Authenticated Public NTP server howto

Set up an Authenticated NTP Server

First of all, get an ntpd setup, using your favourite linux distro.

Then configure it with some reliable sources, such as a GPS receiver or a stratum 1 or 2 ntp server, and non-trivial security settings.

Edit file ntp.conf with the following lines:

Add an NTP server.

#this is default apple NTP server
server prefer
server your_ntp_server prefer

These security settings are most import to keep your server from being used to perform DoS attacks on third parties:

restrict default kod nomodify notrap nopeer notrust noquery
restrict -6 default kod nomodify notrap nopeer notrust noquery

Then, add the file containing keys and the list of valid keys:

keys /etc/ntp/keys
#trust keys number 1, 2 and 10
trusted key 1 2 10

Create a file containing keys, in this example /etc/ntp/keys, which can be MD5 keys, marked as M, or DES keys, marked as A, which you can create either online or on linux shell :

1 M f6fd1939bdf31481d27ac4344a2aab58
2 M f4034f47dd3bdd01fafd6bc590c24f00
#key number 4 is not used, which is a DES KEY
4 S A599722E8D8ECC4E 
10 M 0bd28f7688703b632f4f68f4dde6cc06

This ends the server configuration. Make sure you restart ntpd. Now moving to the client configuration.

Leave a Reply

Back to Top