2.2 KiB
Notes on NTP Daemon Setup
As mentioned elsewhere in these docs, there are several NTP daemons available, including:
- The reference NTP daemon from ntp.org; see their support website
- OpenNTPD
- chrony
- Maybe NTPsec, once it's production-ready
- Maybe Ntimed, once it's production-ready
- More
It's tricky to make an NTP daemon setup secure. Always install the latest version and read the documentation about how to configure and run it securely.
Ubuntu Packages
The Ubuntu 14.04 (Trusty Tahr) package ntp is based on the reference implementation of an NTP daemon.
The following commands will uninstall the ntp and ntpdate packages, install the latest ntp package (which might not be based on the latest ntpd code), and start the NTP daemon (a local NTP server). (ntpdate is not reinstalled because it's deprecated and you shouldn't use it.)
sudo apt-get --purge remove ntp ntpdate
sudo apt-get autoremove
sudo apt-get update
sudo apt-get install ntp
# That should start the NTP daemon too, but just to be sure:
sudo service ntp restart
You can check if NTP is running using sudo ntpq -p.
You may want to use different NTP time servers. You can change them by editing the NTP config file /etc/ntp.conf.
Note: A server running the NTP daemon can be used by others for DRDoS amplification attacks. The above installation procedure should install a default NTP configuration file /etc/ntp.conf with the lines:
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
Those lines should prevent the NTP daemon from being used in an attack. (The first line is for IPv4, the second for IPv6.)
There are additional things you can do to make NTP more secure. See the NTP Support Website for more details.