NTP或Chrony使能key认证

## 说明

1、如果server端开启key认证,client未配置,可以正常同步时间
2、如果server端开启key认证,client也配置了key认证,需要保证两边key一致,否则无法同步时间

# server端配置
vi /etc/chrony.conf
allow x.x.x.x/yy  <------ this should be device IP range
keyfile /etc/chrony.keys

systemctl restart chronyd.service
## 在/etc/chrony.keys中配置key串,可以使用默认的,也可使用chronyc keygen命令生成新的。
chronyc keygen :The keygen command of chronyc can be used to generate random keys for the key file. By default, it generates 160-bit MD5 or SHA1 keys.

# client端配置
vi /etc/chrony.conf
server 192.168.11.251 key 3
## 将server端的key粘贴到下面的文件,确保两边统一
vi /etc/chrony.keys
3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995


## 常用命令
chronyc clients
chronyc serverstats
chronyc sources
chronyc sourcestats

# Source mode  '^' = server, '=' = peer, '#' = local clock.
# Source state '*' = current synced, '+' = combined , '-' = not combined,'?' = unreachable, 'x' = time may be in error, '~' = time too variable.
^? 192.168.11.251               12   7     0  1133   +230us[ +181us] +/-   51ms
^* 192.168.11.251                3   6   377   142  +1723us[+2145us] +/-   36ms

参考链接:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/system_administrators_guide/index#ch-Configuring_NTP_Using_the_chrony_Suite
 

你可能感兴趣的:(操作系统,ntp,认证,chrony)