Is there any news on the authenticated ntp side ? Regards
-------- Forwarded Message -------- > From: Valerio Bellizzomi <[email protected]> > Reply-to: pfSense Support and Discussion Mailing List > <[email protected]> > To: pfSense Support and Discussion Mailing List > <[email protected]> > Subject: Re: [pfSense] enabling authenticated ntp ? > Date: Mon, 30 May 2016 18:37:31 +0200 > > The procedure to add authenticated ntp is like the following: > > > NTP PUBLIC KEY AUTHENTICATION > > To use public-key authentication you have to use the NTP software - > version 1.4.74 or higher; the server identification with the IFF scheme > is however only available for version 4.2.6. > > They will have to remove and install the encryption libraries in the > OpenSSL software. These libraries can be taken freely from > www.openssl.org site. > > Then you can proceed with the compilation and installation of NTP > Software. > > Among the various programs that make up the NTP software is also > ntp-keygen that is needed to generate keys and certificates needed to > activate this mode of ntpd daemon. > The keys and the certificate must be stored in a folder that is visible > only to 'root; usually this directory is / etc / ntp. > To generate the keys you have to give the following command from the > folder that contains the keys (/ etc / ntp): > cd / etc / ntp > ntp-keygen > > In this way, a file containing the private key is generated > (ntpkey_RSAkey_hostname.timestamp) and a certificate with the RSA-MD5 > scheme (ntpkey_RSA-MD5cert_hostname.timestamp). > > You will have to store the parameters of IFF files > (ntpkey_IFFkey_servername) which was taken from dell'I.N.RI.M site. in > the folder that contains the keys (/ etc / ntp). The file starts with > the line containing # ntpkey_iffpar_ntp ... and ends with ----- END DSA > PRIVATE KEY ----- > > Finally, you must add the following directives in /etc/ntp.conf > configuration file: > > crypto # Enable Autokey Protocol > > keysdir / etc / ntp / # Define the location of the keys and > cryptographic file > > statistics sysstats cryptostats # Enable event logging > > filegen sysstats file SysStats type day enable # Defines how event > logging > > filegen cryptostats file cryptostats type day enable # Defines how > event logging > > server server1.com autokey # Associate the Autokey Protocol to > server1.com server > > server server2.com autokey # Associate the Autokey Protocol to > server2.com server > > > > > > > > > On Mon, 2016-05-30 at 09:17 -0700, Walter Parker wrote: > > Not that I have seen. > > > > I had an idea for authenticated NTP awhile back, but was waiting until I > > had upgraded to 2.3 before I looked at what it would take to add. This > > weekend I had the time to build a test environment, so I might try doing it > > over the next few months. > > > > > > Walter > > > > On Mon, May 30, 2016 at 3:46 AM, Valerio Bellizzomi <[email protected]> > > wrote: > > > > > Hello, there is a ntp authenticated with public key feature in ntp, does > > > pfsense support that? > > > > > > thanks > > > > > > > > > On Thu, 2016-05-26 at 20:18 +0200, Valerio Bellizzomi wrote: > > > > Is it possible to do from the web interface? > > > > > > > > thanks > > > > > > > > > > > > _______________________________________________ > > > > pfSense mailing list > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > > _______________________________________________ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
