Posted by Uzair A., Last modified by Uzair A. on 21 August 2019 10:18
This article will show you how to set up NTP Authentication on your NTS-6002 or 6001.
Note: This article is aimed at NTS-6002/6001 running Firmware 11 or higher. If your unit is running
NTP Authentication allows clients to verify that the time server is trusted before using it as a time source. This prevents clients from applying time from rogue NTP servers on your network. Read our NTP Authentication Explained article for more information.
1. In your time server's web interface, navigate to the NTP Keys page, located under the NTP Tab.
2. Click Generate Keys to generate a subset of random keys and click Update.
3. Navigate to the NTP Customisation page, located under NTP. Define the following parameters:
Type the following in the NTP Customisation page: server <IP> key <key ID>
In the above server statement, specify the IP of the client that you wish to set up authentication with and the ID of the key you wish to use with the client. You will need to add multiple lines for each client you wish to set up NTP Authentication with.
Note: Ensure the key ID you specified is a trusted key.
Your NTP Customisation page should look similar to this:
Click Update to save the changes.
4. You now need to configure NTP Authentication on your client. We recommend referring to your client's documentation for this as the process varies depending on the client. Ensure the keys on both the server and client match exactly and are defined as trusted.
5. After you have configured NTP Authentication on the client, restart the NTP service on your client to apply any configured settings. You can use
Once you have configured NTP Authentication on your clients, you can configure the server and client to ignore all NTP packets that are not cryptographically authenticated. Do this by adding the following lines to the NTP Customisation page in your time server's web interface and the ntp.conf file on your client:
Note: if you are using '
Add the IP of your client in the above statement. This will override the behaviour of the '
If NTP Authentication is working, you should see output like this on the client: