[chrony-users] 答复: Can we deny non-NTS client?

[chengyechun <chengyechun1@xxxxxxxxxx>]

NTS is applicable to server identity authentication. The existing configuration parameters should not contain the field for rejecting clients that do not support the NTS function. To prevent attacks, you can limit the IP address or ntsratelimit.

-----邮件原件-----
发件人: Akihiko.Izumi@xxxxxxxx [mailto:Akihiko.Izumi@xxxxxxxx] 
发送时间: 2022年12月19日 20:00
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: [chrony-users] Can we deny non-NTS client?

Hello,

When we run Chrony as public NTP server, is it possible to deny NTP clients which do not support NTS?
If it possible, I would like to know how to setup so.

A public NTP server which accept both normal(non-NTS) NTP request and NTS request may suffer attacks both to normal NTP servers and to NTS-KE servers.
To reduce vulunerablity, I would like to set up NTS servers which do not accept non-NTS NTP requests.

Best Regards,
A.Izumi

-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.