NTP是Network Time Protocol的缩写,又称为网络时间协议。是用来使计算机时间同步化的一种协议,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化,它可以提供高精准度的时间校正(LAN上与标准间差小于1毫秒,WAN上几十毫秒),且可介由加密确认的方式来防止恶毒的协议攻击。
条件:两个虚拟机 一台服务端、一台客户端
服务端配置:
1.安装ntp服务
yum install ntp ntpdate -y
修改ntp.conf配置文件
cp /etc/ntp.conf /etc/ntp.conf.bak
进行修改配置文件ntp.conf
vim /etc/ntp.conf
For more information about this file, see the man pages
ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift #在与上级时间服务器联系时所花费的时间,记录在driftfile参数后面的文件内
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery #我们对于默认的客户端拒绝所有的操作
restrict -6 default kod nomodify notrap nopeer noquery
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1 #开启内部递归网络接口lo 即允许本机地址一切的操作
restrict -6 ::1
Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap#我们允许局域网内所有客户端连接到这台服务器同步时间.但是拒绝让他们修改服务器上的时间
service 192.168.75.132 # 这句也是手动增加的,指明局域网中作为NTP服务器的IP
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org #互联网上的三个ntp服务器
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
#sebroadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock #当服务器与公用的时间服务器失去联系时(连不上网),以局域网的时间服务器为客户端提供时间同步服务
fudge 127.127.1.0 stratum 10
Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
keys /etc/ntp/keys
Specify the key identifiers which are trusted.
#trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
#requestkey 8
Specify the key identifier to use with the ntpq utility.
#controlkey 8
Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
启动NTP服务
service ntpd start #为了使服务可以在系统引导的时候自动启动,执行
检查时间服务器是否正确同步
ntpq -p