How to Install Chrony as NTP Server and Client on Debian 12

March 7, 2024 March 7, 2024 6 min read

Having synchronized time between your servers is important, especially for Distributed applications. Chrony is a modern implementation of NTP (Network Time Protocol) for Unix and Linux operating systems, such as Debian. It can be used as an NTP server software, as well as an NTP client.

This guide shows you how to install Chrony as an NTP server and client on a Debian server.

Now let’s get started.

Prerequisites

Make sure you have the following prerequisites before starting:

A Debian 12 server with a non-root user as an administrator via sudo, and the UFW (Uncomplicated Firewall) initialized. To achieve this, follow the Initial server setup with Debian 12.
Optional: a Debian machine for NTP client.

Installing Chrony on Debian

Chrony is a modern implementation of the NTP protocol for Unix and Linux operating systems. It can be used as both an NTP server and a client. On Debian, chrony is available in the main repository, which can be installed via APT.

To install chrony on the Debian server, follow these steps:

1. First, use the following command to update your Debian package index and get the latest version of package information.

sudo apt update

2. Now, install the chrony package by executing the apt install command below. Input y when prompted to proceed with the installation.

sudo apt install chrony

3. After chrony is installed, there will be two things added to your system:

chronyc: The command line for managing and monitoring Chrony.
chronyd: The main service for Chrony is managed via the systemctl utility.

Managing Chrony Service on Debian

With the chrony installed, the service is running and enabled automatically. Before configuring chrony as an NTP server or client, you will learn how to manage chrony service.

To manage chrony service on Debian, carry out the following actions:

1. To start the chronyd service, enter the following systemctl command.

sudo systemctl start chronyd

2. If you need to stop the chronyd service, run the systemctl stop command below.

sudo systemctl stop chronyd

3. If you make changes to your Chrony installation, you must restart it using the following command.

sudo systemctl restart chronyd

4. Lastly, use the following command to verify the chronyd service. If chrony is running, the output will be "active (running)".

sudo systemctl status chronyd

Checking chronyd service via systemctl utility

Creating NTP Server with Chrony on Debian

Now that you’ve learned how to manage chrony service, you’ll configure chrony as an NTP server on Debian. In most cases, you should deploy an NTP server for clients on your local networks. Also, this allows computers within your networks to have synchronized clocks from a single source.

To set up the NTP server with chrony, follow these instructions:

1. Visit https://www.ntppool.org/zone and choose the NTP server near your server location. The following example will be using the NTP server us.pool.ntp.org as the NTP source.

Selecting NTP server sources via ntppool.org

2. Now open the Chrony configuration /etc/chrony/chrony.conf using your preferred text editor. This example will be using Vim.

sudo vim /etc/chrony/chrony.conf

Change the default NTP source with the new configuration like the following.

pool 0.us.pool.ntp.org iburst
pool 1.us.pool.ntp.org iburst
pool 2.us.pool.ntp.org iburst
pool 3.us.pool.ntp.org iburst

Uncomment the allow parameter and input the subnet of your internal network. This will allow your network to access the NTP server installation.

allow 192.168.5.0/24

When finished, save the file and exit the editor.

3. After making changes, run the following command to restart the chronyd service and apply the changes.

sudo systemctl restart chronyd

4. Next, run the chronyc command below to make immediate changes and synchronize your system time with the new NTP source.

sudo chronyc -a makestep

5. Then, verify your system clock performance using the chronyc command below.

sudo chronyc tracking

From the output. you should see the following:

Reference ID: The NTP server source is currently your system clock synchronized.
Startum: How many hops away from your system to the NTP source.
Ref Time: The last measurement time from the NTP source was processed.

6. Lastly, run the following command to check the NTP sources that your system is currently connected to.

sudo chronyc sources

You should see the list of NTP servers that you’re currently connected to.

M or mode of the source of NTP, ^ means server, = means peer, and # means locally connected clock.
S or state of NTP sources, * means the source that is currently synchronized, + means acceptable NTP source, - means acceptable NTP source but excluded by algorithm, ? means the source that lost connectivity.
Name/IP Address shows you the NTP server source, which can be an IP address or domain name. This output will be the same as the Reference ID.

Checking NTP server sources that currently connected to

Allowing traffic to the NTP server via UFW

As you have now created an NTP server, you’ll allow traffic to the NTP server port 123/udp via UFW (Uncomplicated Firewall). Perform these tasks to allow traffic on your NTP server:

1. Run the following command to allow traffic to NTP port 123/udp.

sudo ufw allow 123/udp

2. Once added, run the command below to verify firewall status. Make sure port 123/udp is available on the UFW list.

sudo ufw status

Configuring Chrony as NTP Client on Debian

Since you’ve finished the configuration of the NTP server with chrony, let’s move on to configure chrony as an NTP client on Debian. In this example, I will configure chrony as an NTP client on the Debian server with the hostname hadoop.

To setup NTP client with chrony, execute these tasks:

1. Connect and log in to your Debian client machine.

2. Now, update and refresh your repositories on your Debian client. Then, install Chrony via the apt command. Type y to proceed with the installation.

# updating repository
sudo apt update

# installing chrony
sudo apt install chrony

3. After Chrony is installed, open the default configuration /etc/chrony/chrony.conf using vim.

sudo vim /etc/chrony/chrony.conf

Change the default source to the IP address of your local NTP server.

server 192.168.5.30

Save and close the file after finished.

4. Next, run the following systemctl command to restart the chronyd service and your changes.

sudo systemctl restart chrony

5. Now that the NTP client configuration is finished, verify your settings using the chronyc commands below.

# checking NTP server source
sudo chronyc sources

# tracking time
sudo chronyc tracking

If your NTP client configuration is successful, the expected output should be the IP address of your NTP server.

Checking NTP server source and stats of chronyd daemon on Debian client

Conclusion

You now have an NTP server installed via Chrony on the Debian server. You also have configured the NTP client with Chrony on the Debian machine. Chrony is a lightweight implementation of NTP that also supports NTPS, the secure version of NTP.

If you have followed my Debian basic guide so far, then you’re ready to install your applications. You also may need to install the following as needed:

ArvidL

System administrator and devops enthusiast, leveraging over 10+ years of Linux expertise to optimize operations. Proficient in FreeBSD, VMWare, KVM, Proxmox, PfSense, Ansible, Docker, and Kubernetes.