Trouble with NTP authentication

admin_2 · ‎06-24-2002

I'm have problems getting NTP authentication to work properly. Router One is my NTP master and has the following configuration:

ntp authentication-key 1 md5 secret

ntp authenticate

ntp trusted-key 1

ntp master

Router Two has the following configuration:

ntp server 192.168.1.1 (the ip address of Router One)

The trouble is that it always properly syncs, even though there is no authentication information on Router Two - but I only want authenticated routers to sync.

Report Inappropriate Content · ‎06-24-2002

The ntp seems to be operating normally.

"If we are running in authenticated mode, we only trust frames which have

authentication attached, which are validated and which are using one of our trusted keys.

We respond to all other pollers without saving any state. If a host we are passively peering

with changes his key from a trusted one to an untrusted one, we immediately unpeer with him,

reselect the clock and treat him as an unmemorable client.

If a similar event occurs with a configured peer we drop the frame and hope he'll revert to

our key again. If we get a frame which can't be authenticated with the given key, we drop it."

So the server is protected agaist unsyn time by untrusted host peer and if you want the server to drop

ntp packets from other host, you might try putting a key at the end of the ntp server

statement.

ntp server 192.168.1.1 key 1

Hopefully the ntp master would drop any frame from

any host that has the right key but not authenticating.