1CHRONYC(1) User manual CHRONYC(1)
2
6 chronyc - command-line interface for chrony daemon
7
9 chronyc [OPTION]... [COMMAND]...
10
12 chronyc is a command-line interface program which can be used to
13 monitor chronyd's performance and to change various operating
14 parameters whilst it is running.
15 If no commands are specified on the command line, chronyc will expect
17 input from the user. The prompt chronyc> will be displayed when it is
18 being run from a terminal. If chronyc's input or output are redirected
19 from or to a file, the prompt will not be shown.
20 There are two ways chronyc can access chronyd. One is the Internet
22 Protocol (IPv4 or IPv6) and the other is a Unix domain socket, which is
23 accessible locally by the root or chrony user. By default, chronyc
24 first tries to connect to the Unix domain socket. The compiled-in
25 default path is /run/chrony/chronyd.sock. If that fails (e.g. because
26 chronyc is running under a non-root user), it will try to connect to
27 127.0.0.1 and then ::1.
28 Only the following monitoring commands, which do not affect the
30 behaviour of chronyd, are allowed from the network: activity, manual
31 list, rtcdata, smoothing, sourcename, sources, sourcestats, tracking,
32 waitsync. The set of hosts from which chronyd will accept these
33 commands can be configured with the cmdallow directive in the chronyd's
34 configuration file or the cmdallow command in chronyc. By default, the
35 commands are accepted only from localhost (127.0.0.1 or ::1).
36 All other commands are allowed only through the Unix domain socket.
38 When sent over the network, chronyd will respond with a ‘Not
39 authorised’ error, even if it is from localhost.
40 Having full access to chronyd via chronyc is more or less equivalent to
42 being able to modify the chronyd's configuration file and restart it.
43
45 -4
46 With this option hostnames will be resolved only to IPv4 addresses.
47 -6
49 With this option hostnames will be resolved only to IPv6 addresses.
50 -n
52 This option disables resolving of IP addresses to hostnames, e.g.
53 to avoid slow DNS lookups. Long addresses will not be truncated to
54 fit into the column.
55 -N
57 This option enables printing of original hostnames or IP addresses
58 of NTP sources that were specified in the configuration file, or
59 chronyc commands. Without the -n and -N option, the printed
60 hostnames are obtained from reverse DNS lookups and can be
61 different from the specified hostnames.
62 -c
64 This option enables printing of reports in a comma-separated values
65 (CSV) format. Reverse DNS lookups will be disabled, time will be
66 printed as number of seconds since the epoch, and values in seconds
67 will not be converted to other units.
68 -d
70 This option enables printing of debugging messages if chronyc was
71 compiled with debugging support.
72 -m
74 Normally, all arguments on the command line are interpreted as one
75 command. With this option multiple commands can be specified. Each
76 argument will be interpreted as a whole command.
77 -h host
79 This option specifies the host to be contacted by chronyc. It can
80 be specified with a hostname, IP address, or path to the local Unix
81 domain socket. Multiple values can be specified as a
82 comma-separated list to provide a fallback.
83 The default value is /run/chrony/chronyd.sock,127.0.0.1,::1, i.e.
85 the host where chronyc is being run. First, it tries to connect to
86 the Unix domain socket and if that fails (e.g. due to running under
87 a non-root user), it will try to connect to 127.0.0.1 and then ::1.
88 -p port
90 This option allows the user to specify the UDP port number which
91 the target chronyd is using for its monitoring connections. This
92 defaults to 323; there would rarely be a need to change this.
93 -f file
95 This option is ignored and is provided only for compatibility.
96 -a
98 This option is ignored and is provided only for compatibility.
99 -v, --version
101 With this option chronyc displays its version number on the
102 terminal and exits.
103 --help
105 With this option chronyc displays a help message on the terminal
106 and exits.
107
109 This section describes each of the commands available within the
110 chronyc program.
111 System clock
113 tracking
114 The tracking command displays parameters about the system’s clock
115 performance. An example of the output is shown below.
116 Reference ID : CB00710F (foo.example.net)
118 Stratum : 3
119 Ref time (UTC) : Fri Jan 27 09:49:17 2017
120 System time : 0.000006523 seconds slow of NTP time
121 Last offset : -0.000006747 seconds
122 RMS offset : 0.000035822 seconds
123 Frequency : 3.225 ppm slow
124 Residual freq : -0.000 ppm
125 Skew : 0.129 ppm
126 Root delay : 0.013639022 seconds
127 Root dispersion : 0.001100737 seconds
128 Update interval : 64.2 seconds
129 Leap status : Normal
130 The fields are explained as follows:
132 Reference ID
134 This is the reference ID and name (or IP address) of the server
135 to which the computer is currently synchronised. For IPv4
136 addresses, the reference ID is equal to the address and for
137 IPv6 addresses it is the first 32 bits of the MD5 sum of the
138 address.
139 If the reference ID is 7F7F0101 and there is no name or IP
141 address, it means the computer is not synchronised to any
142 external source and that you have the local mode operating (via
143 the local command in chronyc, or the local directive in the
144 configuration file).
145 The reference ID is printed as a hexadecimal number. Note that
147 in older versions it used to be printed in quad-dotted notation
148 and could be confused with an IPv4 address.
149 Stratum
151 The stratum indicates how many hops away from a computer with
152 an attached reference clock we are. Such a computer is a
153 stratum-1 computer, so the computer in the example is two hops
154 away (i.e. foo.example.net is a stratum-2 and is synchronised
155 from a stratum-1).
156 Ref time
158 This is the time (UTC) at which the last measurement from the
159 reference source was processed.
160 System time
162 This is the current offset between the NTP clock and system
163 clock. The NTP clock is a software (virtual) clock maintained
164 by chronyd, which is synchronised to the configured time
165 sources and provides time to NTP clients. The system clock is
166 synchronised to the NTP clock. To avoid steps in the system
167 time, which might have adverse consequences for certain
168 applications, the system clock is normally corrected only by
169 speeding up or slowing down (up to the rate configured by the
170 maxslewrate directive). If the offset is too large, this
171 correction will take a very long time. A step can be forced by
172 the makestep command, or the makestep directive in the
173 configuration file.
174 Note that all other offsets reported by chronyc and most
176 offsets in the log files are relative to the NTP clock, not the
177 system clock.
178 Last offset
180 This is the estimated local offset on the last clock update. A
181 positive value indicates the local time (as previously
182 estimated true time) was ahead of the time sources.
183 RMS offset
185 This is a long-term average of the offset value.
186 Frequency
188 The ‘frequency’ is the rate by which the system’s clock would
189 be wrong if chronyd was not correcting it. It is expressed in
190 ppm (parts per million). For example, a value of 1 ppm would
191 mean that when the system’s clock thinks it has advanced 1
192 second, it has actually advanced by 1.000001 seconds relative
193 to true time.
194 Residual freq
196 This shows the ‘residual frequency’ for the currently selected
197 reference source. This reflects any difference between what the
198 measurements from the reference source indicate the frequency
199 should be and the frequency currently being used.
200 The reason this is not always zero is that a smoothing
202 procedure is applied to the frequency. Each time a measurement
203 from the reference source is obtained and a new residual
204 frequency computed, the estimated accuracy of this residual is
205 compared with the estimated accuracy (see ‘skew’ next) of the
206 existing frequency value. A weighted average is computed for
207 the new frequency, with weights depending on these accuracies.
208 If the measurements from the reference source follow a
209 consistent trend, the residual will be driven to zero over
210 time.
211 Skew
213 This is the estimated error bound on the frequency.
214 Root delay
216 This is the total of the network path delays to the stratum-1
217 computer from which the computer is ultimately synchronised.
218 Root dispersion
220 This is the total dispersion accumulated through all the
221 computers back to the stratum-1 computer from which the
222 computer is ultimately synchronised. Dispersion is due to
223 system clock resolution, statistical measurement variations,
224 etc.
225 An absolute bound on the computer’s clock accuracy (assuming
227 the stratum-1 computer is correct) is given by:
228 clock_error <= |system_time_offset| + root_dispersion + (0.5 * root_delay)
230 Update interval
232 This is the interval between the last two clock updates.
233 Leap status
235 This is the leap status, which can be Normal, Insert second,
236 Delete second or Not synchronised.
237 makestep, makestep threshold limit
239 Normally chronyd will cause the system to gradually correct any
240 time offset, by slowing down or speeding up the clock as required.
241 In certain situations, the system clock might be so far adrift that
242 this slewing process would take a very long time to correct the
243 system clock.
244 The makestep command can be used in this situation. There are two
246 forms of the command. The first form has no parameters. It tells
247 chronyd to cancel any remaining correction that was being slewed
248 and jump the system clock by the equivalent amount, making it
249 correct immediately.
250 The second form configures the automatic stepping, similarly to the
252 makestep directive. It has two parameters, stepping threshold (in
253 seconds) and number of future clock updates for which the threshold
254 will be active. This can be used with the burst command to quickly
255 make a new measurement and correct the clock by stepping if needed,
256 without waiting for chronyd to complete the measurement and update
257 the clock.
258 makestep 0.1 1
260 burst 1/2
261 BE WARNED: Certain software will be seriously affected by such
263 jumps in the system time. (That is the reason why chronyd uses
264 slewing normally.)
265 maxupdateskew skew-in-ppm
267 This command has the same effect as the maxupdateskew directive in
268 the configuration file.
269 waitsync [max-tries [max-correction [max-skew [interval]]]]
271 The waitsync command waits for chronyd to synchronise.
272 Up to four optional arguments can be specified. The first is the
274 maximum number of tries before giving up and returning a non-zero
275 error code. When 0 is specified, or there are no arguments, the
276 number of tries will not be limited.
277 The second and third arguments are the maximum allowed remaining
279 correction of the system clock and the maximum allowed skew (in
280 ppm) as reported by the tracking command in the System time and
281 Skew fields. If not specified or zero, the value will not be
282 checked.
283 The fourth argument is the interval specified in seconds in which
285 the check is repeated. The interval is 10 seconds by default.
286 An example is:
288 waitsync 60 0.01
290 which will wait up to about 10 minutes (60 times 10 seconds) for
292 chronyd to synchronise to a source and the remaining correction to
293 be less than 10 milliseconds.
294 Time sources
296 sources [-a] [-v]
297 This command displays information about the current time sources
298 that chronyd is accessing.
299 If the -a option is specified, all sources are displayed, including
301 those that do not have a known address yet. Such sources have an
302 identifier in the format ID#XXXXXXXXXX, which can be used in other
303 commands expecting a source address.
304 The -v option enables a verbose output. In this case, extra caption
306 lines are shown as a reminder of the meanings of the columns.
307 MS Name/IP address Stratum Poll Reach LastRx Last sample
309 ===============================================================================
310 #* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns
311 ^? foo.example.net 2 6 377 23 -923us[ -924us] +/- 43ms
312 ^+ bar.example.net 1 6 377 21 -2629us[-2619us] +/- 86ms
313 The columns are as follows:
315 M
317 This indicates the mode of the source. ^ means a server, =
318 means a peer and # indicates a locally connected reference
319 clock.
320 S
322 This column indicates the selection state of the source.
323 • * indicates the best source which is currently selected for
325 synchronisation.
326 • + indicates other sources selected for synchronisation,
328 which are combined with the best source.
329 • - indicates a source which is considered to be selectable
331 for synchronisation, but not currently selected.
332 • x indicates a source which chronyd thinks is a falseticker
334 (i.e. its time is inconsistent with a majority of other
335 sources, or sources specified with the trust option).
336 • ~ indicates a source whose time appears to have too much
338 variability.
339 • ? indicates a source which is not considered to be
341 selectable for synchronisation for other reasons (e.g.
342 unreachable, not synchronised, or does not have enough
343 measurements).
344 The selectdata command can be used to get more details about
347 the selection state.
348 Name/IP address
350 This shows the name or the IP address of the source, or
351 reference ID for reference clocks.
352 Stratum
354 This shows the stratum of the source, as reported in its most
355 recently received sample. Stratum 1 indicates a computer with a
356 locally attached reference clock. A computer that is
357 synchronised to a stratum 1 computer is at stratum 2. A
358 computer that is synchronised to a stratum 2 computer is at
359 stratum 3, and so on.
360 Poll
362 This shows the rate at which the source is being polled, as a
363 base-2 logarithm of the interval in seconds. Thus, a value of 6
364 would indicate that a measurement is being made every 64
365 seconds. chronyd automatically varies the polling rate in
366 response to prevailing conditions.
367 Reach
369 This shows the source’s reachability register printed as an
370 octal number. The register has 8 bits and is updated on every
371 received or missed packet from the source. A value of 377
372 indicates that a valid reply was received for all from the last
373 eight transmissions.
374 LastRx
376 This column shows how long ago the last good sample (which is
377 shown in the next column) was received from the source.
378 Measurements that failed some tests are ignored. This is
379 normally in seconds. The letters m, h, d or y indicate minutes,
380 hours, days, or years.
381 Last sample
383 This column shows the offset between the local clock and the
384 source at the last measurement. The number in the square
385 brackets shows the actual measured offset. This can be suffixed
386 by ns (indicating nanoseconds), us (indicating microseconds),
387 ms (indicating milliseconds), or s (indicating seconds). The
388 number to the left of the square brackets shows the original
389 measurement, adjusted to allow for any slews applied to the
390 local clock since. The number following the +/- indicator shows
391 the margin of error in the measurement. Positive offsets
392 indicate that the local clock is ahead of the source.
393 sourcestats [-a] [-v]
395 The sourcestats command displays information about the drift rate
396 and offset estimation process for each of the sources currently
397 being examined by chronyd.
398 If the -a option is specified, all sources are displayed, including
400 those that do not have a known address yet. Such sources have an
401 identifier in the format ID#XXXXXXXXXX, which can be used in other
402 commands expecting a source address.
403 The -v option enables a verbose output. In this case, extra caption
405 lines are shown as a reminder of the meanings of the columns.
406 An example report is:
408 Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
410 ===============================================================================
411 foo.example.net 11 5 46m -0.001 0.045 1us 25us
412 The columns are as follows:
414 Name/IP Address
416 This is the name or IP address of the NTP server (or peer) or
417 reference ID of the reference clock to which the rest of the
418 line relates.
419 NP
421 This is the number of sample points currently being retained
422 for the server. The drift rate and current offset are estimated
423 by performing a linear regression through these points.
424 NR
426 This is the number of runs of residuals having the same sign
427 following the last regression. If this number starts to become
428 too small relative to the number of samples, it indicates that
429 a straight line is no longer a good fit to the data. If the
430 number of runs is too low, chronyd discards older samples and
431 re-runs the regression until the number of runs becomes
432 acceptable.
433 Span
435 This is the interval between the oldest and newest samples. If
436 no unit is shown the value is in seconds. In the example, the
437 interval is 46 minutes.
438 Frequency
440 This is the estimated residual frequency for the server, in
441 parts per million. In this case, the computer’s clock is
442 estimated to be running 1 part in 10^9 slow relative to the
443 server.
444 Freq Skew
446 This is the estimated error bounds on Freq (again in parts per
447 million).
448 Offset
450 This is the estimated offset of the source.
451 Std Dev
453 This is the estimated sample standard deviation.
454 selectdata [-a] [-v]
456 The selectdata command displays information specific to the
457 selection of time sources. If the -a option is specified, all
458 sources are displayed, including those that do not have a known
459 address yet. With the -v option, extra caption lines are shown as a
460 reminder of the meanings of the columns.
461 An example of the output is shown below.
463 S Name/IP Address Auth COpts EOpts Last Score Interval Leap
465 =======================================================================
466 D foo.example.net Y ----- --TR- 4 1.0 -61ms +62ms N
467 * bar.example.net N ----- ----- 0 1.0 -6846us +7305us N
468 + baz.example.net N ----- ----- 10 1.0 -7381us +7355us N
469 The columns are as follows:
471 S
473 This column indicates the state of the source after the last
474 source selection. It is similar to the state reported by the
475 sources command, but more states are reported.
476 The following states indicate the source is not considered
479 selectable for synchronisation:
480 • N - has the noselect option.
482 • s - is not synchronised.
484 • M - does not have enough measurements.
486 • d - has a root distance larger than the maximum distance
488 (configured by the maxdistance directive).
489 • ~ - has a jitter larger than the maximum jitter (configured
491 by the maxjitter directive).
492 • w - waits for other sources to get out of the M state.
494 • S - has older measurements than other sources.
496 • O - has a stratum equal or larger than the orphan stratum
498 (configured by the local directive).
499 • T - does not fully agree with sources that have the trust
501 option.
502 • x - does not agree with other sources (falseticker).
504 The following states indicate the source is considered
507 selectable, but it is not currently used for synchronisation:
508 • W - waits for other sources to be selectable (required by
510 the minsources directive, or the require option of another
511 source).
512 • P - another selectable source is preferred due to the
514 prefer option.
515 • U - waits for a new measurement (after selecting a
517 different best source).
518 • D - has, or recently had, a root distance which is too
520 large to be combined with other sources (configured by the
521 combinelimit directive).
522 The following states indicate the source is used for
525 synchronisation of the local clock:
526 • + - combined with the best source.
528 • * - selected as the best source to update the reference
530 data (e.g. root delay, root dispersion).
531 Name/IP address
533 This column shows the name or IP address of the source if it is
534 an NTP server, or the reference ID if it is a reference clock.
535 Auth
537 This column indicites whether an authentication mechanism is
538 enabled for the source. Y means yes and N means no.
539 COpts
541 This column displays the configured selection options of the
542 source.
543 • N indicates the noselect option.
545 • P indicates the prefer option.
547 • T indicates the trust option.
549 • R indicates the require option.
551 EOpts
553 This column displays the current effective selection options of
554 the source, which can be different from the configured options
555 due to the authentication selection mode (configured by the
556 authselmode directive). The symbols are the same as in the
557 COpts column.
558 Last
560 This column displays how long ago was the last measurement of
561 the source made when the selection was performed.
562 Score
564 This column displays the current score against the source in
565 the * state. The scoring system avoids frequent reselection
566 when multiple sources have a similar root distance. A value
567 larger than 1 indicates this source was better than the *
568 source in recent selections. If the score reaches 10, the best
569 source will be reselected and the scores will be reset to 1.
570 Interval
572 This column displays the lower and upper endpoint of the
573 interval which was expected to contain the true offset of the
574 local clock considering the root distance at the time of the
575 selection.
576 Leap
578 This column displays the current leap status of the source.
579 • N indicates the normal status (no leap second).
581 • + indicates that a leap second will be inserted at the end
583 of the month.
584 • - indicates that a leap second will be deleted at the end
586 of the month.
587 • ? indicates the unknown status (i.e. no valid measurement
589 was made).
590 reselect
592 To avoid excessive switching between sources, chronyd can stay
593 synchronised to a source even when it is not currently the best one
594 among the available sources.
595 The reselect command can be used to force chronyd to reselect the
597 best synchronisation source.
598 reselectdist distance
600 The reselectdist command sets the reselection distance. It is
601 equivalent to the reselectdist directive in the configuration file.
602 NTP sources
604 activity
605 This command reports the number of servers and peers that are
606 online and offline. If the auto_offline option is used in
607 specifying some of the servers or peers, the activity command can
608 be useful for detecting when all of them have entered the offline
609 state after the network link has been disconnected.
610 The report shows the number of servers and peers in 5 states:
612 online
614 the server or peer is currently online (i.e. assumed by chronyd
615 to be reachable)
616 offline
618 the server or peer is currently offline (i.e. assumed by
619 chronyd to be unreachable, and no measurements from it will be
620 attempted.)
621 burst_online
623 a burst command has been initiated for the server or peer and
624 is being performed; after the burst is complete, the server or
625 peer will be returned to the online state.
626 burst_offline
628 a burst command has been initiated for the server or peer and
629 is being performed; after the burst is complete, the server or
630 peer will be returned to the offline state.
631 unresolved
633 the name of the server or peer was not resolved to an address
634 yet; this source is not visible in the sources and sourcestats
635 reports.
636 authdata [-a]
638 The authdata command displays information specific to
639 authentication of NTP sources. If the -a option is specified, all
640 sources are displayed, including those that do not have a known
641 address yet. An example of the output is shown below.
642 Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
644 =========================================================================
645 foo.example.net NTS 1 15 256 135m 0 0 8 100
646 bar.example.net SK 30 13 128 - 0 0 0 0
647 baz.example.net - 0 0 0 - 0 0 0 0
648 The columns are as follows:
650 Name/IP address
652 This column shows the name or the IP address of the source.
653 Mode
655 This column shows which mechanism authenticates NTP packets
656 received from the source. NTS means Network Time Security, SK
657 means a symmetric key, and - means authentication is disabled.
658 KeyID
660 This column shows an identifier of the key used for
661 authentication. With a symmetric key, it is the ID from the key
662 file. With NTS, it is a number starting at zero and incremented
663 by one with each successful key establishment using the NTS-KE
664 protocol, i.e. it shows how many times the key establishment
665 was performed with this source.
666 Type
668 This columns shows an identifier of the algorithm used for
669 authentication. With a symmetric key, it is the hash function
670 or cipher specified in the key file. With NTS, it is an
671 authenticated encryption with associated data (AEAD) algorithm,
672 which is negotiated in the NTS-KE protocol. The following
673 values can be reported:
674 • 1: MD5
676 • 2: SHA1
678 • 3: SHA256
680 • 4: SHA384
682 • 5: SHA512
684 • 6: SHA3-224
686 • 7: SHA3-256
688 • 8: SHA3-384
690 • 9: SHA3-512
692 • 10: TIGER
694 • 11: WHIRLPOOL
696 • 13: AES128
698 • 14: AES256
700 • 15: AEAD-AES-SIV-CMAC-256
702 KLen
704 This column shows the length of the key in bits.
705 Last
707 This column shows how long ago the last successful key
708 establishment was performed. It is in seconds, or letters m, h,
709 d or y indicate minutes, hours, days, or years.
710 Atmp
712 This column shows the number of attempts to perform the key
713 establishment since the last successful key establishment. A
714 number larger than 1 indicates a problem with the network or
715 server.
716 NAK
718 This column shows whether an NTS NAK was received since the
719 last request. A NAK indicates that authentication failed on the
720 server side due to chronyd using a cookie which is no longer
721 valid and that it needs to perform the key establishment again
722 in order to get new cookies.
723 Cook
725 This column shows the number of NTS cookies that chronyd
726 currently has. If the key establishment was successful, a
727 number smaller than 8 indicates a problem with the network or
728 server.
729 CLen
731 This column shows the length in bytes of the NTS cookie which
732 will be used in the next request.
733 ntpdata [address]
735 The ntpdata command displays the last valid measurement and other
736 NTP-specific information about the specified NTP source, or all NTP
737 sources (with a known address) if no address was specified. An
738 example of the output is shown below.
739 Remote address : 203.0.113.15 (CB00710F)
741 Remote port : 123
742 Local address : 203.0.113.74 (CB00714A)
743 Leap status : Normal
744 Version : 4
745 Mode : Server
746 Stratum : 1
747 Poll interval : 10 (1024 seconds)
748 Precision : -24 (0.000000060 seconds)
749 Root delay : 0.000015 seconds
750 Root dispersion : 0.000015 seconds
751 Reference ID : 47505300 (GPS)
752 Reference time : Fri Nov 25 15:22:12 2016
753 Offset : -0.000060878 seconds
754 Peer delay : 0.000175634 seconds
755 Peer dispersion : 0.000000681 seconds
756 Response time : 0.000053050 seconds
757 Jitter asymmetry: +0.00
758 NTP tests : 111 111 1111
759 Interleaved : No
760 Authenticated : No
761 TX timestamping : Kernel
762 RX timestamping : Kernel
763 Total TX : 24
764 Total RX : 24
765 Total valid RX : 24
766 Total good RX : 22
767 The fields are explained as follows:
769 Remote address
771 The IP address of the NTP server or peer, and the corresponding
772 reference ID.
773 Remote port
775 The UDP port number to which the request was sent. The standard
776 NTP port is 123.
777 Local address
779 The local IP address which received the response, and the
780 corresponding reference ID.
781 Leap status, Version, Mode, Stratum, Poll interval, Precision, Root
783 delay, Root dispersion, Reference ID, Reference time
784 The NTP values from the last valid response.
785 Offset, Peer delay, Peer dispersion
787 The measured values.
788 Response time
790 The time the server or peer spent in processing of the request
791 and waiting before sending the response.
792 Jitter asymmetry
794 The estimated asymmetry of network jitter on the path to the
795 source. The asymmetry can be between -0.5 and 0.5. A negative
796 value means the delay of packets sent to the source is more
797 variable than the delay of packets sent from the source back.
798 NTP tests
800 Results of RFC 5905 tests 1 through 3, 5 through 7, and tests
801 for maximum delay, delay ratio, delay dev ratio (or delay
802 quantile), and synchronisation loop.
803 Interleaved
805 This shows if the response was in the interleaved mode.
806 Authenticated
808 This shows if the response was authenticated.
809 TX timestamping
811 The source of the local transmit timestamp. Valid values are
812 Daemon, Kernel, and Hardware.
813 RX timestamping
815 The source of the local receive timestamp.
816 Total TX
818 The number of packets sent to the source.
819 Total RX
821 The number of all packets received from the source.
822 Total valid RX
824 The number of packets which passed the first two groups of NTP
825 tests.
826 Total good RX
828 The number of packets which passed all three groups of NTP
829 tests, i.e. the NTP measurement was accepted.
830 add peer name [option]...
832 The add peer command allows a new NTP peer to be added whilst
833 chronyd is running.
834 Following the words add peer, the syntax of the following
836 parameters and options is identical to that for the peer directive
837 in the configuration file.
838 An example of using this command is shown below.
840 add peer foo.example.net minpoll 6 maxpoll 10 key 25
842 add pool name [option]...
844 The add pool command allows a pool of NTP servers to be added
845 whilst chronyd is running.
846 Following the words add pool, the syntax of the following
848 parameters and options is identical to that for the pool directive
849 in the configuration file.
850 An example of using this command is shown below:
852 add pool foo.example.net maxsources 3 iburst
854 add server name [option]...
856 The add server command allows a new NTP server to be added whilst
857 chronyd is running.
858 Following the words add server, the syntax of the following
860 parameters and options is identical to that for the server
861 directive in the configuration file.
862 An example of using this command is shown below:
864 add server foo.example.net minpoll 6 maxpoll 10 key 25
866 delete address
868 The delete command allows an NTP server or peer to be removed from
869 the current set of sources.
870 burst good/max [mask/masked-address], burst good/max
872 [masked-address/masked-bits], burst good/max [address]
873 The burst command tells chronyd to make a set of measurements to
874 each of its NTP sources over a short duration (rather than the
875 usual periodic measurements that it makes). After such a burst,
876 chronyd will revert to the previous state for each source. This
877 might be either online, if the source was being periodically
878 measured in the normal way, or offline, if the source had been
879 indicated as being offline. (A source can be switched between the
880 online and offline states with the online and offline commands.)
881 The mask and masked-address arguments are optional, in which case
883 chronyd will initiate a burst for all of its currently defined
884 sources.
885 The arguments have the following meaning and format:
887 good
889 This defines the number of good measurements that chronyd will
890 want to obtain from each source. A measurement is good if it
891 passes certain tests, for example, the round trip time to the
892 source must be acceptable. (This allows chronyd to reject
893 measurements that are likely to be bogus.)
894 max
896 This defines the maximum number of measurements that chronyd
897 will attempt to make, even if the required number of good
898 measurements has not been obtained.
899 mask
901 This is an IP address with which the IP address of each of
902 chronyd's sources is to be masked.
903 masked-address
905 This is an IP address. If the masked IP address of a source
906 matches this value then the burst command is applied to that
907 source.
908 masked-bits
910 This can be used with masked-address for CIDR notation, which
911 is a shorter alternative to the form with mask.
912 address
914 This is an IP address or a hostname. The burst command is
915 applied only to that source.
916 If no mask or masked-address arguments are provided, every source
920 will be matched.
921 An example of the two-argument form of the command is:
923 burst 2/10
925 This will cause chronyd to attempt to get two good measurements
927 from each source, stopping after two have been obtained, but in no
928 event will it try more than ten probes to the source.
929 Examples of the four-argument form of the command are:
931 burst 2/10 255.255.0.0/1.2.0.0
933 burst 2/10 2001:db8:789a::/48
934 In the first case, the two out of ten sampling will only be applied
936 to sources whose IPv4 addresses are of the form 1.2.x.y, where x
937 and y are arbitrary. In the second case, the sampling will be
938 applied to sources whose IPv6 addresses have first 48 bits equal to
939 2001:db8:789a.
940 Example of the three-argument form of the command is:
942 burst 2/10 foo.example.net
944 maxdelay address delay
946 This allows the maxdelay option for one of the sources to be
947 modified, in the same way as specifying the maxdelay option for the
948 server directive in the configuration file.
949 maxdelaydevratio address ratio
951 This allows the maxdelaydevratio option for one of the sources to
952 be modified, in the same way as specifying the maxdelaydevratio
953 option for the server directive in the configuration file.
954 maxdelayratio address ratio
956 This allows the maxdelayratio option for one of the sources to be
957 modified, in the same way as specifying the maxdelayratio option
958 for the server directive in the configuration file.
959 maxpoll address maxpoll
961 The maxpoll command is used to modify the maximum polling interval
962 for one of the current set of sources. It is equivalent to the
963 maxpoll option in the server directive in the configuration file.
964 Note that the new maximum polling interval only takes effect after
966 the next measurement has been made.
967 minpoll address minpoll
969 The minpoll command is used to modify the minimum polling interval
970 for one of the current set of sources. It is equivalent to the
971 minpoll option in the server directive in the configuration file.
972 Note that the new minimum polling interval only takes effect after
974 the next measurement has been made.
975 minstratum address minstratum
977 The minstratum command is used to modify the minimum stratum for
978 one of the current set of sources. It is equivalent to the
979 minstratum option in the server directive in the configuration
980 file.
981 offline [address], offline [masked-address/masked-bits], offline
983 [mask/masked-address]
984 The offline command is used to warn chronyd that the network
985 connection to a particular host or hosts is about to be lost, e.g.
986 on computers with intermittent connection to their time sources.
987 Another case where offline could be used is where a computer serves
989 time to a local group of computers, and has a permanent connection
990 to true time servers outside the organisation. However, the
991 external connection is heavily loaded at certain times of the day
992 and the measurements obtained are less reliable at those times. In
993 this case, it is probably most useful to determine the gain or loss
994 rate during the quiet periods and let the whole network coast
995 through the loaded periods. The offline and online commands can be
996 used to achieve this.
997 There are four forms of the offline command. The first form is a
999 wildcard, meaning all sources (including sources that do not have a
1000 known address yet). The second form allows an IP address mask and a
1001 masked address to be specified. The third form uses CIDR notation.
1002 The fourth form uses an IP address or a hostname. These forms are
1003 illustrated below.
1004 offline
1006 offline 255.255.255.0/1.2.3.0
1007 offline 2001:db8:789a::/48
1008 offline foo.example.net
1009 The second form means that the offline command is to be applied to
1011 any source whose IPv4 address is in the 1.2.3 subnet. (The host’s
1012 address is logically and-ed with the mask, and if the result
1013 matches the masked-address the host is processed.) The third form
1014 means that the command is to be applied to all sources whose IPv6
1015 addresses have their first 48 bits equal to 2001:db8:789a. The
1016 fourth form means that the command is to be applied only to that
1017 one source.
1018 The wildcard form of the address is equivalent to:
1020 offline 0.0.0.0/0.0.0.0
1022 offline ::/0
1023 online [address], online [masked-address/masked-bits], online
1025 [mask/masked-address]
1026 The online command is opposite in function to the offline command.
1027 It is used to advise chronyd that network connectivity to a
1028 particular source or sources has been restored.
1029 The syntax is identical to that of the offline command.
1031 onoffline
1033 The onoffline command tells chronyd to switch all sources that have
1034 a known address to the online or offline status according to the
1035 current network configuration. A source is considered online if it
1036 is possible to send requests to it, i.e. a network route to the
1037 source is present.
1038 polltarget address polltarget
1040 The polltarget command is used to modify the poll target for one of
1041 the current set of sources. It is equivalent to the polltarget
1042 option in the server directive in the configuration file.
1043 refresh
1045 The refresh command can be used to force chronyd to resolve the
1046 names of configured sources to IP addresses again, e.g. after
1047 suspending and resuming the machine in a different network.
1048 Sources that stop responding will be replaced with newly resolved
1050 addresses automatically after 8 polling intervals, but this command
1051 can still be useful to replace them immediately and not wait until
1052 they are marked as unreachable.
1053 reload sources
1055 The reload sources command causes chronyd to re-read all *.sources
1056 files from the directories specified by the sourcedir directive.
1057 sourcename address
1059 The sourcename command prints the original hostname or address that
1060 was specified for an NTP source in the configuration file, or the
1061 add command. This command is an alternative to the -N option, which
1062 can be useful in scripts.
1063 Note that different NTP sources can share the same name, e.g.
1065 servers from a pool.
1066 Manual time input
1068 manual on, manual off, manual delete index, manual list, manual reset
1069 The manual command enables and disables use of the settime command,
1070 and is used to modify the behaviour of the manual clock driver.
1071 The on form of the command enables use of the settime command.
1073 The off form of the command disables use of the settime command.
1075 The list form of the command lists all the samples currently stored
1077 in chronyd. The output is illustrated below.
1078 210 n_samples = 1
1080 # Date Time(UTC) Slewed Original Residual
1081 ====================================================
1082 0 27Jan99 22:09:20 0.00 0.97 0.00
1083 The columns are as as follows:
1085 1. The sample index (used for the manual delete command).
1087 2. The date and time of the sample.
1089 3. The system clock error when the timestamp was entered, adjusted
1091 to allow for changes made to the system clock since.
1092 4. The system clock error when the timestamp was entered, as it
1094 originally was (without allowing for changes to the system
1095 clock since).
1096 5. The regression residual at this point, in seconds. This allows
1098 ‘outliers’ to be easily spotted, so that they can be deleted
1099 using the manual delete command.
1100 The delete form of the command deletes a single sample. The
1104 parameter is the index of the sample, as shown in the first column
1105 of the output from manual list. Following deletion of the data
1106 point, the current error and drift rate are re-estimated from the
1107 remaining data points and the system clock trimmed if necessary.
1108 This option is intended to allow ‘outliers’ to be discarded, i.e.
1109 samples where the administrator realises they have entered a very
1110 poor timestamp.
1111 The reset form of the command deletes all samples at once. The
1113 system clock is left running as it was before the command was
1114 entered.
1115 settime time
1117 The settime command allows the current time to be entered manually,
1118 if this option has been configured into chronyd. (It can be
1119 configured either with the manual directive in the configuration
1120 file, or with the manual command of chronyc.)
1121 It should be noted that the computer’s sense of time will only be
1123 as accurate as the reference you use for providing this input (e.g.
1124 your watch), as well as how well you can time the press of the
1125 return key.
1126 Providing your computer’s time zone is set up properly, you will be
1128 able to enter a local time (rather than UTC).
1129 The response to a successful settime command indicates the amount
1131 that the computer’s clock was wrong. It should be apparent from
1132 this if you have entered the time wrongly, e.g. with the wrong time
1133 zone.
1134 The rate of drift of the system clock is estimated by a regression
1136 process using the entered measurement and all previous measurements
1137 entered during the present run of chronyd. However, the entered
1138 measurement is used for adjusting the current clock offset (rather
1139 than the estimated intercept from the regression, which is
1140 ignored). Contrast what happens with the manual delete command,
1141 where the intercept is used to set the current offset (since there
1142 is no measurement that has just been entered in that case).
1143 The time is parsed by the public domain getdate algorithm.
1145 Consequently, you can only specify time to the nearest second.
1146 Examples of inputs that are valid are shown below:
1148 settime 16:30
1150 settime 16:30:05
1151 settime Nov 21, 2015 16:30:05
1152 For a full description of getdate, see the getdate documentation
1154 (bundled, for example, with the source for GNU tar).
1155 NTP access
1157 accheck address
1158 This command allows you to check whether client NTP access is
1159 allowed from a particular host.
1160 Examples of use, showing a named host and a numeric IP address, are
1162 as follows:
1163 accheck foo.example.net
1165 accheck 1.2.3.4
1166 accheck 2001:db8::1
1167 This command can be used to examine the effect of a series of
1169 allow, allow all, deny, and deny all commands specified either via
1170 chronyc, or in chronyd's configuration file.
1171 clients [-p packets] [-k] [-r]
1173 This command shows a list of clients that have accessed the server,
1174 through the NTP, command, or NTS-KE port. It does not include
1175 accesses over the Unix domain command socket.
1176 The -p option specifies the minimum number of received NTP or
1178 command packets, or accepted NTS-KE connections, needed to include
1179 a client in the list. The default value is 0, i.e. all clients are
1180 reported. With the -k option the last four columns will show the
1181 NTS-KE accesses instead of command accesses. If the -r option is
1182 specified, chronyd will reset the counters of received and dropped
1183 packets or connections after reporting the current values.
1184 An example of the output is:
1186 Hostname NTP Drop Int IntL Last Cmd Drop Int Last
1188 ===============================================================================
1189 localhost 2 0 2 - 133 15 0 -1 7
1190 foo.example.net 12 0 6 - 23 0 0 - -
1191 Each row shows the data for a single host. Only hosts that have
1193 passed the host access checks (set with the allow, deny, cmdallow
1194 and cmddeny commands or configuration file directives) are logged.
1195 The intervals are displayed as a power of 2 in seconds.
1196 The columns are as follows:
1198 1. The hostname of the client.
1200 2. The number of NTP packets received from the client.
1202 3. The number of NTP packets dropped to limit the response rate.
1204 4. The average interval between NTP packets.
1206 5. The average interval between NTP packets after limiting the
1208 response rate.
1209 6. Time since the last NTP packet was received
1211 7. The number of command packets or NTS-KE connections
1213 received/accepted from the client.
1214 8. The number of command packets or NTS-KE connections dropped to
1216 limit the response rate.
1217 9. The average interval between command packets or NTS-KE
1219 connections.
1220 10. Time since the last command packet or NTS-KE connection was
1222 received/accepted.
1223 serverstats
1225 The serverstats command displays NTP and command server statistics.
1226 An example of the output is shown below.
1228 NTP packets received : 1598
1230 NTP packets dropped : 8
1231 Command packets received : 19
1232 Command packets dropped : 0
1233 Client log records dropped : 0
1234 NTS-KE connections accepted: 3
1235 NTS-KE connections dropped : 0
1236 Authenticated NTP packets : 189
1237 Interleaved NTP packets : 43
1238 NTP timestamps held : 44
1239 NTP timestamp span : 120
1240 The fields have the following meaning:
1242 NTP packets received
1244 The number of valid NTP requests received by the server.
1245 NTP packets dropped
1247 The number of NTP requests dropped by the server due to rate
1248 limiting (configured by the ratelimit directive).
1249 Command packets received
1251 The number of command requests received by the server.
1252 Command packets dropped
1254 The number of command requests dropped by the server due to
1255 rate limiting (configured by the cmdratelimit directive).
1256 Client log records dropped
1258 The number of client log records dropped by the server to limit
1259 the memory use (configured by the clientloglimit directive).
1260 NTS-KE connections accepted
1262 The number of NTS-KE connections accepted by the server.
1263 NTS-KE connections dropped
1265 The number of NTS-KE connections dropped by the server due to
1266 rate limiting (configured by the ntsratelimit directive).
1267 Authenticated NTP packets
1269 The number of received NTP requests that were authenticated
1270 (with a symmetric key or NTS).
1271 Interleaved NTP packets
1273 The number of received NTP requests that were detected to be in
1274 the interleaved mode.
1275 NTP timestamps held
1277 The number of pairs of receive and transmit timestamps that the
1278 server is currently holding in memory for clients using the
1279 interleaved mode.
1280 NTP timestamp span
1282 The interval (in seconds) covered by the currently held NTP
1283 timestamps.
1284 Note that the numbers reported by this overflow to zero after
1288 4294967295 (32-bit values).
1289 allow [all] [subnet]
1291 The effect of the allow command is identical to the allow directive
1292 in the configuration file.
1293 The syntax is illustrated in the following examples:
1295 allow 1.2.3.4
1297 allow all 3.4.5.0/24
1298 allow 2001:db8:789a::/48
1299 allow 0/0
1300 allow ::/0
1301 allow
1302 allow all
1303 deny [all] [subnet]
1305 The effect of the allow command is identical to the deny directive
1306 in the configuration file.
1307 The syntax is illustrated in the following examples:
1309 deny 1.2.3.4
1311 deny all 3.4.5.0/24
1312 deny 2001:db8:789a::/48
1313 deny 0/0
1314 deny ::/0
1315 deny
1316 deny all
1317 local [option]..., local off
1319 The local command allows chronyd to be told that it is to appear as
1320 a reference source, even if it is not itself properly synchronised
1321 to an external source. (This can be used on isolated networks, to
1322 allow one computer to be a master time server with the other
1323 computers slaving to it.)
1324 The first form enables the local reference mode on the host. The
1326 syntax is identical to the local directive in the configuration
1327 file.
1328 The second form disables the local reference mode.
1330 smoothing
1332 The smoothing command displays the current state of the NTP server
1333 time smoothing, which can be enabled with the smoothtime directive.
1334 An example of the output is shown below.
1335 Active : Yes
1337 Offset : +1.000268817 seconds
1338 Frequency : -0.142859 ppm
1339 Wander : -0.010000 ppm per second
1340 Last update : 17.8 seconds ago
1341 Remaining time : 19988.4 seconds
1342 The fields are explained as follows:
1344 Active
1346 This shows if the server time smoothing is currently active.
1347 Possible values are Yes and No. If the leaponly option is
1348 included in the smoothtime directive, (leap second only) will
1349 be shown on the line.
1350 Offset
1352 This is the current offset applied to the time sent to NTP
1353 clients. Positive value means the clients are getting time
1354 that’s ahead of true time.
1355 Frequency
1357 The current frequency offset of the served time. Negative value
1358 means the time observed by clients is running slower than true
1359 time.
1360 Wander
1362 The current frequency wander of the served time. Negative value
1363 means the time observed by clients is slowing down.
1364 Last update
1366 This field shows how long ago the time smoothing process was
1367 updated, e.g. chronyd accumulated a new measurement.
1368 Remaining time
1370 The time it would take for the smoothing process to get to zero
1371 offset and frequency if there were no more updates.
1372 smoothtime activate, smoothtime reset
1374 The smoothtime command can be used to activate or reset the server
1375 time smoothing process if it is configured with the smoothtime
1376 directive.
1377 Monitoring access
1379 cmdaccheck address
1380 This command is similar to the accheck command, except that it is
1381 used to check whether monitoring access is permitted from a named
1382 host.
1383 Examples of use are as follows:
1385 cmdaccheck foo.example.net
1387 cmdaccheck 1.2.3.4
1388 cmdaccheck 2001:db8::1
1389 cmdallow [all] [subnet]
1391 This is similar to the allow command, except that it is used to
1392 allow particular hosts or subnets to use chronyc to monitor with
1393 chronyd on the current host.
1394 cmddeny [all] [subnet]
1396 This is similar to the deny command, except that it is used to
1397 allow particular hosts or subnets to use chronyc to monitor chronyd
1398 on the current host.
1399 Real-time clock (RTC)
1401 rtcdata
1402 The rtcdata command displays the current RTC parameters.
1403 An example output is shown below.
1405 RTC ref time (GMT) : Sat May 30 07:25:56 2015
1407 Number of samples : 10
1408 Number of runs : 5
1409 Sample span period : 549
1410 RTC is fast by : -1.632736 seconds
1411 RTC gains time at : -107.623 ppm
1412 The fields have the following meaning:
1414 RTC ref time (GMT)
1416 This is the RTC reading the last time its error was measured.
1417 Number of samples
1419 This is the number of previous measurements being used to
1420 determine the RTC gain or loss rate.
1421 Number of runs
1423 This is the number of runs of residuals of the same sign
1424 following the regression fit for (RTC error) versus (RTC time).
1425 A value which is small indicates that the measurements are not
1426 well approximated by a linear model, and that the algorithm
1427 will tend to delete the older measurements to improve the fit.
1428 Sample span period
1430 This is the period that the measurements span (from the oldest
1431 to the newest). Without a unit the value is in seconds;
1432 suffixes m for minutes, h for hours, d for days or y for years
1433 can be used.
1434 RTC is fast by
1436 This is the estimate of how many seconds fast the RTC when it
1437 thought the time was at the reference time (above). If this
1438 value is large, you might (or might not) want to use the
1439 trimrtc command to bring the RTC into line with the system
1440 clock. (Note, a large error will not affect chronyd's
1441 operation, unless it becomes so big as to start causing
1442 rounding errors.)
