GHSWiki

Gothenburg Hackerspace Wiki

User Tools

Site Tools


ghs:services:ntp

NTP Servers

In order to allow time sincronization we offer an autokey authenticated ntp server reachable at: router.vega.gbg.hackerspace.se

In the future, other lower stratum servers may be added to improve the availability of the service.

As of now the server will accept unauthenticated requests and autokey authenticated requests, although there is a possibility of setting symmetrical keys for devices not supporting autokey, these have yet to be set up.

In the future, we expect being able to provide stratum 2 autokey ntp service over ipv6 to external users.

Time sources

Currently we are using ntp3.sp.se and ntp-p1.obspm.fr as time sources, ntp1.inrim.it and ntp2.inrim.it may be used if they update their certificates (they are obsolete nowadays), Being sweden's “official” time ntp3.sp.se is preferred over other alternatives.

Server IFF key

In order to use autokey you'll need the server IFFkey, currently the key is:

ntpkey_iffpar_router.3608573092
-----BEGIN PRIVATE KEY-----
MIGzAgEAMIGoBgcqhkjOOAQBMIGcAkEAi3winAsCrg3/pqri1TpYDkWy6A0Xx1EP
bddyVu8t6xO3WWLX54WYvoQZWNZhSxk1FcDCdGLtGa9dB9yLoKg9hQIVAJS/Hrf7
Dk8lQEW8umvMWDEvOfkfAkBTKwQrbT7NQqfHy6gBGFsLfJbBuFWrKMBYxwl0w9t6
BkkSBFOsF8A9iZFuWJXZiUUuj8z0E/udH5NcPfBxcghNBAMCAQE=
-----END PRIVATE KEY-----

Fast configuration

Running the following commands will configure ntpd to use our server (and only our server):

mkdir /etc/ntp.keys/
chown ntp:ntp /etc/ntp.keys
chmod 700 /etc/ntp.keys
cd /etc/ntp.keys && ntp-keygen -c RSA-SHA1 -m 2048 -H
 
cat > /etc/ntp.keys/ntpkey_iffpar_router.3608573092 << EOF
-----BEGIN PRIVATE KEY-----
MIGzAgEAMIGoBgcqhkjOOAQBMIGcAkEAi3winAsCrg3/pqri1TpYDkWy6A0Xx1EP
bddyVu8t6xO3WWLX54WYvoQZWNZhSxk1FcDCdGLtGa9dB9yLoKg9hQIVAJS/Hrf7
Dk8lQEW8umvMWDEvOfkfAkBTKwQrbT7NQqfHy6gBGFsLfJbBuFWrKMBYxwl0w9t6
BkkSBFOsF8A9iZFuWJXZiUUuj8z0E/udH5NcPfBxcghNBAMCAQE=
-----END PRIVATE KEY-----
EOF
 
ln -s ntpkey_iffpar_router.3608573092 /etc/ntp.keys/ntpkey_iff_router
 
cat > /etc/ntp.conf << EOF
server router.vega.gbg.hackerspace.se autokey version 4
driftfile /var/lib/ntp/ntp.drift
keysdir /etc/ntp.keys
crypto randfile /dev/urandom
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1 nomodify nopeer notrap
restrict -6 ::1 nomodify nopeer notrap
restrict router.vega.gbg.hackerspace.se notrust nomodify notrap nopeer noquery
EOF
You could leave a comment if you were logged in.
ghs/services/ntp.txt · Last modified: 2014/05/16 05:24 by klondike