< Home

Enabling NTP Authentication

NTP client synchronizes to authenticated NTP servers to ensure that time service is reliable across the network. Authentication prevents the modification of NTP message data from malicious network attacks.

Procedure

  • Configuring NTP MD5/SHA256 Authentication

    Configure the same authentication key on the server and client and affirm that the key is reliable; otherwise, NTP authentication fails.

    1. Access the system view. 

      system-view

    2. Enable NTP authentication. 

      ntp-service authentication enable

    3. Configure an NTP authentication key. 

      ntp-service authentication-keyid key-id authentication-mode { md5 | hmac-sha256 } [ cipher ] password-key

      MD5 is faster than HMAC-SHA256, but is considered less secure.

    4. Declare the authentication key to be reliable. 

      ntp-service reliable authentication-keyid key-id

  • Configuring NTP Autokey Authentication

    Ensure correct keys and certificate files are loaded on both the client and the server; otherwise, autokey authentication fails.

    1. Access the system view. 

      system-view

    2. Enable NTP global autokey authentication. 

      ntp-service authentication auto-key [ hostname cert-hostname | groupname cert-groupname | work-dir cert-dir-name ] *
      ntp-service authentication auto-key password cert-password

Parent Topic: Configuring NTP Security Mechanisms
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >