The Network Time Protocol (NTP) defines a set of algorithms for the dissemination of time across the Internet. The NTP protocol can be used to synchronise the system time on your Linux Server with a highly accurate Internet time reference.
This article describes how to configure the Network Time Protocol (NTP) daemon on your Linux server to synchronise with an Internet based NTP server. It also provides a list of well-know public Internet time references.
Obtaining the NTP Source Code Distribution
The Linux NTP source code distribution is publicly available open source’ software. The distribution can be freely downloaded from the NTP web site ntp.org’. The latest NTP version for Linux is 2.4.2. A port is also available for Windows platforms, but the primary development platform for NTP is the Linux operating system. A number of Linux based operating systems such as Mandrake and Redhat offer NTP as an installable RPM package.
Once download is complete, the NTP distribution should be configured and compiled on the host computer.
Configuration of the NTP Daemon
The NTP daemon is configured through entries in the primary NTP configuration file ntp.conf’. The NTP configuration file contains a list of commands that instruct the daemon to synchronise with a specified NTP server. NTP servers are specified using the server’ command followed by the domain name of the server thus:
server ntp2c.mcc.ac.uk
server ntp.cis.strath.ac.uk
A number of access control options are also available to restrict the use of your NTP server by network time clients. To only allow machines on your own network to synchronize with the server use:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Alternatively, you can restrict all access to your NTP server with the following command:
restrict default ignore
Multiple directives can be specified to restrict access to a specified range of computers.
Using NTP Authentication
NTP authentication is used by time clients to authenticate the time server to prevent rogue server intervention. NTP authentication is based on encrypted keys. A key is encrypted and sent to the client by the server, where it is unencrypted and checked against the client key to ensure a match.
NTP keys are stored in the ntp.keys’ file in the following format:
Key-number M Key (The M stands for MD5 encryption), e.g.:
1 M secret
5 M RaBBit
7 M TiMeLy
10 M MYKEY
The NTP configuration file ntp.conf’ specifies which of the keys are trusted. Any keys specified in the keys file but not trusted will not be used for authentication, e.g.:
trustedkey 1 7 10
NTP Client Authentication Configuration
The NTP client also needs to be configured with similar authentication information as the server. The client may use a subset of the keys specified on the server. A different subset of keys can also be used on different clients, e.g.:
Client A) Client B)
1 M secret 1 M secret
7 M TiMeLy 5 M RaBBit
trustedkey 1 7 trustedkey 1
Controlling the NTP Server Daemon
Once configured, the NTP daemon can be controlled using the commands: ntpd start’; ntpd stop’ and ntpd restart’.
Querying the NTP Server Daemon
The NTP server daemon can be queried using the ntpq p’ command. The ntpq command queries the NTP server for synchronisation status and provides a list of servers with synchronisation information for each server.
Public Internet NTP Servers
Public NTP servers provide subscription free, highly accurate, timing references for computer time synchronisation. Below is a list of popular public NTP time servers.
Stratum 1 Public NTP Servers
chronos.csr.net – 194.35.252.7 – Computing Systems Research Ltd. United Kingdom – NTP V4 primary (Odetics GPS), Sun/Sparc Solaris 2.6
ntp.my-inbox.co.uk – 81.168.77.149 – Falmouth, Cornwall, UK – NTP V4.2.0 primary (MSF Radio Clock Receiver), Trustix Linux
Stratum 2 Public NTP Servers
ntp2.sandvika.net – 194.164.127.6 – Telehouse Europe, London E14 – NTP V4 secondary Sun UltraSPARC Solaris 8
ntp2d.mcc.ac.uk – 130.88.203.12 – University of Manchester, Manchester, England – NTP secondary (S2), SGI/Irix
ntp2c.mcc.ac.uk – 130.88.200.4 – University of Manchester, Manchester, England – NTP secondary (S2), PC/FreeBSD
ntp.exnet.com – 194.207.34.9 – ExNet Ltd, London, UK – NTP secondary (stratum 2), Sun-4/Unix
audaxsystems.co.uk – 193.201.200.83 – Interhouse London E14 – NTP V4, SuSE 9.0 (Stratum 1)
ntp1.sandvika.net – 194.164.127.5 – Telehouse Europe, London E14 – NTP V4 secondary Sun UltraSPARC Solaris 8
ntp.cis.strath.ac.uk – University of Strathclyde, Glasgow, Scotland – NTP V4 secondary
ntp0.sandvika.net – 194.164.127.4 – Telehouse Europe, London E14 – NTP V4 secondary Sun UltraSPARC Solaris 8