1443 RTC gains time at
1445 This is the amount of time gained (positive) or lost (negative)
1446 by the real time clock for each second that it ticks. It is
1447 measured in parts per million. So if the value shown was +1,
1448 suppose the RTC was exactly right when it crosses a particular
1449 second boundary. Then it would be 1 microsecond fast when it
1450 crosses its next second boundary.
1451 trimrtc
1453 The trimrtc command is used to correct the system’s real-time clock
1454 (RTC) to the main system clock. It has no effect if the error
1455 between the two clocks is currently estimated at less than a
1456 second.
1457 The command takes no arguments. It performs the following steps (if
1459 the RTC is more than 1 second away from the system clock):
1460 1. Remember the currently estimated gain or loss rate of the RTC
1462 and flush the previous measurements.
1463 2. Step the real-time clock to bring it within a second of the
1465 system clock.
1466 3. Make several measurements to accurately determine the new
1468 offset between the RTC and the system clock (i.e. the remaining
1469 fraction of a second error).
1470 4. Save the RTC parameters to the RTC file (specified with the
1472 rtcfile directive in the configuration file).
1473 The last step is done as a precaution against the computer
1477 suffering a power failure before either the daemon exits or the
1478 writertc command is issued.
1479 chronyd will still work perfectly well both whilst operating and
1481 across machine reboots even if the trimrtc command is never used
1482 (and the RTC is allowed to drift away from true time). The trimrtc
1483 command is provided as a method by which it can be corrected, in a
1484 manner compatible with chronyd using it to maintain accurate time
1485 across machine reboots.
1486 The trimrtc command can be executed automatically by chronyd with
1488 the rtcautotrim directive in the configuration file.
1489 writertc
1491 The writertc command writes the currently estimated error and gain
1492 or loss rate parameters for the RTC to the RTC file (specified with
1493 the rtcfile directive). This information is also written
1494 automatically when chronyd is killed (by the SIGHUP, SIGINT,
1495 SIGQUIT or SIGTERM signals) or when the trimrtc command is issued.
1496 Other daemon commands
1498 cyclelogs
1499 The cyclelogs command causes all of chronyd's open log files to be
1500 closed and re-opened. This allows them to be renamed so that they
1501 can be periodically purged. An example of how to do this is shown
1502 below.
1503 # mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log
1505 # chronyc cyclelogs
1506 # rm /var/log/chrony/measurements1.log
1507 dump
1509 The dump command causes chronyd to write its current history of
1510 measurements for each of its sources to dump files in the directory
1511 specified in the configuration file by the dumpdir directive and
1512 also write server NTS keys and client NTS cookies to the directory
1513 specified by the ntsdumpdir directive. Note that chronyd does this
1514 automatically when it exits. This command is mainly useful for
1515 inspection whilst chronyd is running.
1516 rekey
1518 The rekey command causes chronyd to re-read the key file specified
1519 in the configuration file by the keyfile directive. It also
1520 re-reads the server NTS keys if ntsdumpdir is specified and
1521 automatic rotation is disabled in the configuration file.
1522 reset sources
1524 The reset sources command causes chronyd to drop all measurements
1525 and switch to the unsynchronised state. This command can help
1526 chronyd with recovery when the measurements are known to be no
1527 longer valid or accurate, e.g. due to moving the computer to a
1528 different network, or resuming the computer from a low-power state
1529 (which resets the system clock). chronyd will drop the measurements
1530 automatically when it detects the clock has made an unexpected
1531 jump, but the detection is not completely reliable.
1532 shutdown
1534 The shutdown command causes chronyd to exit. This is equivalent to
1535 sending the process the SIGTERM signal.
1536 Client commands
1538 dns option
1539 The dns command configures how hostnames and IP addresses are
1540 resolved in chronyc. IP addresses can be resolved to hostnames when
1541 printing results of sources, sourcestats, tracking and clients
1542 commands. Hostnames are resolved in commands that take an address
1543 as argument.
1544 There are five options:
1546 dns -n
1548 Disables resolving IP addresses to hostnames. Raw IP addresses
1549 will be displayed.
1550 dns +n
1552 Enables resolving IP addresses to hostnames. This is the
1553 default unless chronyc was started with -n option.
1554 dns -4
1556 Resolves hostnames only to IPv4 addresses.
1557 dns -6
1559 Resolves hostnames only to IPv6 addresses.
1560 dns -46
1562 Resolves hostnames to both address families. This is the
1563 default behaviour unless chronyc was started with the -4 or -6
1564 option.
1565 timeout timeout
1567 The timeout command sets the initial timeout for chronyc requests
1568 in milliseconds. If no response is received from chronyd, the
1569 timeout is doubled and the request is resent. The maximum number of
1570 retries is configured with the retries command.
1571 By default, the timeout is 1000 milliseconds.
1573 retries retries
1575 The retries command sets the maximum number of retries for chronyc
1576 requests before giving up. The response timeout is controlled by
1577 the timeout command.
1578 The default is 2.
1580 keygen [id [type [bits]]]
1582 The keygen command generates a key that can be added to the key
1583 file (specified with the keyfile directive) to allow NTP
1584 authentication between server and client, or peers. The key is
1585 generated from the /dev/urandom device and it is printed to
1586 standard output.
1587 The command has three optional arguments. The first argument is the
1589 key number (by default 1), which will be specified with the key
1590 option of the server or peer directives in the configuration file.
1591 The second argument is the name of the hash function or cipher (by
1592 default SHA1, or MD5 if SHA1 is not available). The third argument
1593 is the length of the key in bits if a hash function was selected,
1594 between 80 and 4096 bits (by default 160 bits).
1595 An example is:
1597 keygen 73 SHA1 256
1599 which generates a 256-bit SHA1 key with number 73. The printed line
1601 should then be securely transferred and added to the key files on
1602 both server and client, or peers. A different key should be
1603 generated for each client or peer.
1604 An example using the AES128 cipher is:
1606 keygen 151 AES128
1608 exit, quit
1610 The exit and quit commands exit from chronyc and return the user to
1611 the shell.
1612 help
1614 The help command displays a summary of the commands and their
1615 arguments.
1616
1618 chrony.conf(5), chronyd(8)
1619
1621 For instructions on how to report bugs, please visit
1622 https://chrony.tuxfamily.org/.
1623
1625 chrony was written by Richard Curnow, Miroslav Lichvar, and others.
1626chrony 4.3 2022-08-29 CHRONYC(1)