The ntpd client
Edit file ntp.conf with the following lines:
Add your NTP server address:
#this is your NTP server server your.ntp.server.com key 1
Then, add the file containing keys and the list of valid keys:
keys /etc/ntp/keys #trust keys number 1, 2 and 10 trusted key 1 2 10
Create a file containing keys, and in this case it needs to have at least one key shared with the server
1 M f6fd1939bdf31481d27ac4344a2aab58
This ends the client configuration. Now we can test it in the client, using ntpdate, on debug mode:
ntpdate -d -k /etc/ntp.keys -a 1 your.ntpserver.com -d - Debug mode. Will not actually update your clock -k file - Location of your NTP key files -a index - Key index number server - Your NTP server FQDN
This is a standard output of using ntpdate:
Ad
ntpdate -d -k /etc/ntp.keys -a 10 your.ntpserver.com 9 Jul 23:24:33 ntpdate[19359]: ntpdate [email protected] Fri May 28 01:20:57 UTC 2010 (1) Looking for host your.ntpserver.com and service ntp host found : 13.3.150.148 transmit(13.3.150.148) receive(13.3.150.148) receive: authentication passed transmit(13.3.150.148) receive(13.3.150.148) receive: authentication passed transmit(13.3.150.148) receive(13.3.150.148) receive: authentication passed transmit(13.3.150.148) receive(13.3.150.148) receive: authentication passed transmit(13.3.150.148) server 13.3.150.148, port 123 stratum 3, precision -20, leap 00, trust 000 refid [13.3.150.148], delay 0.02808, dispersion 0.00026 transmitted 4, in filter 4 reference time: d9496883.8f133740 Thu, Jul 9 2015 22:39:15.558 originate timestamp: d9497321.88632434 Thu, Jul 9 2015 23:24:33.532 transmit timestamp: d9497321.9e90eed0 Thu, Jul 9 2015 23:24:33.619 filter delay: 0.03183 0.03014 0.02870 0.02808 0.00000 0.00000 0.00000 0.00000 filter offset: -0.08837 -0.08714 -0.08785 -0.08788 0.000000 0.000000 0.000000 0.000000 delay 0.02808, dispersion 0.00026 offset -0.087880 9 Jul 23:24:33 ntpdate[19359]: adjust time server 13.3.150.148 offset -0.087880 sec
Which works 🙂
If you mistake the keys, the result are similar to the following:
ntpdate -d -k /etc/ntp.keys -a 1 23.121.12.1 9 Mar 22:58:55 ntpdate[12723]: ntpdate [email protected] Fri May 28 01:20:57 UTC 2010 (1) Looking for host 23.121.12.1 and service ntp host found : 23.121.12.1 transmit(23.121.12.1) receive(23.121.12.1) receive: authentication failed transmit(23.121.12.1) receive(23.121.12.1) receive: authentication failed transmit(23.121.12.1) receive(23.121.12.1) receive: authentication failed transmit(23.121.12.1) receive(23.121.12.1) receive: authentication failed transmit(23.121.12.1) 23.121.12.1: Server dropped: Server is untrusted server 23.121.12.1, port 123 stratum 3, precision -20, leap 00, trust 017 refid [23.121.12.1], delay 0.02893, dispersion 0.00049 transmitted 4, in filter 4 reference time: da8b2189.8f0d0ae8 Wed, Mar 9 2016 22:26:17.558 originate timestamp: da8b292f.f261390f Wed, Mar 9 2016 22:58:55.946 transmit timestamp: da8b292f.f3b40b34 Wed, Mar 9 2016 22:58:55.951 filter delay: 0.03029 0.02893 0.03110 0.03084 0.00000 0.00000 0.00000 0.00000 filter offset: -0.00627 -0.00659 -0.00704 -0.00778 0.000000 0.000000 0.000000 0.000000 delay 0.02893, dispersion 0.00049 offset -0.006598 9 Mar 22:58:55 ntpdate[12723]: no server suitable for synchronization found
Finally, you can restart the client ntpd and confirm everything is OK with ntpdc:
ntpdc -p remote local st poll reach delay offset disp ======================================================================= *23.121.12.1 192.168.1.70 3 64 377 0.00365 -0.006066 0.04741