Linux下搭建ntp时间服务器
NTP是Network Time Protocol的缩写,又称为网络时间协议。是用来使计算机时间同步化的一种协议,它可以使计算机对其服务器或时钟源(如石英钟,GPS等等)做同步化,它可以提供高精准度的时间校正(LAN上与标准间差小于1毫秒,WAN上几十毫秒),且可介由加密确认的方式来防止恶毒的协议攻击。
条件:两个虚拟机 一台服务端、一台客户端
服务端配置:
1.安装ntp服务
yum install ntp ntpdate -y
修改ntp.conf配置文件
cp /etc/ntp.conf /etc/ntp.conf.bak
进行修改配置文件ntp.conf
vim /etc/ntp.conf
For more information about this file, see the man pages
ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift #在与上级时间服务器联系时所花费的时间,记录在driftfile参数后面的文件内
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery #我们对于默认的客户端拒绝所有的操作
restrict -6 default kod nomodify notrap nopeer noquery
Permit all access over the loopback interface. This could
b
e tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1 #开启内部递归网络接口lo 即允许本机地址一切的操作
restrict -6 ::1
Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap#我们允许局域网内所有客户端连接到这台服务器同步时间.但是拒绝让他们修改服务器上的时间
service 192.168.75.132 # 这句也是手动增加的,指明局域网中作为NTP服务器的IP
Use public servers from the pool.ntp.org project.
Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org #互联网上的三个ntp服务器
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
#sebroadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock #当服务器与公用的时间服务器失去联系时(连不上网),以局域网的时间服务器为客户端提供时间同步服务
fudge 127.127.1.0 stratum 10
Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
Key file containing the keys and key identifiers used when operating
with symmetric key cryptography.
keys /etc/ntp/keys
Specify the key identifiers which are trusted.
#trustedkey 4 8 42
Specify the key identifier to use with the ntpdc utility.
#requestkey 8
Specify the key identifier to use with the ntpq utility.
#controlkey 8
Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
启动NTP服务
service ntpd start #为了使服务可以在系统引导的时候自动启动,执行
检查时间服务器是否正确同步
ntpq -p