Servers

Use OpenNTPD for time synchronization


Traditionally, the time synchronization application used on Linux systems has been ntpd (network time protocol daemon). However, for quite some time now, the developers behind OpenSSH have created a secure, lean, and easy to configure NTP daemon called OpenNTPD. Many Linux distributions provide OpenNTPD, but few use it as the default ntpd service.

The traditional NTP service provided with Linux distributions comes in a client/server flavor. The client, ntpdate, connects to an NTP service and sets the system clock accordingly, to keep the system clock as accurate as possible. Ntpd does the same thing, but keeps checking the time servers to keep the system clock accurate, as well as acts as an ntpd server to other clients.

However, if you look at the NTP package with most distributions, you will see a handful of applications: ntpdate, ntpd, ntpq, ntp-keygen, ntpstat, and more. Contrast that to what comes with OpenNTPD: ntpd -- one single application that acts as both client and server. With the use of its very straightforward configuration file, you can determine whether or not ntpd acts as just a client, or as both server and client. By default, ntpd acts as a client only.

Starting ntpd is extremely simple and has a small number of options. Most distributions that provide OpenNTPD will also provide an initscript to start it. If such an initscript is not available, simply add the following to /etc/rc.d/rc.local or a similar one-time startup script:

/usr/sbin/ntpd

This will start the ntpd service, and it will immediately begin checking the clock time against the configured remote NTP servers and adjust the clock as necessary.

To have ntpd act as a server, edit /etc/ntpd.conf and uncomment one of the "listen" lines, such as:

listen 192.168.0.10

This will make ntpd listen for incoming requests on the IP address 192.168.0.10, port 123.

If you have multiple machines and wish to have one act as the primary NTP server for your local network, use a configuration similar to the following for the NTP server:

listen 192.168.0.10
servers pool.ntp.org

On the client systems, simply use:

server 192.168.0.10

This will cause all the client systems to contact the defined NTP server on the local network, which will reduce extraneous traffic to the world-wide NTP servers. The primary NTP server still sets the clock according to the world-wide NTP servers, and that time information is then easily propagated to the clients.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

4 comments
apotheon
apotheon

installing OpenNTPD: [b]cd /usr/ports/net/openntpd; make install clean[/b] If you have portupgrade installed, you can install thusly: [b]portinstall openntpd[/b] causing OpenNTPD to start automatically: [b]echo 'openntpd_enable="YES"' >> /etc/rc.conf[/b] You need root access for all the above.

Photogenic Memory
Photogenic Memory

I'm going to use this as a homeLan project first. This seems so much more flexible and simplistic than the later. Thanks for posting. May the binary download commence!

catseverywhere
catseverywhere

Thanks for the steer... I hadn't known about this. I've used ntpd seems like forever. The simplicity of this OpenNTP makes it a no-brainer. Learn something every day... especially from Tech Republic. Glad I signed up. I can't say enough good about the OpenSSH team, btw. The only thing I can say negative about ssh generically is it's lack of easy interoperability with Windows. Just try to use ssh keys to access a Linux server from Windows... I double dog dare ya. cat

apotheon
apotheon

"[i]The only thing I can say negative about ssh generically is it's lack of easy interoperability with Windows.[/i]" That's not an SSH problem. That's a Microsoft problem. Microsoft does not provide the kind of easy access for server processes and automatic client integration that you get with Unix, which makes incorporation of things like OpenSSH very difficult. Part of that is Microsoft's attempts to limit the ability of would-be competitors to produce software that integrates well with MS Windows. Another part is the piss-poor command shell capabilities of MS Windows.

Editor's Picks