Configuring NTP on your Linux Server

Mar 23
22:13

2007

Dave Evans

Dave Evans

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

This article describes how to configure the Network Time Protocol (NTP) daemon on your Linux server to synchronise with an Internet based NTP server. It also provides a list of well-know public Internet time references.

mediaimage
The Network Time Protocol (NTP) defines a set of algorithms for the dissemination of time across the Internet. The NTP protocol can be used to synchronise the system time on your Linux Server with a highly accurate Internet time reference.

This article describes how to configure the Network Time Protocol (NTP) daemon on your Linux server to synchronise with an Internet based NTP server. It also provides a list of well-know public Internet time references.

Obtaining the NTP Source Code DistributionThe Linux NTP source code distribution is publicly available ‘open source' software. The distribution can be freely downloaded from the NTP web site ‘ntp.org'. The latest NTP version for Linux is 2.4.2. A port is also available for Windows platforms,Configuring NTP on your Linux Server Articles but the primary development platform for NTP is the Linux operating system. A number of Linux based operating systems such as Mandrake and Redhat offer NTP as an installable RPM package.

Once download is complete, the NTP distribution should be configured and compiled on the host computer.

Configuration of the NTP DaemonThe NTP daemon is configured through entries in the primary NTP configuration file ‘ntp.conf'. The NTP configuration file contains a list of commands that instruct the daemon to synchronise with a specified NTP server. NTP servers are specified using the ‘server' command followed by the domain name of the server thus:server ntp2c.mcc.ac.ukserver ntp.cis.strath.ac.ukA number of access control options are also available to restrict the use of your NTP server by network time clients. To only allow machines on your own network to synchronize with the server use:restrict 192.168.1.0 mask 255.255.255.0 nomodify notrapAlternatively, you can restrict all access to your NTP server with the following command:restrict default ignoreMultiple directives can be specified to restrict access to a specified range of computers.

Using NTP AuthenticationNTP authentication is used by time clients to authenticate the time server to prevent rogue server intervention. NTP authentication is based on encrypted keys. A key is encrypted and sent to the client by the server, where it is unencrypted and checked against the client key to ensure a match.

NTP keys are stored in the ‘ntp.keys' file in the following format:

Key-number M Key (The M stands for MD5 encryption), e.g.:

1 M secret5 M RaBBit7 M TiMeLy10 M MYKEYThe NTP configuration file ‘ntp.conf' specifies which of the keys are trusted. Any keys specified in the keys file but not trusted will not be used for authentication, e.g.:

trustedkey 1 7 10NTP Client Authentication ConfigurationThe NTP client also needs to be configured with similar authentication information as the server. The client may use a subset of the keys specified on the server. A different subset of keys can also be used on different clients, e.g.:

 

Client A) Client B)1 M secret 1 M secret7 M TiMeLy 5 M RaBBittrustedkey 1 7 trustedkey 1Controlling the NTP Server DaemonOnce configured, the NTP daemon can be controlled using the commands: ‘ntpd start'; ‘ntpd stop' and ‘ntpd restart'.

Querying the NTP Server DaemonThe NTP server daemon can be queried using the ‘ntpq –p' command. The ntpq command queries the NTP server for synchronisation status and provides a list of servers with synchronisation information for each server.

Public Internet NTP ServersPublic NTP servers provide subscription free, highly accurate, timing references for computer time synchronisation. Below is a list of popular public NTP time servers.

Stratum 1 Public NTP Serverschronos.csr.net - 194.35.252.7 - Computing Systems Research Ltd. United Kingdom - NTP V4 primary (Odetics GPS), Sun/Sparc Solaris 2.6ntp.my-inbox.co.uk - 81.168.77.149 - Falmouth, Cornwall, UK - NTP V4.2.0 primary (MSF Radio Clock Receiver), Trustix LinuxStratum 2 Public NTP Serversntp2.sandvika.net - 194.164.127.6 - Telehouse Europe, London E14 - NTP V4 secondary Sun UltraSPARC Solaris 8ntp2d.mcc.ac.uk - 130.88.203.12 - University of Manchester, Manchester, England - NTP secondary (S2), SGI/Irixntp2c.mcc.ac.uk - 130.88.200.4 - University of Manchester, Manchester, England - NTP secondary (S2), PC/FreeBSDntp.exnet.com - 194.207.34.9 - ExNet Ltd, London, UK - NTP secondary (stratum 2), Sun-4/Unixaudaxsystems.co.uk - 193.201.200.83 - Interhouse London E14 - NTP V4, SuSE 9.0 (Stratum 1)ntp1.sandvika.net - 194.164.127.5 - Telehouse Europe, London E14 - NTP V4 secondary Sun UltraSPARC Solaris 8ntp.cis.strath.ac.uk - University of Strathclyde, Glasgow, Scotland - NTP V4 secondaryntp0.sandvika.net - 194.164.127.4 - Telehouse Europe, London E14 - NTP V4 secondary Sun UltraSPARC Solaris 8