Q: Is there a simple tutorial, how to use authentication with ntp? - NTP

This is a discussion on Q: Is there a simple tutorial, how to use authentication with ntp? - NTP ; Hi everybody, I wanted to use NTP in my home network, so I configured my (linux) router, to get its time from "pool.ntp.org" (in fact, I used more or less the ntp.conf file provided with my debian package). I chose ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Q: Is there a simple tutorial, how to use authentication with ntp?

  1. Q: Is there a simple tutorial, how to use authentication with ntp?


    Hi everybody,

    I wanted to use NTP in my home network, so I configured my (linux) router,
    to get its time from "pool.ntp.org" (in fact, I used more or less the ntp.conf
    file provided with my debian package).
    I chose "broadcasting" for my home network, and for now I use the configuration
    "disable auth" for all my clients.

    my "clients have the following ntp.conf-file:
    >>>>>>>>>>>>>>

    # /etc/ntp.conf, configuration for ntpd

    disable auth
    broadcastclient

    driftfile /var/lib/ntp/ntp.drift
    <<<<<<<<<<<<<

    and the "server" this:
    >>>>>>>>>>>>>

    # /etc/ntp.conf, configuration for ntpd

    disable auth

    driftfile /var/lib/ntp/ntp.drift
    statsdir /var/log/ntpstats/

    statistics loopstats peerstats clockstats
    filegen loopstats file loopstats type day enable
    filegen peerstats file peerstats type day enable
    filegen clockstats file clockstats type day enable

    server 0.pool.ntp.org
    server 1.pool.ntp.org
    server 2.pool.ntp.org
    server pool.ntp.org

    server 127.127.1.0
    fudge 127.127.1.0 stratum 10

    restrict 192.168.98.0 mask 255.255.255.0
    broadcast 192.168.98.255
    <<<<<<<<<<<<<


    Is there somewhere a short tutorial, what to do to use authentication in my
    home network? (so, esp. how to generate /etc/ntp.keys or /var/lib/ntp/ntp.keys,
    what to put in there etc.)

    Somehow I didn't understand the official ntp documentation :-/
    (I tried "ntp-keygen", but this generated 4 files, and I have no clue, what to
    do with this ...)


    Regards, Jan


  2. Re: Q: Is there a simple tutorial, how to use authentication with ntp?

    Jan,

    FreeBSD (for example) has an ntp.keys(5) man page - I suspect you can find
    copies using your favorite search engine.

    Basically, pick a key number, use an MD5 key type, and pick 1-16 hex
    characters.

    Put this in your ntp.keys file. If you don't want to copy this file around
    to each of your machines, you just have to have the correct key specified
    for each association.

    This is real easy if every machine has the same ntp.keys file.

    For example:

    ntp.keys:

    12 M deadbeef76543210

    I see that we talk about http://ntp.isc.org/Support/ConfiguringAutokey but
    we don't yet have a page for private key - if you want to start something
    I'm happy to help with it.

    H

  3. Re: Q: Is there a simple tutorial, how to use authentication with ntp?

    In article Harlan Stenn
    writes:
    >
    >FreeBSD (for example) has an ntp.keys(5) man page - I suspect you can find
    >copies using your favorite search engine.
    >
    >Basically, pick a key number, use an MD5 key type, and pick 1-16 hex
    >characters.


    Hm, why the 1-16 hex characters? The FreeBSD man page says 1-8 ASCII
    characters, the official docs say 16 ASCII characters or less
    ("printable characters in the range 0x21 through 0x7f excluding space
    and the '#' character", though of course space isn't in that range and
    0x7f isn't printable, but anyway), ntp-keygen seems to generate 15(!)
    ASCII characters, and the code appears to at least store upto 32 8-bit
    characters (though comments therein say 1-to-8), excluding only
    whitespace and '#'. Oops, well, 16 printable ASCII excluding '#' should
    be fine, and have some 40 bits more of possible values.

    >I see that we talk about http://ntp.isc.org/Support/ConfiguringAutokey but
    >we don't yet have a page for private key


    I think the proper term is symmetric or shared key (that's what the
    official docs use) - they should be private to the participants of
    course, but "private" tends to imply that there's a corresponding
    "public" key.

    --Per Hedeland
    per@hedeland.org

  4. Re: Q: Is there a simple tutorial, how to use authentication with ntp?

    >>> In article , per@hedeland.org (Per Hedeland) writes:

    Per> In article Harlan Stenn
    Per> writes:
    >> FreeBSD (for example) has an ntp.keys(5) man page - I suspect you can
    >> find copies using your favorite search engine.
    >>
    >> Basically, pick a key number, use an MD5 key type, and pick 1-16 hex
    >> characters.


    Per> Hm, why the 1-16 hex characters? The FreeBSD man page says 1-8 ASCII
    Per> characters, the official docs say 16 ASCII characters or less
    Per> ("printable characters in the range 0x21 through 0x7f excluding space
    Per> and the '#' character", though of course space isn't in that range and
    Per> 0x7f isn't printable, but anyway), ntp-keygen seems to generate 15(!)
    Per> ASCII characters, and the code appears to at least store upto 32 8-bit
    Per> characters (though comments therein say 1-to-8), excluding only
    Per> whitespace and '#'. Oops, well, 16 printable ASCII excluding '#' should
    Per> be fine, and have some 40 bits more of possible values.

    Because I read the FreeBSD man page and then looked at a working example and
    thought "Oh, it's not 1-8, it's (at least) 1-16". I didn't look at the
    code.

    I'd go with the official docs on this one, and someday it would be good to
    clean this up.

    H

  5. Re: Q: Is there a simple tutorial, how to use authentication with ntp?

    Quote Originally Posted by Harlan Stenn View Post
    Jan,

    FreeBSD (for example) has an ntp.keys(5) man page - I suspect you can find
    copies using your favorite search engine.

    Basically, pick a key number, use an MD5 key type, and pick 1-16 hex
    characters.

    Put this in your ntp.keys file. If you don't want to copy this file around
    to each of your machines, you just have to have the correct key specified
    for each association.

    This is real easy if every machine has the same ntp.keys file.

    For example:

    ntp.keys:

    12 M deadbeef76543210

    I see that we talk about http://ntp.isc.org/Support/ConfiguringAutokey but
    we don't yet have a page for private key - if you want to start something
    I'm happy to help with it.

    H

    Could you write example ntp.conf file with using trusted key (MD5)

    I try to configure server and client with one trusted key. All work
    But If client doesn't have a proper key, he can register too.

+ Reply to Thread