pic/alice44.gif
from Alice’s Adventures in Wonderland, Lewis Carroll Our resident cryptographer; now you see him, now you don’t.

2. Commands and Options

Unless noted otherwise, further information about these commands is on the Authentication Support page.

The following declarations control MAC authentication:

controlkey key

Specifies the key identifier to use with the ntpq(1) utility, which uses the standard protocol defined in RFC 5905. The key argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,535, inclusive.

keys keyfile

Specifies the complete path and location of the key file containing the keys and key identifiers used by ntpd(8), and ntpq(1) when operating with symmetric-key cryptography. This is the same operation as the -k command line option.

trustedkey key…

Specifies the key identifiers which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys used by the ntpq(1) program. Multiple keys on the same line should be separated by spaces. Key ranges can be specified as (first … last). The spaces around the … are necessary. Multiple trustedkey lines are supported and trusted keys can also be specified on the command line.

The MAC authentication procedures require that both the local and remote servers share the same key and key identifier for this purpose, although different keys can be used with different servers. The key arguments are 32-bit unsigned integers with values from 1 to 65,535.

The following command controls NTS authentication. It overrides normal TLS protocol negotiation, which is not usually necessary.

nts [enable|disable] [mintls version] [maxtls version] [tlsciphers name] [tlsciphersuites name]

The options are as follows:

cert file

Present the certificate in file as our certificate.

key file

Read the private key to our certificate from file.

ca location

Use the file, or directory, specified by location to validate NTS-KE server certificates instead of the system default root certificates. If a directory is specified, it must have files named with their hash, as created by openssl rehash.

cookie location

Use the file (or directory) specified by location to store the keys used to make and decode cookies. The default is /var/lib/ntp/nts-keys.

enable

Enable NTS-KE server. When enabled, cert and key are required.

disable

Disable NTS-KE server.

mintls string

Set the lowest allowable TLS version to negotiate. Will be useful in the wake of a TLS compromise. Reasonable values are TLS1.2 and TLS1.3 if your system supports it. TLS 1.3 was first supported in OpenSSL version 1.1.1.

maxtls string

Set the highest allowable TLS version to negotiate. By setting mintls and maxtls equal, you can force the TLS version for testing. Format is as for mintls.

tlsciphers string

An OpenSSL cipher list to configure the allowed ciphers for TLS versions up to and including TLS 1.2. A single NULL cipher disables encryption and use of certificates.

tlsciphersuites string

An OpenSSL ciphersuite list to configure the allowed ciphersuites for TLS 1.3. A single NULL cipher disables encryption and use of certificates.

aead string

Specify the crypto algorithm to be used on the wire. The choices come from RFC 5297. The only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and AES_SIV_CMAC_512. This slot is dual use. It is the server default if the remote client doesn’t request a valid choice and it is also the preference passed to the remote client if the server command doesn’t specify a preference. The default is AES_SIV_CMAC_256.

The following options of the server command configure NTS.

nts

Use Network Time Security (NTS) for authentication. Normally, this is all you have to do to activate the client side of NTS.
The hostname following the server command is used as the address of the NTS key exchange server (NTS-KE) rather than the address of a NTP server. The NTS-KE exchange defaults to using the same IP address for the NTP server.
Note that the server hostname must match the name on the NTS-KE server’s certificate.

ask address

(not implemented) Use Network Time Security for authentication. Ask for a specific NTP server, which may differ from the NTS server. Conforms to RFC 3896 section 3.2.2 prescription for the Host part of a URI: that is, the address may be a hostname, an FQDN, an IPv4 numeric address, or an IPv6 numeric address (in square brackets). The address may have the suffix :port to specify a UDP port.

require address

(not implemented) Use Network Time Security for authentication and encryption. Require a specific NTP server, which may differ from the NTS server. Address syntax is as for ask.

noval

Do not validate the server certificate.

expire

(not implemented) How long to use a secured NTP association before rekeying with the NTS-KE server.

cert file

(not implemented) Present the certificate in file as our client certificate, overriding the site default.

ca location

Use the file, or directory, specified by location to validate the NTS-KE server certificate, overriding the site default. Do not use any other CA. If a directory is specified, it must have files named with their hash, as created by openssl rehash.

aead string

Specify the prefered crypto algorithm to be used on the wire. The only options supported are AES_SIV_CMAC_256, AES_SIV_CMAC_384, and AES_SIV_CMAC_512. The server may ignore the request. See the aead option above.
The same aead algorithms are also used to encrypt cookies. The default is AES_SIV_CMAC_256. There is no config file option to change it, but you can change it by editing the saved cookie key file, probably /var/lib/ntp/nts-keys. Adjust the L: slot to be 48 or 64 and adjust the I: slots to have the right number of bytes. Then restart the server. (All old cookies held by clients will be rejected so their next 8 NTP requests will be ignored. They should recover by retrying NTS-KE to get fresh cookies.)


icons/home.gif Home Page

icons/sitemap.png Site Map

icons/mail2.gif Contacts