From Gentoo Wiki
Jump to:navigation Jump to:search


net-misc/chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.


USE flags

USE flags for net-misc/chrony NTP client and server programs

caps Use Linux capabilities library to control privilege
cmdmon Support for command and monitoring
debug Get DEBUG_LOG output from chronyd when passing -dd parameter
html Install HTML documentation
ipv6 Add support for IP version 6
libedit Use the libedit library (replacement for readline)
libtomcrypt Support different hashes via dev-libs/libtomcrypt
nettle Use dev-libs/nettle for hash functions or nts
nss Use dev-libs/nss for hash functions
ntp Support for the Network Time Protocol (NTP)
nts Support for Network Time Security (NTS). Uses net-libs/gnutls
phc Support for the PTP (Precision Time Protocol) Hardware Clock (PHC) interface
pps Support for the Linux Pulse Per Second (PPS) interface
refclock Support for reference clocks
rtc Support for the Linux Real Time Clock interface
samba Add support for SAMBA (Windows File and Printer sharing)
seccomp Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs
sechash Enable support for hashes other than MD5
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur


Install the chrony package:

root #emerge --ask net-misc/chrony


/etc/chrony/chrony.conf is the configuration file for chronyd. The default configuration is populated with:

FILE /etc/chrony/chrony.conf
# Use public NTP servers from the project.
pool iburst

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# In first three updates step the system clock instead of slew
# if the adjustment is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).

hwclockfile /etc/adjtime
Time zones and location of the server do not matter for the NTP protocol; it synchronizes via UTC.

On systems where a network connection is not always available at boot (laptops, etc.), it might help to change the pool line in the server configuration:

FILE /etc/chrony/chrony.conf
pool iburst auto_offline

This tells chronyd that the machine will be assumed to have gone offline when 2 requests have been sent to it without receiving a response. You will need to use the chronyc online command to re-enable polling (See below)

Enable Network Time Security (NTS)

NTS provides cryptographic security on NTP client-server connections using Transport Layer Security (TLS) and Authenticated Encryption with Associated Data (AEAD) (RFC 8915). In order to use this you need to set specific servers supporting NTS:

FILE /etc/chrony/chrony.conf
server iburst nts

server       iburst nts

server         iburst nts

server     iburst nts
server     iburst nts
server     iburst nts

# NTS cookie jar to minimise NTS-KE requests upon chronyd restart
ntsdumpdir /var/lib/chrony

Use UTC time

chronyd assumes by default that the RTC keeps local time (including any daylight saving changes). To use UTC instead use:

FILE /etc/chrony/chrony.conf

Acting as a local NTP server

By default, chronyd only synchronizes the local machine time. By adding allow and deny rules, it will act as a local NTP source:

FILE /etc/chrony/chrony.conf
# Note order does not matter for this example, order does matter with 'allow all' or 'deny all'
# Allow a specific IP
# Deny a certain subnet
deny 1.2.3
# Allow all of the 1.2.x.x subnet
allow 1.2


chronyc Client Interface Tool

chronyc is a command-line interface program which can be used to monitor chronyd's performance and to change various operating parameters whilst it is running. A full list of commands can be found in the manual, man 1 chronyc


root #chronyc offline # Set all sources offline
root #chronyc online # Set all sources online

chronyd service


Add chronyd to the default runlevel to have the time synchronized automatically.

root #rc-service chronyd start
root #rc-update add chronyd default

To monitor status of the server:

root #rc-service chronyd status


To run the chronyd sync service:

root #systemctl start chronyd.service

To have the chronyd sync service start at boot:

root #systemctl enable chronyd.service

To monitor status of the chronyd service:

root #systemctl status chronyd.service

See also

External resources