Enabling NTP Authentication

Both the NTP server and the NTP client must be enabled with NTP authentication and configured with the same authentication key, and the authentication key must be declared as reliable on the client side. Otherwise, NTP authentication will fail.

Context

NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable across the network. You must enable NTP authentication, and then configure basic NTP functions and specify the authentication key. Otherwise, the NTP authentication fails.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ntp-service authentication enable

    NTP authentication is enabled.

  3. Run ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 } { password | cipher password }

    The NTP authentication key is configured.

    As the Secure Hash Algorithm 256 (HMAC-SHA256) algorithm provides higher security than the Message-Digest Algorithm 5 (MD5) algorithm, using the HMAC-SHA256 algorithm for NTP authentication is recommended.

  4. Run ntp-service reliable authentication-keyid key-id

    The authentication key is declared to be reliable.

    • The device that wants to synchronize its clock should declare its key as reliable.

    • When the client synchronizes to authenticated server, the authentication key must be declared as reliable only on the client side.

  5. Run commit

    The configuration is committed.

Parent Topic: Configuring NTP Security Mechanisms
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >