1CHRONYC(1)                        User manual                       CHRONYC(1)
2
3
4

NAME

6       chronyc - command-line interface for chrony daemon
7

SYNOPSIS

9       chronyc [OPTION]... [COMMAND]...
10

DESCRIPTION

12       chronyc is a command-line interface program which can be used to
13       monitor chronyd’s performance and to change various operating
14       parameters whilst it is running.
15
16       If no commands are specified on the command line, chronyc will expect
17       input from the user. The prompt chronyc> will be displayed when it is
18       being run from a terminal. If chronyc’s input or output are redirected
19       from or to a file, the prompt will not be shown.
20
21       There are two ways chronyc can access chronyd. One is the Internet
22       Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is
23       accessible locally by the root or chrony user. By default, chronyc
24       first tries to connect to the Unix domain socket. The compiled-in
25       default path is /run/chrony/chronyd.sock. If that fails (e.g. because
26       chronyc is running under a non-root user), it will try to connect to
27       127.0.0.1 and then ::1.
28
29       Only the following monitoring commands, which do not affect the
30       behaviour of chronyd, are allowed from the network: activity, manual
31       list, rtcdata, smoothing, sourcename, sources, sourcestats, tracking,
32       waitsync. The set of hosts from which chronyd will accept these
33       commands can be configured with the cmdallow directive in the chronyd’s
34       configuration file or the cmdallow command in chronyc. By default, the
35       commands are accepted only from localhost (127.0.0.1 or ::1).
36
37       All other commands are allowed only through the Unix domain socket.
38       When sent over the network, chronyd will respond with a ‘Not
39       authorised’ error, even if it is from localhost.
40
41       Having full access to chronyd via chronyc is more or less equivalent to
42       being able to modify the chronyd’s configuration file and restart it.
43

OPTIONS

45       -4
46           With this option hostnames will be resolved only to IPv4 addresses.
47
48       -6
49           With this option hostnames will be resolved only to IPv6 addresses.
50
51       -n
52           This option disables resolving of IP addresses to hostnames, e.g.
53           to avoid slow DNS lookups. Long addresses will not be truncated to
54           fit into the column.
55
56       -N
57           This option enables printing of original hostnames or IP addresses
58           of NTP sources that were specified in the configuration file, or
59           chronyc commands. Without the -n and -N option, the printed
60           hostnames are obtained from reverse DNS lookups and can be
61           different from the specified hostnames.
62
63       -c
64           This option enables printing of reports in a comma-separated values
65           (CSV) format. Reverse DNS lookups will be disabled, time will be
66           printed as number of seconds since the epoch, and values in seconds
67           will not be converted to other units.
68
69       -d
70           This option enables printing of debugging messages if chronyc was
71           compiled with debugging support.
72
73       -m
74           Normally, all arguments on the command line are interpreted as one
75           command. With this option multiple commands can be specified. Each
76           argument will be interpreted as a whole command.
77
78       -h host
79           This option allows the user to specify which host (or
80           comma-separated list of addresses) running the chronyd program is
81           to be contacted. This allows for remote monitoring, without having
82           to connect over SSH to the other host first.
83
84           The default is to contact chronyd running on the same host where
85           chronyc is being run.
86
87       -p port
88           This option allows the user to specify the UDP port number which
89           the target chronyd is using for its monitoring connections. This
90           defaults to 323; there would rarely be a need to change this.
91
92       -f file
93           This option is ignored and is provided only for compatibility.
94
95       -a
96           This option is ignored and is provided only for compatibility.
97
98       -v, --version
99           With this option chronyc displays its version number on the
100           terminal and exits.
101
102       --help
103           With this option chronyc displays a help message on the terminal
104           and exits.
105

COMMANDS

107       This section describes each of the commands available within the
108       chronyc program.
109
110   System clock
111       tracking
112           The tracking command displays parameters about the system’s clock
113           performance. An example of the output is shown below.
114
115               Reference ID    : CB00710F (foo.example.net)
116               Stratum         : 3
117               Ref time (UTC)  : Fri Jan 27 09:49:17 2017
118               System time     : 0.000006523 seconds slow of NTP time
119               Last offset     : -0.000006747 seconds
120               RMS offset      : 0.000035822 seconds
121               Frequency       : 3.225 ppm slow
122               Residual freq   : -0.000 ppm
123               Skew            : 0.129 ppm
124               Root delay      : 0.013639022 seconds
125               Root dispersion : 0.001100737 seconds
126               Update interval : 64.2 seconds
127               Leap status     : Normal
128
129           The fields are explained as follows:
130
131           Reference ID
132               This is the reference ID and name (or IP address) of the server
133               to which the computer is currently synchronised. For IPv4
134               addresses, the reference ID is equal to the address and for
135               IPv6 addresses it is the first 32 bits of the MD5 sum of the
136               address.
137
138               If the reference ID is 7F7F0101 and there is no name or IP
139               address, it means the computer is not synchronised to any
140               external source and that you have the local mode operating (via
141               the local command in chronyc, or the local directive in the
142               configuration file).
143
144               The reference ID is printed as a hexadecimal number. Note that
145               in older versions it used to be printed in quad-dotted notation
146               and could be confused with an IPv4 address.
147
148           Stratum
149               The stratum indicates how many hops away from a computer with
150               an attached reference clock we are. Such a computer is a
151               stratum-1 computer, so the computer in the example is two hops
152               away (i.e. foo.example.net is a stratum-2 and is synchronised
153               from a stratum-1).
154
155           Ref time
156               This is the time (UTC) at which the last measurement from the
157               reference source was processed.
158
159           System time
160               In normal operation, chronyd by default never steps the system
161               clock, because any jump in the time can have adverse
162               consequences for certain application programs. Instead, any
163               error in the system clock is corrected by slightly speeding up
164               or slowing down the system clock until the error has been
165               removed, and then returning to the system clock’s normal speed.
166               A consequence of this is that there will be a period when the
167               system clock (as read by other programs) will be different from
168               chronyd’s estimate of the current true time (which it reports
169               to NTP clients when it is operating as a server). The value
170               reported on this line is the difference due to this effect.
171
172           Last offset
173               This is the estimated local offset on the last clock update. A
174               positive value indicates the local time (as previously
175               estimated true time) was ahead of the time sources.
176
177           RMS offset
178               This is a long-term average of the offset value.
179
180           Frequency
181               The ‘frequency’ is the rate by which the system’s clock would
182               be wrong if chronyd was not correcting it. It is expressed in
183               ppm (parts per million). For example, a value of 1 ppm would
184               mean that when the system’s clock thinks it has advanced 1
185               second, it has actually advanced by 1.000001 seconds relative
186               to true time.
187
188           Residual freq
189               This shows the ‘residual frequency’ for the currently selected
190               reference source. This reflects any difference between what the
191               measurements from the reference source indicate the frequency
192               should be and the frequency currently being used.
193
194               The reason this is not always zero is that a smoothing
195               procedure is applied to the frequency. Each time a measurement
196               from the reference source is obtained and a new residual
197               frequency computed, the estimated accuracy of this residual is
198               compared with the estimated accuracy (see ‘skew’ next) of the
199               existing frequency value. A weighted average is computed for
200               the new frequency, with weights depending on these accuracies.
201               If the measurements from the reference source follow a
202               consistent trend, the residual will be driven to zero over
203               time.
204
205           Skew
206               This is the estimated error bound on the frequency.
207
208           Root delay
209               This is the total of the network path delays to the stratum-1
210               computer from which the computer is ultimately synchronised.
211
212           Root dispersion
213               This is the total dispersion accumulated through all the
214               computers back to the stratum-1 computer from which the
215               computer is ultimately synchronised. Dispersion is due to
216               system clock resolution, statistical measurement variations,
217               etc.
218
219               An absolute bound on the computer’s clock accuracy (assuming
220               the stratum-1 computer is correct) is given by:
221
222                   clock_error <= |system_time_offset| + root_dispersion + (0.5 * root_delay)
223
224           Update interval
225               This is the interval between the last two clock updates.
226
227           Leap status
228               This is the leap status, which can be Normal, Insert second,
229               Delete second or Not synchronised.
230
231       makestep, makestep threshold limit
232           Normally chronyd will cause the system to gradually correct any
233           time offset, by slowing down or speeding up the clock as required.
234           In certain situations, the system clock might be so far adrift that
235           this slewing process would take a very long time to correct the
236           system clock.
237
238           The makestep command can be used in this situation. There are two
239           forms of the command. The first form has no parameters. It tells
240           chronyd to cancel any remaining correction that was being slewed
241           and jump the system clock by the equivalent amount, making it
242           correct immediately.
243
244           The second form configures the automatic stepping, similarly to the
245           makestep directive. It has two parameters, stepping threshold (in
246           seconds) and number of future clock updates for which the threshold
247           will be active. This can be used with the burst command to quickly
248           make a new measurement and correct the clock by stepping if needed,
249           without waiting for chronyd to complete the measurement and update
250           the clock.
251
252               makestep 0.1 1
253               burst 1/2
254
255           BE WARNED: Certain software will be seriously affected by such
256           jumps in the system time. (That is the reason why chronyd uses
257           slewing normally.)
258
259       maxupdateskew skew-in-ppm
260           This command has the same effect as the maxupdateskew directive in
261           the configuration file.
262
263       waitsync [max-tries [max-correction [max-skew [interval]]]]
264           The waitsync command waits for chronyd to synchronise.
265
266           Up to four optional arguments can be specified. The first is the
267           maximum number of tries before giving up and returning a non-zero
268           error code. When 0 is specified, or there are no arguments, the
269           number of tries will not be limited.
270
271           The second and third arguments are the maximum allowed remaining
272           correction of the system clock and the maximum allowed skew (in
273           ppm) as reported by the tracking command in the System time and
274           Skew fields. If not specified or zero, the value will not be
275           checked.
276
277           The fourth argument is the interval specified in seconds in which
278           the check is repeated. The interval is 10 seconds by default.
279
280           An example is:
281
282               waitsync 60 0.01
283
284           which will wait up to about 10 minutes (60 times 10 seconds) for
285           chronyd to synchronise to a source and the remaining correction to
286           be less than 10 milliseconds.
287
288   Time sources
289       sources [-a] [-v]
290           This command displays information about the current time sources
291           that chronyd is accessing.
292
293           If the -a option is specified, all sources are displayed, including
294           those that do not have a known address yet. Such sources have an
295           identifier in the format ID#XXXXXXXXXX, which can be used in other
296           commands expecting a source address.
297
