Debian 12 Bookworm: Install NTP Server

Introduction

Network Time Protocol (NTP) is a networking protocol designed to synchronize the clocks of computers over a network. It ensures that all participating devices agree on the correct time.

Overview Install and Configure NTP Server (NTPsec) Install and Configure NTP Server (Chrony) Install and Configure NTP Client

Navbar

• Overview
• Install and Configure NTP Server (NTPsec)
• Install and Configure NTP Server (Chrony)
• Install and Configure NTP Client

Overview

NTP is crucial for the smooth operation of various networked systems, including financial transactions, network monitoring, and distributed computing processes.

What

NTP stands for Network Time Protocol. It is a protocol used to synchronize the clocks of computers to a reference time source over a network.

Who

NTP is used by network administrators, IT professionals, and any organization that requires precise timekeeping for their networked systems.

Where

NTP is implemented in various environments including corporate networks, data centers, and public internet infrastructure.

When

NTP has been in use since 1985. It is critical for operations requiring synchronized time, such as log events, timestamping transactions, and coordinating networked systems.

Why

NTP is important because it ensures that all networked systems maintain the same time. This is essential for debugging, security, and accurate log management.

Pros	Cons
Ensures accurate time synchronization across systems.	Can be complex to configure and manage properly.
Improves security by providing accurate timestamps for logs.	Dependent on network connectivity and may be vulnerable to attacks.
Essential for systems requiring high precision.	Time discrepancies can still occur if not configured correctly.
Supports redundancy with multiple time sources.	Misconfigurations can lead to time drift across systems.

How

NTP works by synchronizing time with a reference time source, typically using a hierarchical system of time servers.

Primary Servers	Stratum 1 servers directly connected to authoritative time sources like GPS or atomic clocks.
Secondary Servers	Stratum 2 servers that synchronize with Stratum 1 servers.
Clients	End devices that synchronize with Stratum 2 servers.
Synchronization Protocol	Uses a series of time exchange messages to adjust the client's clock.

Consequences

Implementing NTP has several positive and negative consequences.

Positive	Enhanced security through accurate log timestamps. Improved coordination of networked systems. Reduced errors in time-dependent processes. Ensured compliance with time-sensitive regulations.
Negative	Complexity in configuration and management. Potential vulnerability to network attacks. Dependency on external time sources. Risk of misconfiguration leading to time drift.

Conclusion

In conclusion, NTP is a vital protocol for maintaining synchronized time across networked systems, ensuring accurate timekeeping, enhancing security, and facilitating smooth operation of various time-dependent processes. While it has its challenges, the benefits of implementing NTP far outweigh the drawbacks, making it an essential component of modern network infrastructure.

Install and Configure NTP Server (NTPsec)

Install NTPsec and Configure NTP server for time adjustment. NTP uses 123/UDP.

Step [1]Install and Configure NTPsec.

        
root@dlp:~# apt -y install ntpsec
root@dlp:~# vi /etc/ntpsec/ntp.conf
# line 24 : if you use your own NTP servers only and also 
# pool entries are a few, change number of value below or comment out the line
#tos minclock 4 minsane 3

# line 34 : comment out default settings and add NTP Servers for your timezone
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst
pool ntp.nict.id iburst 

root@dlp:~# systemctl restart ntpsec
# verify status
root@dlp:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset   jitter
===============================================================================
 ntp.nict.id     .POOL.          16 p    -  256    0   0.0000   0.0000   0.0001
+ntp-b3.nict.go. .NICT.           1 u   17   64    1  29.8311   0.8136   3.1750
+ntp-a3.nict.go. .NICT.           1 u   17   64    1  28.0380  -1.0282   3.2487
+ntp-b2.nict.go. .NICT.           1 u   17   64    1  30.1922   0.7200   3.1391
+ntp-k1.nict.id  .NICT.           1 u   17   64    1  27.4731  -0.7621   3.2226
*ntp-a2.nict.go. .NICT.           1 u   17   64    1  26.9883  -0.6428   3.3839
 2001:ce8:78::2  .INIT.          16 u    -   64    0   0.0000   0.0000   0.0001
 ntp-a2.nict.go. .INIT.          16 u    -   64    0   0.0000   0.0000   0.0001
 ntp-a3.nict.go. .INIT.          16 u    -   64    0   0.0000   0.0000   0.0001
 
 
 

Install and Configure NTP Server (Chrony)

Install Chrony and Configure NTP server for time adjustment. NTP uses 123/UDP.

Step [1]Install and Configure Chrony.

        
root@dlp:~# apt -y install chrony
root@dlp:~# vi /etc/chrony/chrony.conf
# line 8 : comment out default settings and add NTP Servers for your timezone
#pool 2.debian.pool.ntp.org iburst
pool ntp.nict.jp iburst 

# add to the end : network range you allow to receive time syncing requests from clients
allow 10.0.0.0/24 

root@dlp:~# systemctl restart chrony
# verify status
root@dlp:~# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^- ntp-a3.nict.go.jp             1   6    17     1   +582us[ +582us] +/- 9081us
^- ntp-b2.nict.go.jp             1   6    17     1  -1423us[-1423us] +/-   10ms
^- ntp-b3.nict.go.jp             1   6    17     1  +4168us[+4168us] +/-   16ms
^* ntp-a2.nict.go.jp             1   6    17     2   -298us[  -38us] +/- 9409us
        
        

Install and Configure NTP Client

NTP Client [systemd-timesyncd.service] is running by default on Ubuntu, so it's easy to set NTP Client. By the way, it's also possible to use NTPsec or Chrony as a NTP Client. If you use them, simply set only NTP server to sync time, do not set permission to receive time sync requests from other Hosts.

Step [1]Configure [systemd-timesyncd.service].

        
root@client:~# systemctl status systemd-timesyncd
*  systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; pr>
     Active: active (running) since Wed 2023-06-14 01:18:10 CDT; 19min ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 418 (systemd-timesyn)
     Status: "Contacted time server 217.178.99.126:123 (2.debian.pool.ntp.org)."
      Tasks: 2 (limit: 4639)
     Memory: 1.4M
        CPU: 28ms
     CGroup: /system.slice/systemd-timesyncd.service
.....
.....

root@client:~# vi /etc/systemd/timesyncd.conf
# add to the end : set NTP server for your timezone
NTP=dlp.bizantum.local
root@client:~# systemctl restart systemd-timesyncd
root@client:~# timedatectl timesync-status
       Server: 10.0.0.30 (dlp.bizantum.local)
Poll interval: 1min 4s (min: 32s; max 34min 8s)
         Leap: normal
      Version: 4
      Stratum: 2
    Reference: 85F3EEA4
    Precision: 1us (-24)
Root distance: 15.525ms (max: 5s)
       Offset: +2.284ms
        Delay: 425us
       Jitter: 0
 Packet count: 1
    Frequency: +9.874ppm