I’ll do that when I get a chance tomorrow. Thank you.
I have to ask--You do have the correct key on the client, right?
Client Configuration
- Ensure the following entries are in /etc/ntp.conf:
driftfile /var/lib/ntp/drift restrict 127.0.0.1 restrict -6 ::1 keys /etc/ntp/keys server <ntp.server.com> key 1 trustedkey 1 controlkey 1 requestkey 1
- Specify the client-side keys:
# vim /etc/ntp/keys
- Example keys file:
# # PLEASE DO NOT USE THE DEFAULT VALUES HERE. # #65535 M akey #1 M pass 1 M <password>
<
- Restart the NTP service
# service ntpd restart
- Ensure authenticated NTP is connecting successfully
# ntpq -c as ind assID status conf reach auth condition last_event cnt ================================================================= 1 64605 f614 yes yes ok sys.peer reachable 1
If compatibility with FIPS 140-2 is required.
Ntp must be supported to SHA & SHA1 authentication.
It is not supported prior to ntp 4.2.6. Red Hat has fixed this and now supported..
More information about Ntp Auth.
Key Explanation
- Keys file:
1 M key #1 = the key value #M = the type of key #key = the actual key or password
- Types of key:
- A = DES key, ASCII format
- M = MD5 key, ASCII format
- S = DES key, DES format
- N = DES key, NTP format
- Key value:
- Any number 1-65535
- Multiple keys can be used on the same server
- Max 20-character printable ASCII string or a 40-character hex string
- For more information please see
man 5 ntp_auth
There is also a NTP configuration tool at Red Hat (https://access.redhat.com/labs/ntpcc/) that will create the proper configuration files for the clients. You will need the MD5 key from the server to use it. It should save you a lot of time and headaches. You will need a login to use it.