298           The -v option enables a verbose output. In this case, extra caption
299           lines are shown as a reminder of the meanings of the columns.
300
301               MS Name/IP address         Stratum Poll Reach LastRx Last sample
302               ===============================================================================
303               #* GPS0                          0   4   377    11   -479ns[ -621ns] +/-  134ns
304               ^? foo.example.net               2   6   377    23   -923us[ -924us] +/-   43ms
305               ^+ bar.example.net               1   6   377    21  -2629us[-2619us] +/-   86ms
306
307           The columns are as follows:
308
309           M
310               This indicates the mode of the source. ^ means a server, =
311               means a peer and # indicates a locally connected reference
312               clock.
313
314           S
315               This column indicates the selection state of the source.
316
317* indicates the best source which is currently selected for
318                   synchronisation.
319
320+ indicates other sources selected for synchronisation,
321                   which are combined with the best source.
322
323- indicates a source which is considered to be selectable
324                   for synchronisation, but not currently selected.
325
326x indicates a source which chronyd thinks is a falseticker
327                   (i.e. its time is inconsistent with a majority of other
328                   sources, or sources specified with the trust option).
329
330~ indicates a source whose time appears to have too much
331                   variability.
332
333? indicates a source which is not considered to be
334                   selectable for synchronisation for other reasons (e.g.
335                   unreachable, not synchronised, or does not have enough
336                   measurements).
337
338
339               The selectdata command can be used to get more details about
340               the selection state.
341
342           Name/IP address
343               This shows the name or the IP address of the source, or
344               reference ID for reference clocks.
345
346           Stratum
347               This shows the stratum of the source, as reported in its most
348               recently received sample. Stratum 1 indicates a computer with a
349               locally attached reference clock. A computer that is
350               synchronised to a stratum 1 computer is at stratum 2. A
351               computer that is synchronised to a stratum 2 computer is at
352               stratum 3, and so on.
353
354           Poll
355               This shows the rate at which the source is being polled, as a
356               base-2 logarithm of the interval in seconds. Thus, a value of 6
357               would indicate that a measurement is being made every 64
358               seconds. chronyd automatically varies the polling rate in
359               response to prevailing conditions.
360
361           Reach
362               This shows the source’s reachability register printed as an
363               octal number. The register has 8 bits and is updated on every
364               received or missed packet from the source. A value of 377
365               indicates that a valid reply was received for all from the last
366               eight transmissions.
367
368           LastRx
369               This column shows how long ago the last good sample (which is
370               shown in the next column) was received from the source.
371               Measurements that failed some tests are ignored. This is
372               normally in seconds. The letters m, h, d or y indicate minutes,
373               hours, days, or years.
374
375           Last sample
376               This column shows the offset between the local clock and the
377               source at the last measurement. The number in the square
378               brackets shows the actual measured offset. This can be suffixed
379               by ns (indicating nanoseconds), us (indicating microseconds),
380               ms (indicating milliseconds), or s (indicating seconds). The
381               number to the left of the square brackets shows the original
382               measurement, adjusted to allow for any slews applied to the
383               local clock since. The number following the +/- indicator shows
384               the margin of error in the measurement. Positive offsets
385               indicate that the local clock is ahead of the source.
386
387       sourcestats [-a] [-v]
388           The sourcestats command displays information about the drift rate
389           and offset estimation process for each of the sources currently
390           being examined by chronyd.
391
392           If the -a option is specified, all sources are displayed, including
393           those that do not have a known address yet. Such sources have an
394           identifier in the format ID#XXXXXXXXXX, which can be used in other
395           commands expecting a source address.
396
397           The -v option enables a verbose output. In this case, extra caption
398           lines are shown as a reminder of the meanings of the columns.
399
400           An example report is:
401
402               Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
403               ===============================================================================
404               foo.example.net            11   5   46m     -0.001      0.045      1us    25us
405
406           The columns are as follows:
407
408           Name/IP Address
409               This is the name or IP address of the NTP server (or peer) or
410               reference ID of the reference clock to which the rest of the
411               line relates.
412
413           NP
414               This is the number of sample points currently being retained
415               for the server. The drift rate and current offset are estimated
416               by performing a linear regression through these points.
417
418           NR
419               This is the number of runs of residuals having the same sign
420               following the last regression. If this number starts to become
421               too small relative to the number of samples, it indicates that
422               a straight line is no longer a good fit to the data. If the
423               number of runs is too low, chronyd discards older samples and
424               re-runs the regression until the number of runs becomes
425               acceptable.
426
427           Span
428               This is the interval between the oldest and newest samples. If
429               no unit is shown the value is in seconds. In the example, the
430               interval is 46 minutes.
431
432           Frequency
433               This is the estimated residual frequency for the server, in
434               parts per million. In this case, the computer’s clock is
435               estimated to be running 1 part in 10^9 slow relative to the
436               server.
437
438           Freq Skew
439               This is the estimated error bounds on Freq (again in parts per
440               million).
441
442           Offset
443               This is the estimated offset of the source.
444
445           Std Dev
446               This is the estimated sample standard deviation.
447
448       selectdata [-a] [-v]
449           The selectdata command displays information specific to the
450           selection of time sources. If the -a option is specified, all
451           sources are displayed, including those that do not have a known
452           address yet. With the -v option, extra caption lines are shown as a
453           reminder of the meanings of the columns.
454
455           An example of the output is shown below.
456
457               S Name/IP Address        Auth COpts EOpts Last Score     Interval  Leap
458               =======================================================================
459               D foo.example.net           Y ----- --TR-    4   1.0   -61ms   +62ms  N
460               * bar.example.net           N ----- -----    0   1.0 -6846us +7305us  N
461               + baz.example.net           N ----- -----   10   1.0 -7381us +7355us  N
462
463           The columns are as follows:
464
465           S
466               This column indicates the state of the source after the last
467               source selection. It is similar to the state reported by the
468               sources command, but more states are reported.
469
470
471               The following states indicate the source is not considered
472               selectable for synchronisation:
473
474N - has the noselect option.
475
476M - does not have enough measurements.
477
478d - has a root distance larger than the maximum distance
479                   (configured by the maxdistance directive).
480
481~ - has a jitter larger than the maximum jitter (configured
482                   by the maxjitter directive).
483
484w - waits for other sources to get out of the M state.
485
486S - has older measurements than other sources.
487
488O - has a stratum equal or larger than the orphan stratum
489                   (configured by the local directive).
490
491T - does not fully agree with sources that have the trust
492                   option.
493
494x - does not agree with other sources (falseticker).
495
496
497               The following states indicate the source is considered
498               selectable, but it is not currently used for synchronisation:
499
500W - waits for other sources to be selectable (required by
501                   the minsources directive, or the require option of another
502                   source).
503
504P - another selectable source is preferred due to the
505                   prefer option.
506
507U - waits for a new measurement (after selecting a
508                   different best source).
509
510D - has, or recently had, a root distance which is too
511                   large to be combined with other sources (configured by the
512                   combinelimit directive).
513
514
515               The following states indicate the source is used for
516               synchronisation of the local clock:
517
518+ - combined with the best source.
519
520* - selected as the best source to update the reference
521                   data (e.g. root delay, root dispersion).
522
523           Name/IP address
524               This column shows the name or IP address of the source if it is
525               an NTP server, or the reference ID if it is a reference clock.
526
527           Auth
528               This column indicites whether an authentication mechanism is
529               enabled for the source. Y means yes and N means no.
530
531           COpts
532               This column displays the configured selection options of the
533               source.
534
535N indicates the noselect option.
536
537P indicates the prefer option.
538
539T indicates the trust option.
540
541R indicates the require option.
542
543           EOpts
544               This column displays the current effective selection options of
545               the source, which can be different from the configured options
546               due to the authentication selection mode (configured by the
547               authselmode directive). The symbols are the same as in the
548               COpts column.
549
550           Last
551               This column displays how long ago was the last measurement of
552               the source made when the selection was performed.
553
554           Score
555               This column displays the current score against the source in
556               the * state. The scoring system avoids frequent reselection
557               when multiple sources have a similar root distance. A value
558               larger than 1 indicates this source was better than the *
559               source in recent selections. If the score reaches 10, the best
560               source will be reselected and the scores will be reset to 1.
561
562           Interval
563               This column displays the lower and upper endpoint of the
564               interval which was expected to contain the true offset of the
565               local clock considering the root distance at the time of the
566               selection.
567
568           Leap
569               This column displays the current leap status of the source.
570
571N indicates the normal status (no leap second).
572
573+ indicates that a leap second will be inserted at the end
574                   of the month.
575
576- indicates that a leap second will be deleted at the end
577                   of the month.
578
579? indicates the unknown status (i.e. no valid measurement
580                   was made).
581
582       reselect
583           To avoid excessive switching between sources, chronyd can stay
584           synchronised to a source even when it is not currently the best one
585           among the available sources.
586
587           The reselect command can be used to force chronyd to reselect the
588           best synchronisation source.
589
590       reselectdist distance
591           The reselectdist command sets the reselection distance. It is
592           equivalent to the reselectdist directive in the configuration file.
593
594   NTP sources
595       activity
596           This command reports the number of servers and peers that are
597           online and offline. If the auto_offline option is used in
598           specifying some of the servers or peers, the activity command can
599           be useful for detecting when all of them have entered the offline
600           state after the network link has been disconnected.
601
602           The report shows the number of servers and peers in 5 states:
603
604           online
605               the server or peer is currently online (i.e. assumed by chronyd
606               to be reachable)
607
608           offline
609               the server or peer is currently offline (i.e. assumed by
610               chronyd to be unreachable, and no measurements from it will be
611               attempted.)
612
613           burst_online
614               a burst command has been initiated for the server or peer and
615               is being performed; after the burst is complete, the server or
616               peer will be returned to the online state.
617
618           burst_offline
619               a burst command has been initiated for the server or peer and
620               is being performed; after the burst is complete, the server or
621               peer will be returned to the offline state.
622
623           unresolved
624               the name of the server or peer was not resolved to an address
625               yet; this source is not visible in the sources and sourcestats
626               reports.
627
628       authdata [-a]
629           The authdata command displays information specific to
630           authentication of NTP sources. If the -a option is specified, all
631           sources are displayed, including those that do not have a known
632           address yet. An example of the output is shown below.
633
634               Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
635               =========================================================================
636               foo.example.net              NTS     1   15  256 135m    0    0    8  100
637               bar.example.net               SK    30   13  128    -    0    0    0    0
638               baz.example.net                -     0    0    0    -    0    0    0    0
639
640           The columns are as follows:
641
642           Name/IP address
643               This column shows the name or the IP address of the source.
644
645           Mode
646               This column shows which mechanism authenticates NTP packets
647               received from the source. NTS means Network Time Security, SK
648               means a symmetric key, and - means authentication is disabled.
649
650           KeyID
651               This column shows an identifier of the key used for
652               authentication. With a symmetric key, it is the ID from the key
653               file. With NTS, it is a number starting at zero and incremented
654               by one with each successful key establishment using the NTS-KE
655               protocol, i.e. it shows how many times the key establishment
656               was performed with this source.
657
658           Type
659               This columns shows an identifier of the algorithm used for
660               authentication. With a symmetric key, it is the hash function
661               or cipher specified in the key file. With NTS, it is an
662               authenticated encryption with associated data (AEAD) algorithm,
663               which is negotiated in the NTS-KE protocol. The following
664               values can be reported:
665
666               •   1: MD5
667
668               •   2: SHA1
669
670               •   3: SHA256
671
672               •   4: SHA384
673
674               •   5: SHA512
675
676               •   6: SHA3-224
677
678               •   7: SHA3-256
679
680               •   8: SHA3-384
681
682               •   9: SHA3-512
683
684               •   10: TIGER
685
686               •   11: WHIRLPOOL
687
688               •   13: AES128
689
690               •   14: AES256
691
692               •   15: AEAD-AES-SIV-CMAC-256
693
694           KLen
695               This column shows the length of the key in bits.
696
697           Last
698               This column shows how long ago the last successful key
699               establishment was performed. It is in seconds, or letters m, h,
700               d or y indicate minutes, hours, days, or years.
701
702           Atmp
703               This column shows the number of attempts to perform the key
704               establishment since the last successful key establishment. A
705               number larger than 1 indicates a problem with the network or
706               server.
707
708           NAK
709               This column shows whether an NTS NAK was received since the
710               last request. A NAK indicates that authentication failed on the
711               server side due to chronyd using a cookie which is no longer
712               valid and that it needs to perform the key establishment again
713               in order to get new cookies.
714
715           Cook
716               This column shows the number of NTS cookies that chronyd
717               currently has. If the key establishment was successful, a
718               number smaller than 8 indicates a problem with the network or
719               server.
720
721           CLen
722               This column shows the length in bytes of the NTS cookie which
723               will be used in the next request.
724
725       ntpdata [address]
726           The ntpdata command displays the last valid measurement and other
727           NTP-specific information about the specified NTP source, or all NTP
728           sources (with a known address) if no address was specified. An
729           example of the output is shown below.
730
731               Remote address  : 203.0.113.15 (CB00710F)
732               Remote port     : 123
733               Local address   : 203.0.113.74 (CB00714A)
734               Leap status     : Normal
735               Version         : 4
736               Mode            : Server
737               Stratum         : 1
738               Poll interval   : 10 (1024 seconds)
739               Precision       : -24 (0.000000060 seconds)
740               Root delay      : 0.000015 seconds
741               Root dispersion : 0.000015 seconds
742               Reference ID    : 47505300 (GPS)
743               Reference time  : Fri Nov 25 15:22:12 2016
744               Offset          : -0.000060878 seconds
745               Peer delay      : 0.000175634 seconds
746               Peer dispersion : 0.000000681 seconds
747               Response time   : 0.000053050 seconds
748               Jitter asymmetry: +0.00
749               NTP tests       : 111 111 1111
750               Interleaved     : No
751               Authenticated   : No
752               TX timestamping : Kernel
753               RX timestamping : Kernel
754               Total TX        : 24
755               Total RX        : 24
756               Total valid RX  : 24
757
758           The fields are explained as follows:
759
760           Remote address
761               The IP address of the NTP server or peer, and the corresponding
762               reference ID.
763
764           Remote port
765               The UDP port number to which the request was sent. The standard
766               NTP port is 123.
767
768           Local address
769               The local IP address which received the response, and the
770               corresponding reference ID.
771
772           Leap status, Version, Mode, Stratum, Poll interval, Precision, Root
773           delay, Root dispersion, Reference ID, Reference time
774               The NTP values from the last valid response.
775
776           Offset, Peer delay, Peer dispersion
777               The measured values.
778
779           Response time
780               The time the server or peer spent in processing of the request
781               and waiting before sending the response.
782
783           Jitter asymmetry
784               The estimated asymmetry of network jitter on the path to the
785               source. The asymmetry can be between -0.5 and 0.5. A negative
786               value means the delay of packets sent to the source is more
787               variable than the delay of packets sent from the source back.
788
789           NTP tests
790               Results of RFC 5905 tests 1 through 3, 5 through 7, and tests
791               for maximum delay, delay ratio, delay dev ratio, and
792               synchronisation loop.
793
794           Interleaved
795               This shows if the response was in the interleaved mode.
796
797           Authenticated
798               This shows if the response was authenticated.
799
800           TX timestamping
801               The source of the local transmit timestamp. Valid values are
802               Daemon, Kernel, and Hardware.
803
804           RX timestamping
805               The source of the local receive timestamp.
806
807           Total TX
808               The number of packets sent to the source.
809
810           Total RX
811               The number of all packets received from the source.
812
813           Total valid RX
814               The number of valid packets received from the source.
815
816       add peer name [option]...
817           The add peer command allows a new NTP peer to be added whilst
818           chronyd is running.
819
820           Following the words add peer, the syntax of the following
821           parameters and options is identical to that for the peer directive
822           in the configuration file.
823
824           An example of using this command is shown below.
825
826               add peer foo.example.net minpoll 6 maxpoll 10 key 25
827
828       add pool name [option]...
829           The add pool command allows a pool of NTP servers to be added
830           whilst chronyd is running.
831
832           Following the words add pool, the syntax of the following
833           parameters and options is identical to that for the pool directive
834           in the configuration file.
835
836           An example of using this command is shown below:
837
838               add pool foo.example.net maxsources 3 iburst
839
840       add server name [option]...
841           The add server command allows a new NTP server to be added whilst
842           chronyd is running.
843
844           Following the words add server, the syntax of the following
845           parameters and options is identical to that for the server
846           directive in the configuration file.
847
848           An example of using this command is shown below:
849
850               add server foo.example.net minpoll 6 maxpoll 10 key 25
851
852       delete address
853           The delete command allows an NTP server or peer to be removed from
854           the current set of sources.
855
856       burst good/max [mask/masked-address], burst good/max
857       [masked-address/masked-bits], burst good/max [address]
858           The burst command tells chronyd to make a set of measurements to
859           each of its NTP sources over a short duration (rather than the
860           usual periodic measurements that it makes). After such a burst,
861           chronyd will revert to the previous state for each source. This
862           might be either online, if the source was being periodically
863           measured in the normal way, or offline, if the source had been
864           indicated as being offline. (A source can be switched between the
865           online and offline states with the online and offline commands.)
866
867           The mask and masked-address arguments are optional, in which case
868           chronyd will initiate a burst for all of its currently defined
869           sources.
870
871           The arguments have the following meaning and format:
872
873           good
874               This defines the number of good measurements that chronyd will
875               want to obtain from each source. A measurement is good if it
876               passes certain tests, for example, the round trip time to the
877               source must be acceptable. (This allows chronyd to reject
878               measurements that are likely to be bogus.)
879
880           max
881               This defines the maximum number of measurements that chronyd
882               will attempt to make, even if the required number of good
883               measurements has not been obtained.
884
885           mask
886               This is an IP address with which the IP address of each of
887               chronyd’s sources is to be masked.
888
889           masked-address
890               This is an IP address. If the masked IP address of a source
891               matches this value then the burst command is applied to that
892               source.
893
894           masked-bits
895               This can be used with masked-address for CIDR notation, which
896               is a shorter alternative to the form with mask.
897
898           address
899               This is an IP address or a hostname. The burst command is
900               applied only to that source.
901
902
903
904           If no mask or masked-address arguments are provided, every source
905           will be matched.
906
907           An example of the two-argument form of the command is:
908
909               burst 2/10
910
911           This will cause chronyd to attempt to get two good measurements
912           from each source, stopping after two have been obtained, but in no
913           event will it try more than ten probes to the source.
914
915           Examples of the four-argument form of the command are:
916
917               burst 2/10 255.255.0.0/1.2.0.0
918               burst 2/10 2001:db8:789a::/48
919
920           In the first case, the two out of ten sampling will only be applied
921           to sources whose IPv4 addresses are of the form 1.2.x.y, where x
922           and y are arbitrary. In the second case, the sampling will be
923           applied to sources whose IPv6 addresses have first 48 bits equal to
924           2001:db8:789a.
925
926           Example of the three-argument form of the command is:
927
928               burst 2/10 foo.example.net
929
930       maxdelay address delay
931           This allows the maxdelay option for one of the sources to be
932           modified, in the same way as specifying the maxdelay option for the
933           server directive in the configuration file.
934
935       maxdelaydevratio address ratio
936           This allows the maxdelaydevratio option for one of the sources to
937           be modified, in the same way as specifying the maxdelaydevratio
938           option for the server directive in the configuration file.
939
940       maxdelayratio address ratio
941           This allows the maxdelayratio option for one of the sources to be
942           modified, in the same way as specifying the maxdelayratio option
943           for the server directive in the configuration file.
944
945       maxpoll address maxpoll
946           The maxpoll command is used to modify the maximum polling interval
947           for one of the current set of sources. It is equivalent to the
948           maxpoll option in the server directive in the configuration file.
949
950           Note that the new maximum polling interval only takes effect after
951           the next measurement has been made.
952
953       minpoll address minpoll
954           The minpoll command is used to modify the minimum polling interval
955           for one of the current set of sources. It is equivalent to the
956           minpoll option in the server directive in the configuration file.
957
958           Note that the new minimum polling interval only takes effect after
959           the next measurement has been made.
960
961       minstratum address minstratum
962           The minstratum command is used to modify the minimum stratum for
963           one of the current set of sources. It is equivalent to the
964           minstratum option in the server directive in the configuration
965           file.
966
967       offline [address], offline [masked-address/masked-bits], offline
968       [mask/masked-address]
969           The offline command is used to warn chronyd that the network
970           connection to a particular host or hosts is about to be lost, e.g.
971           on computers with intermittent connection to their time sources.
972
973           Another case where offline could be used is where a computer serves
974           time to a local group of computers, and has a permanent connection
975           to true time servers outside the organisation. However, the
976           external connection is heavily loaded at certain times of the day
977           and the measurements obtained are less reliable at those times. In
978           this case, it is probably most useful to determine the gain or loss
979           rate during the quiet periods and let the whole network coast
980           through the loaded periods. The offline and online commands can be
981           used to achieve this.
982
983           There are four forms of the offline command. The first form is a
984           wildcard, meaning all sources (including sources that do not have a
985           known address yet). The second form allows an IP address mask and a
986           masked address to be specified. The third form uses CIDR notation.
987           The fourth form uses an IP address or a hostname. These forms are
988           illustrated below.
989
990               offline
991               offline 255.255.255.0/1.2.3.0
992               offline 2001:db8:789a::/48
993               offline foo.example.net
994
995           The second form means that the offline command is to be applied to
996           any source whose IPv4 address is in the 1.2.3 subnet. (The host’s
997           address is logically and-ed with the mask, and if the result
998           matches the masked-address the host is processed.) The third form
999           means that the command is to be applied to all sources whose IPv6
1000           addresses have their first 48 bits equal to 2001:db8:789a. The
1001           fourth form means that the command is to be applied only to that
1002           one source.
1003
1004           The wildcard form of the address is equivalent to:
1005
1006               offline 0.0.0.0/0.0.0.0
1007               offline ::/0
1008
1009       online [address], online [masked-address/masked-bits], online
1010       [mask/masked-address]
1011           The online command is opposite in function to the offline command.
1012           It is used to advise chronyd that network connectivity to a
1013           particular source or sources has been restored.
1014
1015           The syntax is identical to that of the offline command.
1016
1017       onoffline
1018           The onoffline command tells chronyd to switch all sources that have
1019           a known address to the online or offline status according to the
1020           current network configuration. A source is considered online if it
1021           is possible to send requests to it, i.e. a network route to the
1022           source is present.
1023
1024       polltarget address polltarget
1025           The polltarget command is used to modify the poll target for one of
1026           the current set of sources. It is equivalent to the polltarget
1027           option in the server directive in the configuration file.
1028
1029       refresh
1030           The refresh command can be used to force chronyd to resolve the
1031           names of configured sources to IP addresses again, e.g. after
1032           suspending and resuming the machine in a different network.
1033
1034           Sources that stop responding will be replaced with newly resolved
1035           addresses automatically after 8 polling intervals, but this command
1036           can still be useful to replace them immediately and not wait until
1037           they are marked as unreachable.
1038
1039       reload sources
1040           The reload sources command causes chronyd to re-read all *.sources
1041           files from the directories specified by the sourcedir directive.
1042
1043       sourcename address
1044           The sourcename command prints the original hostname or address that
1045           was specified for an NTP source in the configuration file, or the
1046           add command. This command is an alternative to the -N option, which
1047           can be useful in scripts.
1048
1049           Note that different NTP sources can share the same name, e.g.
1050           servers from a pool.
1051
1052   Manual time input
1053       manual on, manual off, manual delete index, manual list, manual reset
1054           The manual command enables and disables use of the settime command,
1055           and is used to modify the behaviour of the manual clock driver.
1056
1057           The on form of the command enables use of the settime command.
1058
1059           The off form of the command disables use of the settime command.
1060
1061           The list form of the command lists all the samples currently stored
1062           in chronyd. The output is illustrated below.
1063
1064               210 n_samples = 1
1065               #    Date  Time(UTC)    Slewed   Original   Residual
1066               ====================================================
1067                0 27Jan99 22:09:20       0.00       0.97       0.00
1068
1069           The columns are as as follows:
1070
1071            1. The sample index (used for the manual delete command).
1072
1073            2. The date and time of the sample.
1074
1075            3. The system clock error when the timestamp was entered, adjusted
1076               to allow for changes made to the system clock since.
1077
1078            4. The system clock error when the timestamp was entered, as it
1079               originally was (without allowing for changes to the system
1080               clock since).
1081
1082            5. The regression residual at this point, in seconds. This allows
1083               ‘outliers’ to be easily spotted, so that they can be deleted
1084               using the manual delete command.
1085
1086
1087
1088           The delete form of the command deletes a single sample. The
1089           parameter is the index of the sample, as shown in the first column
1090           of the output from manual list. Following deletion of the data
1091           point, the current error and drift rate are re-estimated from the
1092           remaining data points and the system clock trimmed if necessary.
1093           This option is intended to allow ‘outliers’ to be discarded, i.e.
1094           samples where the administrator realises they have entered a very
1095           poor timestamp.
1096
1097           The reset form of the command deletes all samples at once. The
1098           system clock is left running as it was before the command was
1099           entered.
1100
1101       settime time
1102           The settime command allows the current time to be entered manually,
1103           if this option has been configured into chronyd. (It can be
1104           configured either with the manual directive in the configuration
1105           file, or with the manual command of chronyc.)
1106
1107           It should be noted that the computer’s sense of time will only be
1108           as accurate as the reference you use for providing this input (e.g.
1109           your watch), as well as how well you can time the press of the
1110           return key.
1111
1112           Providing your computer’s time zone is set up properly, you will be
1113           able to enter a local time (rather than UTC).
1114
1115           The response to a successful settime command indicates the amount
1116           that the computer’s clock was wrong. It should be apparent from
1117           this if you have entered the time wrongly, e.g. with the wrong time
1118           zone.
1119
1120           The rate of drift of the system clock is estimated by a regression
1121           process using the entered measurement and all previous measurements
1122           entered during the present run of chronyd. However, the entered
1123           measurement is used for adjusting the current clock offset (rather
1124           than the estimated intercept from the regression, which is
1125           ignored). Contrast what happens with the manual delete command,
1126           where the intercept is used to set the current offset (since there
1127           is no measurement that has just been entered in that case).
1128
1129           The time is parsed by the public domain getdate algorithm.
1130           Consequently, you can only specify time to the nearest second.
1131
1132           Examples of inputs that are valid are shown below:
1133
1134               settime 16:30
1135               settime 16:30:05
1136               settime Nov 21, 2015 16:30:05
1137
1138           For a full description of getdate, see the getdate documentation
1139           (bundled, for example, with the source for GNU tar).
1140
1141   NTP access
1142       accheck address
1143           This command allows you to check whether client NTP access is
1144           allowed from a particular host.
1145
1146           Examples of use, showing a named host and a numeric IP address, are
1147           as follows:
1148
1149               accheck foo.example.net
1150               accheck 1.2.3.4
1151               accheck 2001:db8::1
1152
1153           This command can be used to examine the effect of a series of
1154           allow, allow all, deny, and deny all commands specified either via
1155           chronyc, or in chronyd’s configuration file.
1156
1157       clients [-p packets] [-k] [-r]
1158           This command shows a list of clients that have accessed the server,
1159           through the NTP, command, or NTS-KE port. It does not include
1160           accesses over the Unix domain command socket.
1161
1162           The -p option specifies the minimum number of received NTP or
1163           command packets, or accepted NTS-KE connections, needed to include
1164           a client in the list. The default value is 0, i.e. all clients are
1165           reported. With the -k option the last four columns will show the
1166           NTS-KE accesses instead of command accesses. If the -r option is
1167           specified, chronyd will reset the counters of received and dropped
1168           packets or connections after reporting the current values.
1169
1170           An example of the output is:
1171
1172               Hostname                      NTP   Drop Int IntL Last     Cmd   Drop Int  Last
1173               ===============================================================================
1174               localhost                       2      0   2   -   133      15      0  -1     7
1175               foo.example.net                12      0   6   -    23       0      0   -     -
1176
1177           Each row shows the data for a single host. Only hosts that have
1178           passed the host access checks (set with the allow, deny, cmdallow
1179           and cmddeny commands or configuration file directives) are logged.
1180           The intervals are displayed as a power of 2 in seconds.
1181
1182           The columns are as follows:
1183
1184            1. The hostname of the client.
1185
1186            2. The number of NTP packets received from the client.
1187
1188            3. The number of NTP packets dropped to limit the response rate.
1189
1190            4. The average interval between NTP packets.
1191
1192            5. The average interval between NTP packets after limiting the
1193               response rate.
1194
1195            6. Time since the last NTP packet was received
1196
1197            7. The number of command packets or NTS-KE connections
1198               received/accepted from the client.
1199
1200            8. The number of command packets or NTS-KE connections dropped to
1201               limit the response rate.
1202
1203            9. The average interval between command packets or NTS-KE
1204               connections.
1205
1206            10. Time since the last command packet or NTS-KE connection was
1207               received/accepted.
1208
1209       serverstats
1210           The serverstats command displays how many valid NTP and command
1211           requests, and NTS-KE connections, chronyd operating as a server
1212           received from clients, and how many of them were dropped due to
1213           rate limiting. It also displays how many client log records were
1214           dropped due to the memory limit configured by the clientloglimit
1215           directive and how many of the NTP requests (from those which were
1216           not dropped) were authenticated. An example of the output is shown
1217           below.
1218
1219               NTP packets received       : 1598
1220               NTP packets dropped        : 8
1221               Command packets received   : 19
1222               Command packets dropped    : 0
1223               Client log records dropped : 0
1224               NTS-KE connections accepted: 3
1225               NTS-KE connections dropped : 0
1226               Authenticated NTP packets  : 189
1227
1228       allow [all] [subnet]
1229           The effect of the allow command is identical to the allow directive
1230           in the configuration file.
1231
1232           The syntax is illustrated in the following examples:
1233
1234               allow 1.2.3.4
1235               allow all 3.4.5.0/24
1236               allow 2001:db8:789a::/48
1237               allow 0/0
1238               allow ::/0
1239               allow
1240               allow all
1241
1242       deny [all] [subnet]
1243           The effect of the allow command is identical to the deny directive
1244           in the configuration file.
1245
1246           The syntax is illustrated in the following examples:
1247
1248               deny 1.2.3.4
1249               deny all 3.4.5.0/24
1250               deny 2001:db8:789a::/48
1251               deny 0/0
1252               deny ::/0
1253               deny
1254               deny all
1255
1256       local [option]..., local off
1257           The local command allows chronyd to be told that it is to appear as
1258           a reference source, even if it is not itself properly synchronised
1259           to an external source. (This can be used on isolated networks, to
1260           allow one computer to be a master time server with the other
1261           computers slaving to it.)
1262
1263           The first form enables the local reference mode on the host. The
1264           syntax is identical to the local directive in the configuration
1265           file.
1266
1267           The second form disables the local reference mode.
1268
1269       smoothing
1270           The smoothing command displays the current state of the NTP server
1271           time smoothing, which can be enabled with the smoothtime directive.
1272           An example of the output is shown below.
1273
1274               Active         : Yes
1275               Offset         : +1.000268817 seconds
1276               Frequency      : -0.142859 ppm
1277               Wander         : -0.010000 ppm per second
1278               Last update    : 17.8 seconds ago
1279               Remaining time : 19988.4 seconds
1280
1281           The fields are explained as follows:
1282
1283           Active
1284               This shows if the server time smoothing is currently active.
1285               Possible values are Yes and No. If the leaponly option is
1286               included in the smoothtime directive, (leap second only) will
1287               be shown on the line.
1288
1289           Offset
1290               This is the current offset applied to the time sent to NTP
1291               clients. Positive value means the clients are getting time
1292               that’s ahead of true time.
1293
1294           Frequency
1295               The current frequency offset of the served time. Negative value
1296               means the time observed by clients is running slower than true
1297               time.
1298
1299           Wander
1300               The current frequency wander of the served time. Negative value
1301               means the time observed by clients is slowing down.
1302
1303           Last update
1304               This field shows how long ago the time smoothing process was
1305               updated, e.g. chronyd accumulated a new measurement.
1306
1307           Remaining time
1308               The time it would take for the smoothing process to get to zero
1309               offset and frequency if there were no more updates.
1310
1311       smoothtime activate, smoothtime reset
1312           The smoothtime command can be used to activate or reset the server
1313           time smoothing process if it is configured with the smoothtime
1314           directive.
1315
1316   Monitoring access
1317       cmdaccheck address
1318           This command is similar to the accheck command, except that it is
1319           used to check whether monitoring access is permitted from a named
1320           host.
1321
1322           Examples of use are as follows:
1323
1324               cmdaccheck foo.example.net
1325               cmdaccheck 1.2.3.4
1326               cmdaccheck 2001:db8::1
1327
1328       cmdallow [all] [subnet]
1329           This is similar to the allow command, except that it is used to
1330           allow particular hosts or subnets to use chronyc to monitor with
1331           chronyd on the current host.
1332
1333       cmddeny [all] [subnet]
1334           This is similar to the deny command, except that it is used to
1335           allow particular hosts or subnets to use chronyc to monitor chronyd
1336           on the current host.
1337
1338   Real-time clock (RTC)
1339       rtcdata
1340           The rtcdata command displays the current RTC parameters.
1341
1342           An example output is shown below.
1343
1344               RTC ref time (GMT) : Sat May 30 07:25:56 2015
1345               Number of samples  : 10
1346               Number of runs     : 5
1347               Sample span period :  549
1348               RTC is fast by     :    -1.632736 seconds
1349               RTC gains time at  :  -107.623 ppm
1350
1351           The fields have the following meaning:
1352
1353           RTC ref time (GMT)
1354               This is the RTC reading the last time its error was measured.
1355
1356           Number of samples
1357               This is the number of previous measurements being used to
1358               determine the RTC gain or loss rate.
1359
1360           Number of runs
1361               This is the number of runs of residuals of the same sign
1362               following the regression fit for (RTC error) versus (RTC time).
1363               A value which is small indicates that the measurements are not
1364               well approximated by a linear model, and that the algorithm
1365               will tend to delete the older measurements to improve the fit.
1366
1367           Sample span period
1368               This is the period that the measurements span (from the oldest
1369               to the newest). Without a unit the value is in seconds;
1370               suffixes m for minutes, h for hours, d for days or y for years
1371               can be used.
1372
1373           RTC is fast by
1374               This is the estimate of how many seconds fast the RTC when it
1375               thought the time was at the reference time (above). If this
1376               value is large, you might (or might not) want to use the
1377               trimrtc command to bring the RTC into line with the system
1378               clock. (Note, a large error will not affect chronyd’s
1379               operation, unless it becomes so big as to start causing
1380               rounding errors.)
1381
1382           RTC gains time at
1383               This is the amount of time gained (positive) or lost (negative)
1384               by the real time clock for each second that it ticks. It is
1385               measured in parts per million. So if the value shown was +1,
1386               suppose the RTC was exactly right when it crosses a particular
1387               second boundary. Then it would be 1 microsecond fast when it
1388               crosses its next second boundary.
1389
1390       trimrtc
1391           The trimrtc command is used to correct the system’s real-time clock
1392           (RTC) to the main system clock. It has no effect if the error
1393           between the two clocks is currently estimated at less than a
1394           second.
1395
1396           The command takes no arguments. It performs the following steps (if
1397           the RTC is more than 1 second away from the system clock):
1398
1399            1. Remember the currently estimated gain or loss rate of the RTC
1400               and flush the previous measurements.
1401
1402            2. Step the real-time clock to bring it within a second of the
1403               system clock.
1404
1405            3. Make several measurements to accurately determine the new
1406               offset between the RTC and the system clock (i.e. the remaining
1407               fraction of a second error).
1408
1409            4. Save the RTC parameters to the RTC file (specified with the
1410               rtcfile directive in the configuration file).
1411
1412
1413
1414           The last step is done as a precaution against the computer
1415           suffering a power failure before either the daemon exits or the
1416           writertc command is issued.
1417
1418           chronyd will still work perfectly well both whilst operating and
1419           across machine reboots even if the trimrtc command is never used
1420           (and the RTC is allowed to drift away from true time). The trimrtc
1421           command is provided as a method by which it can be corrected, in a
1422           manner compatible with chronyd using it to maintain accurate time
1423           across machine reboots.
1424
1425           The trimrtc command can be executed automatically by chronyd with
1426           the rtcautotrim directive in the configuration file.
1427
1428       writertc
1429           The writertc command writes the currently estimated error and gain
1430           or loss rate parameters for the RTC to the RTC file (specified with
1431           the rtcfile directive). This information is also written
1432           automatically when chronyd is killed (by the SIGHUP, SIGINT,
1433           SIGQUIT or SIGTERM signals) or when the trimrtc command is issued.
1434
1435   Other daemon commands
1436       cyclelogs
1437           The cyclelogs command causes all of chronyd’s open log files to be
1438           closed and re-opened. This allows them to be renamed so that they
1439           can be periodically purged. An example of how to do this is shown
1440           below.
1441
1442               # mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log
1443               # chronyc cyclelogs
1444               # rm /var/log/chrony/measurements1.log
1445
1446       dump
1447           The dump command causes chronyd to write its current history of
1448           measurements for each of its sources to dump files in the directory
1449           specified in the configuration file by the dumpdir directive and
1450           also write server NTS keys and client NTS cookies to the directory
1451           specified by the ntsdumpdir directive. Note that chronyd does this
1452           automatically when it exits. This command is mainly useful for
1453           inspection whilst chronyd is running.
1454
1455       rekey
1456           The rekey command causes chronyd to re-read the key file specified
1457           in the configuration file by the keyfile directive. It also
1458           re-reads the server NTS keys if ntsdumpdir is specified and
1459           automatic rotation is disabled in the configuration file.
1460
1461       reset sources
1462           The reset sources command causes chronyd to drop all measurements
1463           and switch to the unsynchronised state. This command can help
1464           chronyd with recovery when the measurements are known to be no
1465           longer valid or accurate, e.g. due to moving the computer to a
1466           different network, or resuming the computer from a low-power state
1467           (which resets the system clock). chronyd will drop the measurements
1468           automatically when it detects the clock has made an unexpected
1469           jump, but the detection is not completely reliable.
1470
1471       shutdown
1472           The shutdown command causes chronyd to exit. This is equivalent to
1473           sending the process the SIGTERM signal.
1474
1475   Client commands
1476       dns option
1477           The dns command configures how hostnames and IP addresses are
1478           resolved in chronyc. IP addresses can be resolved to hostnames when
1479           printing results of sources, sourcestats, tracking and clients
1480           commands. Hostnames are resolved in commands that take an address
1481           as argument.
1482
1483           There are five options:
1484
1485           dns -n
1486               Disables resolving IP addresses to hostnames. Raw IP addresses
1487               will be displayed.
1488
1489           dns +n
1490               Enables resolving IP addresses to hostnames. This is the
1491               default unless chronyc was started with -n option.
1492
1493           dns -4
1494               Resolves hostnames only to IPv4 addresses.
1495
1496           dns -6
1497               Resolves hostnames only to IPv6 addresses.
1498
1499           dns -46
1500               Resolves hostnames to both address families. This is the
1501               default behaviour unless chronyc was started with the -4 or -6
1502               option.
1503
1504       timeout timeout
1505           The timeout command sets the initial timeout for chronyc requests
1506           in milliseconds. If no response is received from chronyd, the
1507           timeout is doubled and the request is resent. The maximum number of
1508           retries is configured with the retries command.
1509
1510           By default, the timeout is 1000 milliseconds.
1511
1512       retries retries
1513           The retries command sets the maximum number of retries for chronyc
1514           requests before giving up. The response timeout is controlled by
1515           the timeout command.
1516
1517           The default is 2.
1518
1519       keygen [id [type [bits]]]
1520           The keygen command generates a key that can be added to the key
1521           file (specified with the keyfile directive) to allow NTP
1522           authentication between server and client, or peers. The key is
1523           generated from the /dev/urandom device and it is printed to
1524           standard output.
1525
1526           The command has three optional arguments. The first argument is the
1527           key number (by default 1), which will be specified with the key
1528           option of the server or peer directives in the configuration file.
1529           The second argument is the name of the hash function or cipher (by
1530           default SHA1, or MD5 if SHA1 is not available). The third argument
1531           is the length of the key in bits if a hash function was selected,
1532           between 80 and 4096 bits (by default 160 bits).
1533
1534           An example is:
1535
1536               keygen 73 SHA1 256
1537
1538           which generates a 256-bit SHA1 key with number 73. The printed line
1539           should then be securely transferred and added to the key files on
1540           both server and client, or peers. A different key should be
1541           generated for each client or peer.
1542
1543           An example using the AES128 cipher is:
1544
1545               keygen 151 AES128
1546
1547       exit, quit
1548           The exit and quit commands exit from chronyc and return the user to
1549           the shell.
1550
1551       help
1552           The help command displays a summary of the commands and their
1553           arguments.
1554

SEE ALSO

1556       chrony.conf(5), chronyd(8)
1557

BUGS

1559       For instructions on how to report bugs, please visit
1560       https://chrony.tuxfamily.org/.
1561

AUTHORS

1563       chrony was written by Richard Curnow, Miroslav Lichvar, and others.
1564
1565
1566
1567chrony 4.1                        2021-05-12                        CHRONYC(1)
Impressum