EasyManua.ls Logo

Microsemi SyncServer S350 - Using MD5 Keys on a Generic NTP Device

Microsemi SyncServer S350
210 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Tasks
The SyncServer automatically trusts all of the NTP keys.
Using MD5 Keys on a Generic NTP device
This topic is a guide to configuring MD5 authentication for NTP on a UNIX or Linux operating
system. Specifics, such as the location of files, vary by implementation.
Note:Use secure methods for configuring NTP authentication and transferring key files.
The following sections refer to the MD5 keys file:
n If you created the MD5 keys on the SyncServer, replace <keysfile> with ntp.keys
n If you created the MD5 keys using the ntp-keygen utility, replace <keysfile> with ntpkey*
so the steps apply to both the keys file and the symbolic link file. (The ntp-keygen utility is
typically included with the standard open source NTP distribution).
Uploading MD5 keys to a generic NTP device
Securely transport the MD5 keys file to the destination NTP node. This can be done by a vari-
ety of means, such as physical media or encrypted communications such as ssh and scp. For
example:
n Log in as root.
n Copy the MD5 keys file to /root:
cp /mnt/floppy/<keysfile> /root
n Make the MD5 keys file read/write for root:
chmod 600 <keysfile>
Edit ntp.conf
n Edit ntp.conf. For example, enter:
vi /etc/ntp.conf
n Add one of these two lines:
keys /root/ntp.keys#points to keys file from SyncServer
keys /root/ntpkeys_MD5_<hostname>#points to symbolic link from ntpkeygen
Note: <hostname> will be the hostname of the device on which the keys were generated.
When the user periodically refreshes the keys file and symbolic link, the keys directive in ntp.-
conf file does not need to be updated.
n For each association that uses authentication, add "key" followed by the key number. For
example:
server 192.168.61.54 iburst prefer key 1
peer 192.168.61.58 key 5
server tock.usno.navy.mil
n Edit the trustedkey directive so it includes the key number of every key used for authen-
tication. For example:
trustedkey 1 5 9 16 11
Note: Ntp.conf files do not include associations for NTP clients. However, if the NTP server
has clients that use MD5 authentication, the key number specified by the client's server asso-
ciation must specified by trustedkey on the server. This is the case with key numbers 9, 16,
and 11 in the example above.
Page 162..........................................................................997-01520-02 Rev. F1

Table of Contents

Related product manuals