Re: SV: SV: [chrony-users] Output from chronyc sources -v
On Thu, Jan 25, 2024 at 01:19:41PM +, Henning Svane wrote: > In the configuration they communicate as servers but I have thought I would > prefer to use Peer, but when I read the documentation, I am unsure if this is > the best way. Client/server is better. > I can see the current version is 4.5 but the version coming with Ubuntu 22.04 > is 4.2.2, will you suggest to upgrade to version 4.5. Depends on your requirements. See the entries in NEWS between 4.2 and 4.5 to decide if it's worth the trouble to compile from source. > You mention that it is not a good praxis to mixing authenticated and > unauthenticated NTP sources, will it be sufficient to use a key file or do I > need to upgrade to NTS. Is it possible to setup chrony to respond both to NTS > and til NTP? Plain NTP, NTP protected by symmetric keys, and NTP protected by NTS can all be mixed in one configuration. Symmetric keys are simple to configure: - chronyc keygen 100 > /etc/chrony/chrony.keys - copy the key file to the other machines - add "key 100" to the server's specification in chrony.conf on all machines - restart chronyd - done -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
SV: SV: [chrony-users] Output from chronyc sources -v
Hi Thanks for your reply. I have 4 local NTP Servers running Chrony 4.2 on Ubuntu 22.04 The idea was they work as a team. In the configuration they communicate as servers but I have thought I would prefer to use Peer, but when I read the documentation, I am unsure if this is the best way. I can see the current version is 4.5 but the version coming with Ubuntu 22.04 is 4.2.2, will you suggest to upgrade to version 4.5. You mention that it is not a good praxis to mixing authenticated and unauthenticated NTP sources, will it be sufficient to use a key file or do I need to upgrade to NTS. Is it possible to setup chrony to respond both to NTS and til NTP? Regards Henning -Oprindelig meddelelse- Fra: Miroslav Lichvar Sendt: 24. januar 2024 14:30 Til: chrony-users@chrony.tuxfamily.org Emne: Re: SV: [chrony-users] Output from chronyc sources -v On Wed, Jan 24, 2024 at 12:25:27PM +, Henning Svane wrote: > sudo chronyc selectdata > S Name/IP AddressAuth COpts EOpts Last Score Interval Leap > === > * time.dfm.dk Y - --TR-0 1.0 -1620us +2207us N > + gbg1-ts.nts.netnod.se Y - --TR- 56 1.0 -3979us +3541us N > + gbg2-ts.nts.netnod.se Y - --TR- 57 1.0 -3895us +3548us N This output shows some sources combined. > D lul1-ts.nts.netnod.se Y - --TR- 52 1.0 -11ms +13ms N > D lul2-ts.nts.netnod.se Y - --TR- 72 1.0 -11ms +13ms N These two are not combined because their root distance (11+13ms) is too large when compared to the best source (1.6+2.2ms). > T ns.tele.dkN - -1 1.0 -4366us +6048us N > T swntp02.energy.dk N - - 72 1.0 -1685us +2349us N > T swntp03.energy.dk N - - 96 1.0 -1842us +2450us N > T swntp04.energy.dk N - - 76 1.0 -1627us +2387us N > T swntp02.energy.dk N - - 18 1.0 -1751us +2379us N > T swntp03.energy.dk N - -3 1.0 -1773us +2443us N > T NTP04.energy.dk N - - 89 1.0 -1557us +2405us N These sources are ignored because they are not authenticated and not more accurate than the best authenticated source. It's better to avoid mixing authenticated and unauthenticated NTP sources. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org. -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.