ntp-service authentication-keyid
Function
The ntp-service authentication-keyid command sets NTP authentication key.
The undo ntp-service authentication-keyid command removes NTP authentication key.
By default, no authentication key is set.
Format
ntp-service authentication-keyid key-id authentication-mode { md5 | hmac-sha256 } [ cipher ] password
undo ntp-service authentication-keyid key-id
Parameters
| Parameter | Description | Value |
|---|---|---|
| key-id | Indicates the key number. | Key ID is an integer and ranges from 1 to 4294967295. |
| authentication-mode md5 | Indicates MD5 authentication mode. | - |
| authentication-mode hmac-sha256 | Indicates HMAC-SHA256 authentication mode. | - |
| cipher | Indicates that the configured password is displayed in cipher text. |
- |
| password | Specifies the authentication password in plain text or in cipher text. |
The keyword is a string of case
sensitive characters, spaces supported.
When quotation marks are used around the string, spaces are allowed in the string. NOTE:
To improve password security, the password must be a combination of at least two of the following: digits, letters, and special characters, and the password length must be equal to or larger than 6. If a password contains a space, the password must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each password. |
Usage Guidelines
Usage Scenario
On a network that requires high security, the NTP authentication must be enabled. You can configure password authentication between client and server, which guarantee the client only to synchronize with server successfully authenticated, and improve network security. If the NTP authentication function is enabled, a reliable key should be configured at the same time. Keys configured on the client and the server must be identical.
In NTP symmetric peer mode, the symmetric active peer functions as a client and the symmetric passive peer functions as a server.
Follow-up Procedure
You can configure multiple keys for each device. After the NTP authentication key is configured, you need to set the key to reliable using the ntp-service reliable authentication-keyid command. If you do not set the key to reliable, the NTP key does not take effect.
Precautions
To ensure security, you are advised to use the HMAC-SHA256 algorithm, which is more secure, for NTP authentication.
You can configure a maximum of 1024 keys for each device.
If the NTP authentication key is a reliable key, it automatically becomes unreliable when you delete the key. You do not need to run the undo ntp-service reliable authentication-keyid command.
Example
# Set the HMAC-SHA256 identity authentication key. The key ID number is 10, and the key is Betterkey.
<HUAWEI> system-view [HUAWEI] ntp-service authentication-keyid 10 authentication-mode hmac-sha256 BetterKey
# Set authentication text to xyz123 in HMAC-SHA256 authentication with cipher option.
<HUAWEI> system-view [HUAWEI] ntp-service authentication-keyid 10 authentication-mode hmac-sha256 cipher xyz123