From Gentoo Wiki
Jump to:navigation Jump to:search
This page contains changes which are not marked for translation.

chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.


USE flags

USE flags for net-misc/chrony NTP client and server programs

caps Use Linux capabilities library to control privilege
cmdmon Support for command and monitoring
debug Get DEBUG_LOG output from chronyd when passing -dd parameter
html Install HTML documentation
libtomcrypt Support different hashes via dev-libs/libtomcrypt
nettle Use dev-libs/nettle for hash functions or nts
nss Use dev-libs/nss for hash functions
ntp Support for the Network Time Protocol (NTP)
nts Support for Network Time Security (NTS). Uses net-libs/gnutls
phc Support for the PTP (Precision Time Protocol) Hardware Clock (PHC) interface
pps Support for the Linux Pulse Per Second (PPS) interface
readline Enable support for libreadline, a GNU line-editing library that almost everyone wants
refclock Support for reference clocks
rtc Support for the Linux Real Time Clock interface
samba Add support for SAMBA (Windows File and Printer sharing)
seccomp Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs
sechash Enable support for hashes other than MD5
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
verify-sig Verify upstream signatures on distfiles


Install the chrony package:

root #emerge --ask net-misc/chrony


/etc/chrony/chrony.conf is the configuration file for chronyd. The default configuration is populated with:

FILE /etc/chrony/chrony.conf
# Use public NTP servers from the project.
pool iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# In first three updates step the system clock instead of slew
# if the adjustment is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).

hwclockfile /etc/adjtime
Time zones and location of the server do not matter for the NTP protocol; it synchronizes via UTC.

On systems where a network connection is not always available at boot (laptops, etc.), it might help to change the pool line in the server configuration:

FILE /etc/chrony/chrony.conf
pool iburst auto_offline

This tells chronyd that the machine will be assumed to have gone offline when 2 requests have been sent to it without receiving a response.

Use the chronyc online command to re-enable polling (See below)

Enable Network Time Security (NTS)

NTS provides cryptographic security on NTP client-server connections using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) RFC8915. In order to use this, set specific servers supporting NTS:

FILE /etc/chrony/chrony.conf
# List of NTS servers:

server              iburst nts
server       iburst nts
server           iburst nts
server         iburst nts

server                    iburst nts

server                      iburst nts

server                  iburst nts
server                  iburst nts
server                  iburst nts

# NTS cookie jar to minimise NTS-KE requests upon chronyd restart
ntsdumpdir /var/lib/chrony
Most NTP pools do not support NTS.
NTS uses TCP/4460 while standard NTP uses UDP/123.

Use UTC time

chronyd assumes by default that the RTC keeps local time (including any daylight saving changes). To use UTC instead use:

FILE /etc/chrony/chrony.conf

Acting as a local NTP server

By default, chronyd only synchronizes the local machine time. By adding allow and deny rules, it will act as a local NTP source:

FILE /etc/chrony/chrony.conf
# Note order does not matter for this example, order does matter with 'allow all' or 'deny all'
# Allow a specific IP
# Deny the subnet (example)
deny 198.51.100
# Allow all of the subnet
allow 192.0.2


To avoid DHCP replacing the local NTP config and the DHCP server is configured with NTP destinations (rare in home use), consider the following configuration options:


FILE /etc/conf.d/net


chronyc Client Interface Tool

chronyc is a command-line interface program which can be used to monitor chronyd's performance and to change various operating parameters whilst it is running. A full list of commands can be found in the manual, man 1 chronyc


root #chronyc offline # Set all sources offline
root #chronyc online # Set all sources online

chronyd service


Add chronyd to the default runlevel to have the time synchronized automatically.

root #rc-service chronyd start
root #rc-update add chronyd default

To monitor status of the server:

root #rc-service chronyd status


To run the chronyd sync service:

root #systemctl start chronyd.service

To have the chronyd sync service start at boot:

root #systemctl enable chronyd.service

To monitor status of the chronyd service:

root #systemctl status chronyd.service

See also

External resources