Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] NTP configuration with authentication keys

0

0

Article ID: KB26793 KB Last Updated: 07 Feb 2013Version: 1.0
Summary:
This article provides information on how to configure NTP with authentication keys on a SRX device.
Symptoms:
How to configure NTP with authentication keys on a SRX device.
Cause:
When synchronizing the time with the NTP server, the system is exposed and can be vulnerable to attacks.
Solution:
By default, network time synchronization is unauthenticated. To authenticate other time servers, include the trusted-key statement at the [edit system ntp] hierarchy level.

Only the time servers that transmit the network time packets, which contain one of the specified key numbers and whose key matches the value that is configured for the key number, are eligible to be synchronized with. Other systems can synchronize to the local router, without being authenticated.

To configure NTP with authentication keys, perform the following procedure:
[edit system ntp]
trusted-key [ key-numbers ];
Each key can be any 32-bit unsigned integer, except 0. Include the key option in the peer, server, or broadcast statements to transmit the specified authentication key, when transmitting the packets. The key is necessary, if the remote system has authentication enabled; so that it can synchronize to the local system.

To define the authentication keys, include the authentication-key statement at the [edit system ntp] hierarchy level:
[edit system ntp]
authentication-key key-number type type value password;
number is the key number. The type is the authentication type (only Message Digest 5 [MD5] is supported), and the password is the password for this key. The key number, type, and password must match on all systems that use this particular key for authentication.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search