GHSWiki

Gothenburg Hackerspace Wiki

User Tools

Site Tools


ghs:services:ntp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ghs:services:ntp [2014/05/16 05:24] (current)
klondike NTP info
Line 1: Line 1:
 +====== NTP Servers ======
 +
 +In order to allow time sincronization we offer an autokey authenticated ntp server reachable at: router.vega.gbg.hackerspace.se
 +
 +In the future, other lower stratum servers may be added to improve the availability of the service.
 +
 +As of now the server will accept unauthenticated requests and autokey authenticated requests, although there is a possibility of setting symmetrical keys for devices not supporting autokey, these have yet to be set up.
 +
 +In the future, we expect being able to provide stratum 2 autokey ntp service over ipv6 to external users.
 +
 +===== Time sources =====
 +
 +Currently we are using ntp3.sp.se and ntp-p1.obspm.fr as time sources, ntp1.inrim.it and ntp2.inrim.it may be used if they update their certificates (they are obsolete nowadays), Being sweden'​s "​official"​ time ntp3.sp.se is preferred over other alternatives.
 +
 +===== Server IFF key =====
 +
 +In order to use autokey you'll need the server IFFkey, currently the key is:
 +<file none ntpkey_iffpar_router.3608573092>​
 +-----BEGIN PRIVATE KEY-----
 +MIGzAgEAMIGoBgcqhkjOOAQBMIGcAkEAi3winAsCrg3/​pqri1TpYDkWy6A0Xx1EP
 +bddyVu8t6xO3WWLX54WYvoQZWNZhSxk1FcDCdGLtGa9dB9yLoKg9hQIVAJS/​Hrf7
 +Dk8lQEW8umvMWDEvOfkfAkBTKwQrbT7NQqfHy6gBGFsLfJbBuFWrKMBYxwl0w9t6
 +BkkSBFOsF8A9iZFuWJXZiUUuj8z0E/​udH5NcPfBxcghNBAMCAQE=
 +-----END PRIVATE KEY-----
 +</​file>​
 +
 +===== Fast configuration =====
 +
 +Running the following commands will configure ntpd to use our server (and only our server):
 +<code bash>
 +mkdir /​etc/​ntp.keys/​
 +chown ntp:ntp /​etc/​ntp.keys
 +chmod 700 /​etc/​ntp.keys
 +cd /​etc/​ntp.keys && ntp-keygen -c RSA-SHA1 -m 2048 -H
 +
 +cat > /​etc/​ntp.keys/​ntpkey_iffpar_router.3608573092 << EOF
 +-----BEGIN PRIVATE KEY-----
 +MIGzAgEAMIGoBgcqhkjOOAQBMIGcAkEAi3winAsCrg3/​pqri1TpYDkWy6A0Xx1EP
 +bddyVu8t6xO3WWLX54WYvoQZWNZhSxk1FcDCdGLtGa9dB9yLoKg9hQIVAJS/​Hrf7
 +Dk8lQEW8umvMWDEvOfkfAkBTKwQrbT7NQqfHy6gBGFsLfJbBuFWrKMBYxwl0w9t6
 +BkkSBFOsF8A9iZFuWJXZiUUuj8z0E/​udH5NcPfBxcghNBAMCAQE=
 +-----END PRIVATE KEY-----
 +EOF
 +
 +ln -s ntpkey_iffpar_router.3608573092 /​etc/​ntp.keys/​ntpkey_iff_router
 +
 +cat > /​etc/​ntp.conf << EOF
 +server router.vega.gbg.hackerspace.se autokey version 4
 +driftfile /​var/​lib/​ntp/​ntp.drift
 +keysdir /​etc/​ntp.keys
 +crypto randfile /​dev/​urandom
 +restrict default ignore
 +restrict -6 default ignore
 +restrict 127.0.0.1 nomodify nopeer notrap
 +restrict -6 ::1 nomodify nopeer notrap
 +restrict router.vega.gbg.hackerspace.se notrust nomodify notrap nopeer noquery
 +EOF
 +</​code>​
  
ghs/services/ntp.txt · Last modified: 2014/05/16 05:24 by klondike