net-misc/chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.
USE flags for net-misc/chrony NTP client and server programs
||Use Linux capabilities library to control privilege|
||Support for command and monitoring|
||Get DEBUG_LOG output from chronyd when passing -dd parameter|
||Install HTML documentation|
||Add support for IP version 6|
||Use the libedit library (replacement for readline)|
||Support different hashes via dev-libs/libtomcrypt|
||Use dev-libs/nettle for hash functions or nts|
||Use dev-libs/nss for hash functions|
||Support for the Network Time Protocol (NTP)|
||Support for Network Time Security (NTS). Uses net-libs/gnutls|
||Support for the PTP (Precision Time Protocol) Hardware Clock (PHC) interface|
||Support for the Linux Pulse Per Second (PPS) interface|
||Support for reference clocks|
||Support for the Linux Real Time Clock interface|
||Add support for SAMBA (Windows File and Printer sharing)|
||Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs|
||Enable support for hashes other than MD5|
||!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur|
Install the chrony package:
emerge --ask net-misc/chrony
/etc/chrony/chrony.conf is the configuration file for chronyd. The default configuration is populated with:
# Use public NTP servers from the pool.ntp.org project. pool pool.ntp.org iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # In first three updates step the system clock instead of slew # if the adjustment is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync hwclockfile /etc/adjtime
Time zones and location of the server do not matter for the NTP protocol; it synchronizes via UTC.
On systems where a network connection is not always available at boot (laptops, etc.), it might help to change the pool line in the server configuration:
pool pool.ntp.org iburst auto_offline
This tells chronyd that the machine will be assumed to have gone offline when 2 requests have been sent to it without receiving a response. You will need to use the chronyc online command to re-enable polling (See below)
Enable Network Time Security (NTS)
NTS provides cryptographic security on NTP client-server connections using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) (RFC 8915). In order to use this you need to set specific servers supporting NTS:
# https://blog.cloudflare.com/nts-is-now-rfc/ server time.cloudflare.com iburst nts # https://www.netnod.se/time-and-frequency/network-time-security # https://www.netnod.se/time-and-frequency/how-to-use-nts server nts.netnod.se iburst nts # https://nts.time.nl server nts.time.nl iburst nts # https://www.ptb.de/cms/ptb/fachabteilungen/abtq/gruppe-q4/ref-q42/zeitsynchronisation-von-rechnern-mit-hilfe-des-network-time-protocol-ntp.html#c122051 # ptbnts1.ptb.de: DFN certificate # ptbnts2.ptb.de: Let's Encrypt certificate server ptbnts1.ptb.de iburst nts server ptbnts2.ptb.de iburst nts # NTS cookie jar to minimise NTS-KE requests upon chronyd restart ntsdumpdir /var/lib/chrony
Use UTC time
chronyd assumes by default that the RTC keeps local time (including any daylight saving changes). To use UTC instead use:
Acting as a local NTP server
By default, chronyd only synchronizes the local machine time. By adding allow and deny rules, it will act as a local NTP source:
# Note order does not matter for this example, order does matter with 'allow all' or 'deny all' # Allow a specific IP allow 184.108.40.206 # Deny a certain subnet deny 1.2.3 # Allow all of the 1.2.x.x subnet allow 1.2
chronyc Client Interface Tool
chronyc is a command-line interface program which can be used to monitor chronyd's performance and to change various operating parameters whilst it is running. A full list of commands can be found in the manual, man 1 chronyc
chronyc offline # Set all sources offline
chronyc online # Set all sources online
Add chronyd to the default runlevel to have the time synchronized automatically.
rc-service chronyd start
rc-update add chronyd default
To monitor status of the server:
rc-service chronyd status
- Ntp — is a suite of tools utilizing Network Time Protocol. Their purpose is to keep the system clock in time.
- OpenNTPD — a lightweight NTP server ported from OpenBSD.
- Network Time Protocol — is used to synchronize the system time with other devices over the network.
- System time — is used in Unix systems to keep track of time.
- Home router — how to turn an old Gentoo machine into a router for connecting a home network to the Internet.
- Configuring chrony to take advantage of PTP and associated NIC clocks