kb:lantime_support:instructions:lantime_preparation_for_ntp_symmetric_key_authentication

LANTIME: Configuring NTP Symmetric Key Authentication

These instructions describe how to prepare a LANTIME for NTP symmetric key authentication and explains how to configure the NTP client side, using the example of a Linux ntpd client. It's worth to mention that NTP clients which request the LANTIME without a key are still getting served with time, even if the LANTIME is prepared for symmetric key authentication. The feature is simply an additional security feature for those clients who want to use symmetric key authentication.


Configuration through the LANTIME WebUI


1. First, symmetric keys have to be generated. This can be done on the NTP page –> Symmetric Keys –> Auto-Generate Keys:



2. Newly generated keys are appended to the key file. The key file can be reviewed on the NTP page –> Symmetric Keys –> Edit NTP Keys:



3. Keys have to be defined as trusted keys on the NTP page –> General Settings –> Local Trusted Keys:


In the example above the keys with ID 1, 6 and 19 were defined as trusted keys. The key ID can be found in the first column of the key file. If the LANTIME shall support more than 1 key, the IDs have to be separated by a blank in the Local Trusted Keys field (as in the example above). Keys which are not defined as trusted key cannot be used by a NTP client for symmetric key authentication.


Configuration Steps on a Linux NTPD Client

1. The key has to be copied to the client's key file. On a Linux ntpd client, the file is usually stored in /etc/ntp.keys. For example, if the ntpd client has to be configured to use the generated key with ID 1, the entire key has to be copied from the LANTIME key file and appended to the /etc/ntp.keys file, for example: 

1 MD5 H@[IZA=?nhc^.iG&={s|


2. The ntpd's configuration file, usually /etc/ntp.conf, has to be modified as well. Here an excerpt from a configuration file which defines the key with ID 1 as trusted key. An NTP server with IP 192.168.1.250 is configured to be requested with that key: 

keys /etc/ntp.keys
trustedkey 1
server 192.168.1.250 minpoll 6 maxpoll 6 key 1


More information about NTP authentication can be found in this knowledge base article.

Further Assistance

If further assistance is required, contact Meinberg Technical Support: https://www.meinbergglobal.com/english/support/tech-support.htm

Manuel Schäfer manuel.schaefer@meinberg.de, last updated 2023-05-16

  • kb/lantime_support/instructions/lantime_preparation_for_ntp_symmetric_key_authentication.txt
  • Last modified: 2023-06-14 09:35
  • by 127.0.0.1