The procedure to add authenticated ntp is like the following:
NTP PUBLIC KEY AUTHENTICATION
To use public-key authentication you have to use the NTP software -
version 1.4.74 or higher; the server identification with the IFF scheme
is however only available for version 4.2.6.
They will have to remove and install the encryption libraries in the
OpenSSL software. These libraries can be taken freely from
www.openssl.org site.
Then you can proceed with the compilation and installation of NTP
Software.
Among the various programs that make up the NTP software is also
ntp-keygen that is needed to generate keys and certificates needed to
activate this mode of ntpd daemon.
The keys and the certificate must be stored in a folder that is visible
only to 'root; usually this directory is / etc / ntp.
To generate the keys you have to give the following command from the
folder that contains the keys (/ etc / ntp):
cd / etc / ntp
ntp-keygen
In this way, a file containing the private key is generated
(ntpkey_RSAkey_hostname.timestamp) and a certificate with the RSA-MD5
scheme (ntpkey_RSA-MD5cert_hostname.timestamp).
You will have to store the parameters of IFF files
(ntpkey_IFFkey_servername) which was taken from dell'I.N.RI.M site. in
the folder that contains the keys (/ etc / ntp). The file starts with
the line containing # ntpkey_iffpar_ntp ... and ends with - END DSA
PRIVATE KEY -
Finally, you must add the following directives in /etc/ntp.conf
configuration file:
crypto # Enable Autokey Protocol
keysdir / etc / ntp / # Define the location of the keys and
cryptographic file
statistics sysstats cryptostats # Enable event logging
filegen sysstats file SysStats type day enable # Defines how event
logging
filegen cryptostats file cryptostats type day enable # Defines how
event logging
server server1.com autokey # Associate the Autokey Protocol to
server1.com server
server server2.com autokey # Associate the Autokey Protocol to
server2.com server
On Mon, 2016-05-30 at 09:17 -0700, Walter Parker wrote:
> Not that I have seen.
>
> I had an idea for authenticated NTP awhile back, but was waiting until I
> had upgraded to 2.3 before I looked at what it would take to add. This
> weekend I had the time to build a test environment, so I might try doing it
> over the next few months.
>
>
> Walter
>
> On Mon, May 30, 2016 at 3:46 AM, Valerio Bellizzomi
> wrote:
>
> > Hello, there is a ntp authenticated with public key feature in ntp, does
> > pfsense support that?
> >
> > thanks
> >
> >
> > On Thu, 2016-05-26 at 20:18 +0200, Valerio Bellizzomi wrote:
> > > Is it possible to do from the web interface?
> > >
> > > thanks
> > >
> > >
> > > ___
> > > pfSense mailing list
> > > https://lists.pfsense.org/mailman/listinfo/list
> > > Support the project with Gold! https://pfsense.org/gold
> >
> >
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
>
>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
