Authenticated Public NTP server howto

sysadmin
Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Set up an Authenticated NTP Server

First of all, get an ntpd setup, using your favourite linux distro.

Then configure it with some reliable sources, such as a GPS receiver or a stratum 1 or 2 ntp server, and non-trivial security settings.

Edit file ntp.conf with the following lines:

Add an NTP server.

#this is default apple NTP server
server time.euro.apple.com prefer
server your_ntp_server prefer

These security settings are most import to keep your server from being used to perform DoS attacks on third parties:

restrict default kod nomodify notrap nopeer notrust noquery
restrict -6 default kod nomodify notrap nopeer notrust noquery

Then, add the file containing keys and the list of valid keys:

keys /etc/ntp/keys
#trust keys number 1, 2 and 10
trusted key 1 2 10

Create a file containing keys, in this example /etc/ntp/keys, which can be MD5 keys, marked as M, or DES keys, marked as A, which you can create either online or on linux shell :

1 M f6fd1939bdf31481d27ac4344a2aab58
2 M f4034f47dd3bdd01fafd6bc590c24f00
#key number 4 is not used, which is a DES KEY
4 S A599722E8D8ECC4E 
10 M 0bd28f7688703b632f4f68f4dde6cc06

This ends the server configuration. Make sure you restart ntpd. Now moving to the client configuration.

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Pages: 1 2 3

Leave a Reply