NTPsec

From ArchWiki
Jump to navigation Jump to search

The NTP is an unencrypted UDP based protocol and has been abused for attacks in the past. There have been several attempts to provide replacements, however the difficult nature of the protocol and its usage make this quite challenging. While the NTP provides capabilities for encryption, they have been proven to be unreliable. With NTPsec a 'secure' replacement is possible.

Installation

You can install NTPsec via the ntpsecAUR package.

Note: Any that other NTP services will be uninstalled by NTPsec.

It is necessary to import a new GPG key to your keyring with:

$ gpg --recv-keys 5A22E330161C3978
gpg: key 5A22E330161C3978: 6 signatures not checked due to missing keys
gpg: key 5A22E330161C3978: public key "NTPsec Contact <contact@ntpsec.org>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   8  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 8u
gpg: next trustdb check due at 2019-12-03
gpg: Total number processed: 1
gpg:               imported: 1

Starting the service

Normally start/enable the ntpd.service.

See also