9b700d73-f3f0-4cf6-b3a4-607fa9827219)
I think you need to use port 1433
Check out Connecting to a DB instance running the Microsoft SQL Server database engine article
So cross check the port number, VPC options, public accessibility, etc. with the values from the JDBC Connection Configuration
More information: The Real Secret to Building a Database Test Plan With JMeter

How to fix connectex error when trying to access SQL Server instance on Cloud SQL using SSMS via Proxy

What I'm trying to do
I am trying to manage my SQL Server instance on Cloud SQL (GCP) with SQL Server Management Studio (SSMS).
What I've done
I followed the steps in the Google Cloud documentation (here).
I followed steps 1-5 (condensed version below):
Install Cloud SQL
Run gcloud init
Run gcloud auth login (P.S. I'm Owner on Project level)
Download and install Google Cloud SQL Proxy (as per the instructions here)
Enable Cloud SQL Admin API
Install the proxy client (Windows PC for me, x64 - renamed file to cloud_sql_proxy.exe)
Determine proxy authentication method (as per documentation here). I chose Cloud SDK since I need to download it in step 1 anyway
Skip (not using service account authentication)
Determine proxy instance specification (as per documentation here). Using Instances specified on proxy invocation method.
I only have private IP, so by default it will select the correct IP (as per documentation here)
Same as step 5 (below)
5 . Start the proxy. I ran (in cmd) ./cloud_sql_proxy -instances=<INSTANCE_CONNECTION_NAME>=tcp:1433 (obviously replacing the <INSTANCE_CONNECTION_NAME> portion with my instance name.
At this point, everything seems to be working:
Listening on 127.0.0.1:1433 for <INSTANCE_CONNECTION_NAME>
Ready for new connections
New connection for <INSTANCE_CONNECTION_NAME>
New connection for <INSTANCE_CONNECTION_NAME>
Now following the instructions here, I attempt to connect to the database instance using SSMS (127.0.0.1, SQL Server Authentication, sqlserver, my super awesome password), Connect.
My issue
I now get the following error messages in the Cloud SDK window:
couldn't connect to <INSTANCE_CONNECTION_NAME>: dial tcp <PRIVATE_IP>:<PORT>: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Throttline refreshCfg(<INSTANCE_CONNECTION_NAME>: it was only called XXXs ago
(and it repeats a few times)
In SSMS I get the following prompt:
My question
How do I fix this issue and properly connect to my database instance?
When setting the Connectivity settings for the SQL Server instance, I changed it to Private IP and unchecked the Public IP setting. Re-enabling the Public IP setting allowed me to establish a connection:
External applications can still connect to the instance through the Cloud SQL Proxy
This indirectly indicates to me that Cloud SQL Proxy needs the Public IP option to be enabled in order to establish a connection.

WebSocket: get server certificate during handshake

I'm using plain-C WebSocket library called libwebsockets to make a connection between client and server. When starting server I specify the server's cert and private key to be able to use SSL connection. It works OK.
When making a client's connection to the server I specify an SSL option to be able to create an SSL connection (using self-signed cert). All those things work as expected.
Now, I need somehow to get server's certificate on the client side during the connection establishment (or during handshake). Is there a way to do this? I can't find anything in the official documentation.
Thanks in advance.

SQL Server cannot find Certificate

Background Information:
I have a single Window VPS at example.com.
I have it running IIS and SQL Server.
I have a certificate for example.com that works fine with IIS.
I want to use the same certificate for SQL Server to allow encrypted connections with clients.
SQL Server Configuration Manager does not present the certificate in the drop down.
I believe the problem is that SQL Server does not think the certificate is valid, because what SQL Server thinks the server name is does not match the certificate (example.com).
How do I check what SQL Server thinks the server name is? If it is wrong how would I change it?
Okay I found out the issue.
The hostname on my machine was wrong. It wasn't "example.com", but some name randomly generated by windows. You can set this in the computer's properties window.
The certificate was not registered to be used on port 1433. I had to use netsh to enable the certificate to be used on port 1433. Instructions here: http://msdn.microsoft.com/en-us/library/ms186362(v=SQL.100).aspx
Those two steps where complete I got the certificate to show up in SQL Server Configuration Manager, but I still had a problem went I attempt to run SQL Server. It would not start with a message from the logs saying it could not find or read the SSL Certificate.
The last step was making sure the account running SQL Server had permission to read the certificate. I went into the certificate snap-in and then went to properties under the certificate, then on the Security tab I gave the Network Services account read permission on the certificate. (NOTE: I did not find any tutorials online reference this step. It was just some dumb luck that I found this.)
After those steps where complete the SQL Server Service start up with out any problem.

Can I connect to a SQL Server that is external to my network?

I'm not sure if this is possible.
My office Pc sits on the corporate network and to access anything outside this network I have to provide my username and password to get though the proxy.
We have recently purchased a hosted server external to this network so that we can host demo applications that can be access from anywhere. However when we need to connect to the server to update or work on the database we need to use a PC that is not on our network as there is no way to provide my username and password as either part of a connection string or in the management console.
The external server is running SQL Server 2008.
Any advise would be much appreciated as I'm not sure if this is even possible.
Thanks!
You can create an http tunnel between the server and the computer from which you want to access the SQL server.
Use HTTPtunnel GNU package for the organization HTTP tunnel.
Here an example of a HTTP tunnel to connect to the MySQL server.
To connect to SQL server you must specify the appropriate port.
try to use TeamViewer.
1. Installed on the server TeamViewer ... during the installation process specify a fixed password for remote access. remember or write ID (9 digits)
2. on your work computer install teamviewer.
connect to remote server ID and password.

Resources