Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

SHA-1 Authentication Support (for NTPv4)

SHA-1 authentication support allows the NTP client to verify that servers are known and trusted and not intruders masquerading (accidentally or intentionally) as legitimate servers. In cryptography, SHA-1 is a cryptographic hash algorithmic function.

Note

In this version, SHA-1 authentication support is only available for NTP clients, not NTP servers.

The following CLI commands have been added to config ntpserver:

Command

Description

authentication <enable | disable>

Enable/disable MD5/SHA1 authentication (default = disable).

key <passwd>

Key for MD5/SHA1 authentication. Enter a password value.

key-id

Key ID for authentication. Enter an integer value from <0> to <4294967295>.

For example, to configure authentication on a FortiGate NTP client:

config system ntp

set ntpsync enable

set type custom

set syncinterval 1

config ntpserver

edit 883502

set server "10.1.100.11"

set authentication enable

set key ENCi9NmcqsV3xBJvOkgIL3lFxA8mnNs2XKfB7spOQoUw4cm8FOOP0nrCbqx6rJ+om95+hVUHpaVZmepdd4KznPlAHNiuliPgPOk

set key-id 1

next

end

end

If NTP authentication is set up correctly, diag sys ntp status shows server-version=4. For example:

diag sys ntp status

synchronized: yes, ntpsync: enabled, server-mode: disabled

ipv4 server(10.1.100.11) 10.1.100.11 -- reachable(0xff) S:4 T:6 selected

server-version=4, stratum=3

SHA-1 Authentication Support (for NTPv4)

SHA-1 authentication support allows the NTP client to verify that servers are known and trusted and not intruders masquerading (accidentally or intentionally) as legitimate servers. In cryptography, SHA-1 is a cryptographic hash algorithmic function.

Note

In this version, SHA-1 authentication support is only available for NTP clients, not NTP servers.

The following CLI commands have been added to config ntpserver:

Command

Description

authentication <enable | disable>

Enable/disable MD5/SHA1 authentication (default = disable).

key <passwd>

Key for MD5/SHA1 authentication. Enter a password value.

key-id

Key ID for authentication. Enter an integer value from <0> to <4294967295>.

For example, to configure authentication on a FortiGate NTP client:

config system ntp

set ntpsync enable

set type custom

set syncinterval 1

config ntpserver

edit 883502

set server "10.1.100.11"

set authentication enable

set key ENCi9NmcqsV3xBJvOkgIL3lFxA8mnNs2XKfB7spOQoUw4cm8FOOP0nrCbqx6rJ+om95+hVUHpaVZmepdd4KznPlAHNiuliPgPOk

set key-id 1

next

end

end

If NTP authentication is set up correctly, diag sys ntp status shows server-version=4. For example:

diag sys ntp status

synchronized: yes, ntpsync: enabled, server-mode: disabled

ipv4 server(10.1.100.11) 10.1.100.11 -- reachable(0xff) S:4 T:6 selected

server-version=4, stratum=3