Providers of network appliances for small- and mid-size companies.

Cuckoo NTP Authentication

What Is It?

This feature allows NTP clients of your Cuckoo device to verify that they are getting requests from your Cuckoo and not elsewhere. Enabling this on your Cuckoo and your NTP clients prevents time stamp spoofing in your network.

Cuckoo Firmware Version

To use this feature, make sure your Cuckoo has at least revision 1.25 of the firmware or later. The settings described on this page are in your Cuckoo's html configuration under Configuration | Authentication.

Cuckoo NTP Authentication Implementation

Cuckoo supports symmetric NTP authentication, which uses keys that are shared between Cuckoo and any of its NTP or SNTP clients. The keys allow the client to confirm that the time responses it receives are valid. For ease of sharing the keys with clients, the keys are input in a format identical to that used by the ntp.keys file. The NTP protocol identifies keys with a unique key ID, which is a positive integer associated with the key string. Even if Cuckoo has NTP keys configured, whether or not a particular client uses authentication is optional and is configured on the client side.

Cuckoo does not support public key authentication (also called Autokey or NTPv4 authentication). Most network devices that are capable of this level of NTP authentication can also use symmetric NTP authentication which Cuckoo does support.

Authentication Key Format

Each line in the authentication file defines a single key by a key ID and its associated value. The format of an entry in the key file is:

KeyID KeyType KeyValue

The three fields are separated by any combination of blanks and tabs. Comments may appear on any line and must begin with the number sign (#).
The fields are:

KeyID A positive integer written in decimal. The range of possible key numbers accepted by Cuckoo is 1 through 16.

KeyType Identifies the authentication scheme. Cuckoo only accepts M for MD5 authentication; DES authentication is not supported.

KeyValue This is a password consisting of a string of 1 to 15 ASCII characters in the range ! through ~ (except #, which is used for comments).

Example NTP key configuration

# # Generated 2008-Apr-10 19:39:08 1 M ^G1l.%f(j8&v5hC 2 M .FpI?A9GQM({Rw1 3 M PWW^Dbb*gL?mBRU 4 M d]yT):rA^EleA>^ 5 M Qk6(LWg.^QX|>yN 6 M r^.k44()TeM@Mk\ 7 M +2I@Crv+!V[XSvS 8 M !h3.VGA]MsBy3ne 9 M ny89F,2P,e+a8!7 10 M 9hIDGmezTX=6j-x 11 M Y&zp?@yNm&3wfKu 12 M |a`FU}3kxME7`0A 13 M ZhEVXcvS1eXC]?k 14 M R;N4^U2q@*Oc@}r 15 M ^YZ%14e'dul?9I[ 16 M $zuR/V'!GDGd)fc

Please Note:

Airchitex has been acquired by Intuitive Circuits as of August 16th, 2008. All Airchitex products will now be supported by Intuitive Circuts. For sales and support for any Airchitex products, please contact Intuitive Circuits at (248) 588-4400.

No portion of this site may be reproduced in any manner without express permission of Airchitex, Inc.

`KeyID`	A positive integer written in decimal. The range of possible key numbers accepted by Cuckoo is 1 through 16.
`KeyType`	Identifies the authentication scheme. Cuckoo only accepts M for MD5 authentication; DES authentication is not supported.
`KeyValue`	This is a password consisting of a string of 1 to 15 ASCII characters in the range `!` through `~` (except `#`, which is used for comments).