## 说明
1、如果server端开启key认证,client未配置,可以正常同步时间
2、如果server端开启key认证,client也配置了key认证,需要保证两边key一致,否则无法同步时间
# server端配置
vi /etc/chrony.conf
allow x.x.x.x/yy ?<------ this should be device IP range
keyfile /etc/chrony.keys
systemctl restart chronyd.service
## 在/etc/chrony.keys中配置key串,可以使用默认的,也可使用chronyc keygen命令生成新的。
chronyc keygen :The keygen command of chronyc can be used to generate random keys for the key file. By default, it generates 160-bit MD5 or SHA1 keys.
# client端配置
vi /etc/chrony.conf
server 192.168.11.251 key 3
## 将server端的key粘贴到下面的文件,确保两边统一
vi /etc/chrony.keys
3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
## 常用命令
chronyc clients
chronyc serverstats
chronyc sources
chronyc sourcestats
# Source mode ?'^' = server, '=' = peer, '#' = local clock.
# Source state '*' = current synced, '+' = combined , '-' = not combined,'?' = unreachable, 'x' = time may be in error, '~' = time too variable.
^? 192.168.11.251 ? ? ? ? ? ? ? 12 ? 7 ? ? 0 ?1133 ? +230us[ +181us] +/- ? 51ms
^* 192.168.11.251 ? ? ? ? ? ? ? ?3 ? 6 ? 377 ? 142 ?+1723us[+2145us] +/- ? 36ms
参考链接:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/system_administrators_guide/index#ch-Configuring_NTP_Using_the_chrony_Suite
?