Meinberg LANTIME NTP Authentication

Operating NTP in a secure manner requires the usage of NTP authentication, refer to my Why should I run own NTP Servers? blogpost. Using the Meinberg LANTIME NTP appliance with NTP authentication is quite simply since it requires just a few clicks. Even adding more and more keys (which requires manual work on any other Linux ntp installation) is done within clicks. That’s the way it should be.

This article is one of many blogposts within this NTP series. Please have a look!

I am using a Meinberg LANTIME M200 with Firmware-Build: 6.24.021 at the time of writing. The first step is to generate keys via: NTP -> NTP Symmetric Keys -> Auto generate keys:

You will get a green information while you can click on the “Edit NTP Keys” button to have a look at the keys. You need to copy them anyway in order to use them in your NTP clients:

Note that ntp by default generates MD5 and SHA-1 keys. You MUST NOT use the MD5 ones but only the SHA-1 keys to achieve maximum security. Since we will only trust the SHA-1 keys in the next step, you can simply ignore the MD5 ones.

The final step is to set the trusted keys, in my case key IDs from 11 to 20, since these are the SHA-1 based ones. Note that I was not able to use the ntp syntax as “(11 … 20)” but needed to put every single number in there. Feature request is pending:

Followed by a “Save Settings” and “Save as startup configuration now” as always.

That’s it. Happy authenticating NTP connections. ;)

In case you need more keys, simply hit the “Auto generate keys” button a few more times. It will generate 10 more MD5 and SHA-1 keys while appending them in the keyfile. Of course you need to trust the new SHA-1 key IDs in the “Local Trusted Keys” section as well.

If you want to test NTP authentication in general you can try it with my Meinberg LANTIME M200 server at ntp3.weberlab.de (IPv6-only). You can use one of these keys:

11 SHA1 c8ea1e9d5496925e12b903945a4d87c93450f37d
12 SHA1 187125a3702a2217e6dc74c847e7c00dc17ca38b

Featured image “Siegel” by Tim Reckmann is licensed under CC BY 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *