ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha li-server tsa NTPsec 1.2.0 le Chrony 4.0 NTP ka tšehetso ea protocol e sireletsehileng ea NTS

Ho lokolloa ha li-server tsa NTPsec 1.2.0 le Chrony 4.0 NTP ka tšehetso ea protocol e sireletsehileng ea NTS

Komiti ea IETF (Internet Engineering Task Force) e ntlafatsang liprothokholo le meralo ea Marang-rang, phethiloe ho thehoa ha RFC bakeng sa protocol ea NTS (Network Time Security) le ho phatlalatsa lintlha tse amanang le eona tlas'a sekhetho. RFC 8915. RFC e amohetse boemo ba "Proposed Standard", ka mor'a moo mosebetsi o tla qala ho fa RFC boemo ba tekanyetso e hlophisitsoeng (Draft Standard), e hlileng e bolelang ho tsitsisa ka ho feletseng ha protocol le ho ela hloko litlhaloso tsohle tse entsoeng.

Ho emisa NTS ke mohato oa bohlokoa oa ho ntlafatsa ts'ireletso ea lits'ebeletso tsa khokahano ea nako le ho sireletsa basebelisi litlhaselong tse etsisang seva ea NTP eo moreki a hokelang ho eona. Ho qhekella ha bahlaseli ba ho beha nako e fosahetseng ho ka sebelisoa ho senya tšireletso ea liprothokholo tse ling tse tsebang nako, joalo ka TLS. Ka mohlala, ho fetola nako ho ka lebisa tlhalosong e fosahetseng ea data mabapi le bonnete ba litifikeiti tsa TLS. Ho fihlela joale, NTP le symmetric encryption ea liteishene tsa puisano ha lia ka tsa etsa hore ho khonehe ho netefatsa hore moreki o sebelisana le sepheo mme eseng seva sa NTP se senyehileng, mme netefatso ea bohlokoa ha e so atile hobane e rarahane haholo ho e hlophisa.

NTS e sebelisa likarolo tsa lisebelisoa tsa bohlokoa tsa sechaba (PKI) mme e lumella ts'ebeliso ea TLS le AEAD (Authenticated Encryption with Associated Data) ho sireletsa ka mokhoa o hlakileng litšebelisano tsa bareki le seva ka NTP (Network Time Protocol). NTS e kenyelletsa li-protocol tse peli tse arohaneng: NTS-KE (NTS Key Establishment bakeng sa ho sebetsana le netefatso ea pele le lipuisano tsa bohlokoa holim'a TLS) le NTS-EF (NTS Extension Fields, e ikarabellang bakeng sa ho ngolla le ho netefatsa nako ea ho lumellana ha nako). NTS e eketsa libaka tse 'maloa tse atolositsoeng lipaketeng tsa NTP mme e boloka tlhahisoleseling eohle ea naha feela ka lehlakoreng la bareki e sebelisa mochini oa li-cookie. Network port 4460 e abetsoe ho sebetsana le likhokahano ka protocol ea NTS.

Ho lokolloa ha li-server tsa NTPsec 1.2.0 le Chrony 4.0 NTP ka tšehetso ea protocol e sireletsehileng ea NTS

Ts'ebetsong ea pele ea NTS e tloaelehileng e sisinngoe litokollong tse hatisitsoeng haufinyane NTPsec 1.2.0 и Chrony 4.0. Chrony e fana ka moreki ea ikemetseng oa NTP le ts'ebetsong ea seva e sebelisetsoang ho hokahanya nako ho pholletsa le mefuta e fapaneng ea liphaello tsa Linux, ho kenyelletsa Fedora, Ubuntu, SUSE/openSUSE, le RHEL/CentOS. NTPsec e tsoela pele tlas'a boeta-pele ba Eric S. Raymond 'me ke fereko ea ts'ebetsong ea ts'ebetsong ea protocol ea NTPv4 (NTP Classic 4.3.34), e tsepamisitseng maikutlo ho tsosolosa motheo oa khoutu e le ho ntlafatsa ts'ireletso (khoutu e sa sebetseng e hloekisitsoe, mekhoa ea ho thibela tlhaselo le mesebetsi e sirelelitsoeng bakeng sa ho sebetsa ka mohopolo le likhoele).

Source: opennet.ru

Eketsa ka tlhaloso