SHA-1 authentication support (for NTPv4)
SHA-1 authentication support allows the NTP client to verify that severs are known and trusted and not intruders masquerading (accidentally or intentionally) as legitimate servers. In cryptography, SHA-1 is a cryptographic hash algorithmic function.
SHA-1 authentication support is only available for NTP clients, not NTP servers. |
To configure authentication on a FortiGate NTP client:
config system ntp set ntpsync enable set type custom set syncinterval 1 config ntpserver edit "883502" set server "10.1.100.11" set authentication enable set key ********** set key-id 1 next end end
Command |
Description |
---|---|
authentication <enable | disable> |
Enable/disable MD5/SHA1 authentication (default = disable). |
key <passwd> |
Key for MD5/SHA1 authentication. Enter a password value. |
key-id <integer> |
Key ID for authentication. Enter an integer value from 0 to 4294967295. |
To confirm that NTP authentication is set up correctly:
# diagnose sys ntp status synchronized: yes, ntpsync: enabled, server-mode: disabled ipv4 server(10.1.100.11) 10.1.100.11 -- reachable(0xff) S:4 T:6 selected server-version=4, stratum=3
If NTP authentication is set up correctly, the server version is equal to 4.