Generate authentication key for NTP
-
Hello guys,
How could I generate SHA256 key for pfSense NTP?
Can you give me a site that can generate it?
-
@markdudov those would normally be created on your ntp server.
You would look to see details on generation with what ntp server your using be it ntp, chrony or ntpsec, etc..
https://www.ntp.org/documentation/4.2.8-series/keygen/
If the ntp server is not controlled by you, you would need to get with their admin for the key.
-
The server is controlled by me. the service runs on pfsense. but I still can't figure out how to generate this SHA256 authentication key.
-
@markdudov so you want to generate a key for the ntp server on pfsense so your clients can auth?
Not sure pfsense has support for that option, pretty sure the ntp auth they have available is for pfsense to auth to some ntp server as a client.
"Authentication allows the NTP client to confirm it is communicating with the intended server, which protects against man-in-the-middle attacks."
And I don't believe they allow for talking to more than 1 ntp server with different keys either.. Maybe in 24.03 or I know there is some patch or working on a patch for ntp auth.
Personally I don't understand the use case for auth for local ntp.. You concerned that there will be some rogue ntp server on your network and you need to make sure your talking to the correct one via auth? Or that only your own clients on your own network are validated via auth to your server?
Seems like extra work/config/setup for like zero benefit other than a complexity that could cause issues.. In what scenario on your own local secure network does this added complexity provide added anything? Is someone going to get on your own local network and fire up some ntp server to do mitm on your ntp traffic? For what purpose exactly? And how would they go about such a thing without having physical access or already compromised your wifi?
