Securing NTP: which method to use?
Can someone good at NTP configuration please share which method is the best/easiest to implement a secure, tamper-proof version of NTP? Here are some difficulties...
I don't have the luxury of having my own stratum 0 time source, so must rely on external time servers.
Should I read up on the AutoKey method or should I try to go the MD5 route?
Based on what I know about symmetric cryptography, it seems that the MD5 method relies on a pre-agreed set of keys (symmetric cryptography) between the client and the server, and, so, is prone to man-in-the-middle attack.
-
AutoKey, on the other hand, does not appear to work behind a NAT or a masquerading host. Is this still true, by the way? (This reference link is dated 2004, so I'm not sure what is the state of art today.)
4.1 Are public AutoKey-talking time servers available?
I browsed through the NTP book by David Mills. The book looks excellent in a way (coming from the NTP creator after all), but the information therein is also overwhelming. I just need to first configure a secure version of NTP and then may be later worry about its architectural and engineering underpinnings.
Can someone please wade me through these drowning NTP waters? Don't necessarily need a working config from you, just info on which NTP mode/config to try and may be also a public time server that supports that mode/config.
Many thanks,
/HS
The final answer is here.
Thanks actually to David Mills and Danny Mayer for answering the question.
To summarize:
Symmetric key cryptography works fine behind a NAT box. See the Authentication Support page in the official NTP documentation on ntp.org. As I said, the intended Autokey model is for the server and client to live on the Internet side of the NAT box and have it serve time to the internal network via a separate interface.
Also,
Here's Dr. Mills' PowerPoint slides describing the NTP Security Model:
http://www.ece.udel.edu/~mills/database/brief/autokey/autokey.ppt