Show the Table of Contents
Using Secure NTP
The Luna SA appliance supports simple, non-secure NTP (Network Time Protocol), as well as two types of secure or trusted NTP :
- Symmetric Key - used to prove authenticity of data received, when a shared secret is held by both the NTP server and its client - choose this option by using the sysconf ntp symmetricAuth commands
- Public Key (Autokey) - uses asymmetric key pairs to achieve the authentication when a shared secret is not readily established - choose this option by using the sysconf ntp autokeyAuth and selecting the desired Identity Scheme to employ
Identity Schemes are methods for proving the identity of remote systems, in this case NTP servers.
If you have previously been using ordinary, simple (not secured) NTP we recommend that you begin using the secure version. If you have older keys or certificates from secure/trusted NTP servers, we recommend that you renew with more current authentication that does not use MD5.
NTP in general is described in the Concepts section of this Help at About NTP.
The available configuration commands are described in the Reference section of this Help, under "Lunash Appliance Commands > sysconf Commands > sysconf ntp Commands".
- Generate Autokey Keys:
lunash:>sysconf ntp autokeyAuth generate -password mypa$$word
- Add the server using “-autokey” option:
lunash:>sysconf ntp addserver myTrustedNTPServer –autokey
- Run the command
lunash:>sysconf ntp status
to check the status
- Obtain the symmetric keys from your trusted server and add them using the command:
lunash:>sysconf ntp symmetricAuth key add
- Add the key id from step 1 to the list of trusted keys using the command:
lunash:>sysconf ntp symmetricAuth trustedKeys add
- Add the server using “-key keyID” option:
lunash:>sysconf ntp addserver –key keyID
- Run the command
lunash:>sysconf ntp status
to check the status
See Also
Show the Table of Contents