I have already created the keys for authentication, I’m just not sure what to input in my command line to allow it to be connected.
I was looking at ntsserverX, but as much as I follow the little guides chrony will not start with.
What error do you get?
Here is a short guide for enabling NTS on Fedora, but it shouldn’t be too different on other distros:
1 Like
Any reason why you even want to do this?
As chrony is almost impossible to fool with bad time, it will notice such.
Hardly nobody uses it.
You can’t do much with NTP-packets other then reading time from them, and injecting bad time is a big task as most use a lot of sources (4~10) to get the correct time.
Chrony isn’t fooled that easilly, if it was, NTS would have been used everywhere on the planet, but it’s not.
The only protection against man-in-the-middle attacks is authentication. With no authentication the client doesn’t know if the response wasn’t modified in the network. If the attacker is intercepting traffic close enough to the client, it doesn’t matter how many servers it is using or what implementation it is. It will be fooled.
I agree to a point.
One has to know what NTP servers you are using and intercept your communication to it.
You must be at the ISP to handle that as most ISP’s have many peers, this will be very complicated to do.
In a datacenter it’s probably easier to do but you still need to hack the gateway and/or DNS to be able to do this.
I doubt this is very easy, and even then, you need to know the system-time as it won’t let a bad ticker correct the time to fast.
Sure it’s not safe, but it’s not that bad as to fool as it easily will take a lot of middle-man-work that normal hackers can’t do.
Probably not even a state. But then, it’s just time.
I do believe that banks, militairy and other criticalsystems use our timeservers, they problably use their own secured servers or simply VPN connections.