BestHub
Sign in
Operations 8 min read

How to Set Up and Secure NTP Time Synchronization on Linux

This guide walks you through installing NTP, configuring server and client settings, applying security restrictions, adding a local clock backup, logging, and verifying synchronization to keep Linux systems accurately timed across a network.

Open Source Linux
Open Source Linux
Open Source Linux
How to Set Up and Secure NTP Time Synchronization on Linux

Abstract: NTP (Network Time Protocol) synchronizes Linux system time with a central NTP server; local NTP servers can sync with external sources to keep all servers accurate.

1. Configure NTP Server

1. Install NTP Server

Use the package manager to install the ntp package, e.g., on RedHat/CentOS:

yum install ntp

2. Set Restriction Values in ntp.conf

Edit /etc/ntp.conf to add two restriction lines:

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

The first line allows other clients to query your time server. Parameters:

noquery prevents dumping status data.

notrap blocks control message traps.

nomodify blocks ntpq queries that try to modify the server.

nopeer blocks packets trying to establish peer associations.

Kod sends a “kiss‑of‑death” packet to reduce unnecessary queries.

The second line’s “-6” forces DNS resolution to IPv6 addresses. See man ntp_acc for more.

3. Allow Specific Clients Only

Add a restriction line for your own network:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

For full localhost access, add:

restrict 127.0.0.1

4. Add a Local Clock as Backup

Include a local clock in ntp.conf so the server can fall back when Internet connectivity is lost:

server 127.127.1.0 # local clock
fudge   127.127.1.0 stratum 10

Stratum indicates the distance from the primary time source; stratum‑0 devices are reference clocks.

5. Set NTP Log Parameters

Specify drift and log file locations:

driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log

The drift file records clock offset adjustments over time.

6. Start the NTP Service

service ntpd start

2. Configure NTP Client

7. Edit Client ntp.conf

On the client, edit /etc/ntp.conf and add multiple server entries for redundancy, e.g.:

server 0.ntp.org iburst
server 1.ntp.org iburst
server 2.ntp.org iburst
server 3.ntp.org iburst

“iburst” sends eight packets on the first poll to speed up synchronization.

You can also add your own server: server 192.168.1.1 prefer The “prefer” flag gives this server higher priority.

8. Start the NTP Daemon

/etc/init.d/ntp start

9. Check NTP Status

Use ntpq -p to view peers and offsets.

# ntpq -p
     remote            refid      st t when poll reach   delay   offset  jitter
*elserver1  192.168.1.1       3 u 300 1024  377    1.225   -0.071   4.606

10. Set Local Date and Time

Run a one‑time sync with ntpdate -u 192.168.1.1. After this, the client will continue to adjust its clock automatically.

You can also query detailed daemon status with ntpdc -c sysinfo.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxSystem AdministrationNTPtime synchronizationnetwork time protocol
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment