< Day Day Up > |
Recipe 19.8. Using NTP Keys for Authentication19.8.1 ProblemYou're not comfortable running your local servers without some sort of authentication scheme. While ntp exploits are rare, you would feel better having some method of ensuring that your clients and servers can verify that they are who they claim to be. 19.8.2 SolutionUse ntp's built-in key authentication scheme, ntpkeys. First, configure the server (in this example server1): # /etc/ntp.conf ... crypto pw seekritword keysdir /etc/ntp/keys ... Because the password is stored in cleartext, ntp.conf should be chmod 600. Create the key on server1: # ntp-keygen -T -I -p seekritword This may take a few minutes. Now, copy the newly generated file ntpkey_IFFpar_server1.4558615255 to /etc/ntp on all clients of server1. (Your timestamp will be different.) Because this is a secret key, you'll want to transfer it in a secure manner. Floppy disks work fine. (Don't forget to secure the floppy disk when you're finished.) Now configure the client machines. First, create two symlinks to the new key: # ln -s ntpkey_IFFpar_server1.4558615255 ntpkey_iff_server1 # ln -s ntpkey_IFFpar_server1.4558615255 ntpkey_iff_client1 Now edit the server line in the client's /etc/ntp.conf, adding the autokey keyword: server server1 autokey Restart ntpd on all participating machines and find something else to do for awhile, as the server and clients will take a little time to get the new authentication scheme synchronized and working. Within an hour or two, everything will be operating normally. 19.8.3 DiscussionThis is what the ntp-keygen flags mean:
If you want to use authentication with public time servers, you'll need to do two things:
See http://www.eecis.udel.edu/~mills/ntp/servers.html for a current list of public time servers. Warning: pay attention to their access policies! Do not connect to Stratum 1 servers, unless you meet their criteria. Always use Stratum 2 for ordinary time service. The keys file is the obvious headache and weak point of this whole scheme. As the ntp documentation says, "The big trouble with the authentication facility is the keys file. It is a maintenance headache and a security problem. This should be fixed some day. Presumably, this whole bag of worms goes away if/when a generic security regime for the Internet is established." In the real world, the chances of ntp being exploited are low. Even if a public time server is spoofed and sends you wrong time signals, you have some built-in protections: ntp makes small changes, and you're getting service from a pool of servers, so any mistakes, whether deliberate or not, are quickly corrected. 19.8.4 See Also
|
< Day Day Up > |