ntp-service authentication-keyid

Function

The ntp-service authentication-keyid authentication-mode command sets an NTP authentication key.

The undo ntp-service authentication-keyid authentication-mode command deletes an NTP authentication key.

By default, no authentication key is set.

Format

ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 } { password | cipher password }

undo ntp-service authentication-keyid keyId

Parameters

Parameter Description Value
md5

Indicates MD5 authentication.

-
hmac-sha256

Indicates hashed message authentication code-secure hash algorithm 256 (HMAC-SHA256) authentication mode.

As the HMAC-SHA256 algorithm is more secure than the MD5 algorithm, using the HMAC-SHA256 algorithm for NTP authentication is recommended.

-
password

Sets an authentication password, which is in simple text.

  • When password complexity-check is disabled: the new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.
  • When password complexity-check is enabled: the password must consist of at least 12 characters, and consist 4 types of characters, including lowercase letters, uppercase letters, digits, and special characters.
  • For security purposes, you are advised to configure a password in ciphertext mode. To further improve device security, periodically change the password.

When password complexity-check is enable: The password is a string of case-sensitive characters, with spaces supported. A simple text password is a string of 12 to 255 characters.

When password complexity-check is disable: The password is a string of case-sensitive characters, with spaces supported. A simple text password is a string of 1to 255 characters.
cipher password

Sets a ciphertext authentication password.

The password is a string of case-sensitive characters, with spaces supported. A ciphertext password is a string of 20 to 432 characters.
authentication-keyid keyId

Authentication key identifier value.

The value is an integer ranging from 50 to 4294967295.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ntp write

Usage Guidelines

Usage Scenario

On a network that requires high security, NTP authentication must be enabled. You can configure password authentication between the client and server, which guarantees the client only to synchronize with the server successfully authenticated and improves network security.

Follow-up Procedure

Run the ntp-service reliable authentication-keyid command to specify an authentication key to be reliable.

Precautions

If this command is the first NTP configuration command, the system automatically adds the ntp-service [ ipv6 ] server disable command in the configuration file to disable the NTP service. To enable the NTP service, run the undo ntp-service [ ipv6 ] server disable command. If this command is the last NTP configuration command to be deleted, the system automatically deletes the ntp-service [ ipv6 ] server disable command from the configuration file.

Example

# Set the HMAC-SHA256 authentication.
<HUAWEI> system-view
[~HUAWEI] ntp-service authentication-keyid 10 authentication-mode hmac-sha256 Huawei-12345
Parent Topic: NTP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >