1080*80 ad
Home » Blog » Setting up an NTP Server with NTPd on Ubuntu 20.04/18.04

Setting up an NTP Server with NTPd on Ubuntu 20.04/18.04

Benhcmark Administrator Benhcmark Administrator
09/09/2025
0 Views 0
Setting up an NTP Server with NTPd on Ubuntu 20.04/18.04

A Step-by-Step Guide to Setting Up an NTP Server on Ubuntu 20.04

Accurate timekeeping is a cornerstone of modern computing. For a single machine, it’s a convenience; for a network of servers, it’s absolutely critical. Inconsistent time across your infrastructure can lead to severe issues with log correlation, file synchronization, authentication protocols like Kerberos, and scheduled tasks. This is where the Network Time Protocol (NTP) becomes essential.

By setting up a local NTP server, you can create a reliable, centralized time source for all the devices on your network. This guide will walk you through the complete process of installing, configuring, and securing an NTP server using the standard ntpd daemon on Ubuntu 20.04 or 18.04.

Why Do You Need a Local NTP Server?

While public NTP servers are readily available, a dedicated local NTP server offers several advantages:

  • Reduced Latency: Syncing with a server on your own network is significantly faster and more accurate than reaching out to an external one over the internet.
  • Improved Reliability: It reduces dependency on external internet connectivity for time synchronization.
  • Enhanced Security: It minimizes the attack surface by limiting the number of devices that need to communicate with the public internet for time services.

Step 1: Installing the NTP Daemon

Before configuring anything, you need to install the necessary software. The classic NTP implementation is provided by the ntp package, which includes the ntpd daemon that runs the service.

First, ensure your system’s package list is up to date:

sudo apt update
sudo apt upgrade

Next, install the NTP package with the following command:

sudo apt install ntp

Once the installation is complete, the ntpd service will start automatically.

Step 2: Configuring the NTP Server

The core of the setup lies in the NTP configuration file, located at /etc/ntp.conf. This file dictates which upstream servers your NTP server will use for its own time reference.

Before making changes, it’s always a best practice to create a backup of the original configuration file:

sudo cp /etc/ntp.conf /etc/ntp.conf.bak

Now, open the configuration file for editing with your preferred text editor, such as nano:

sudo nano /etc/ntp.conf

Inside this file, you will see a list of default servers, typically from ubuntu.pool.ntp.org. While these are functional, you can achieve better performance by using servers that are geographically closer to you. The NTP Pool Project provides regional server pools.

For example, if your server is in North America, you would replace the default pool entries with the following:

# Use servers from the NTP Pool Project.
pool 0.north-america.pool.ntp.org iburst
pool 1.north-america.pool.ntp.org iburst
pool 2.north-america.pool.ntp.org iburst
pool 3.north-america.pool.ntp.org iburst

The iburst option sends a rapid burst of packets if the server is unreachable, which helps speed up the initial synchronization process.

Step 3: Securing Your NTP Server (Access Control)

By default, an NTP server will respond to queries from any IP address. To secure your server, you should restrict access so that only clients on your local network can synchronize time with it.

This is managed using the restrict directive in the /etc/ntp.conf file.

Add the following lines to your configuration file, replacing 192.168.1.0 with your actual local network address and 255.255.255.0 with your subnet mask.

# Deny all NTP traffic by default
restrict default kod nomodify notrap nopeer noquery

# Allow localhost to communicate with the NTP service
restrict 127.0.0.1

# Allow clients from the local network to query time
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Let’s break down what these rules mean:

  • restrict default...: This is a crucial security measure that denies all access by default.
  • restrict 127.0.0.1: This allows the local machine to query itself, which is necessary for proper operation.
  • restrict 192.168.1.0...: This is the rule that grants access to your local clients. The nomodify and notrap options prevent these clients from reconfiguring the server or using it for control message trapping.

Save the file and exit the editor after making these changes.

Step 4: Opening the Firewall

For clients to reach your NTP server, you must allow traffic on UDP port 123, which is the standard port for NTP services. If you are using UFW (Uncomplicated Firewall), the default firewall for Ubuntu, you can allow this traffic with a simple command:

sudo ufw allow ntp

Alternatively, you can specify the port and protocol directly:

sudo ufw allow 123/udp

Reload the firewall to apply the new rule:

sudo ufw reload

Step 5: Restarting and Verifying the Service

After modifying the configuration and firewall, you need to restart the NTP service for the changes to take effect:

sudo systemctl restart ntp

Give the service a few minutes to connect to the upstream servers and stabilize. You can then verify its status and see which peers it is synchronized with using the ntpq command:

ntpq -p

The output will look something like this:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*ntp.wdc1.us.le .GPS.            1 u  256  256  377   23.565   -0.264   0.122
+chilipepper.can .GPS.            1 u  252  256  377   15.821    0.138   0.245
+ntp-2.zacharia .GPS.            1 u  249  256  377   35.198   -0.589   0.198

The asterisk (*) next to a remote server indicates that your server is currently synchronized with that peer. The other columns provide detailed information about the connection, such as stratum (st), delay, and offset.

Step 6: Configuring Client Machines

The final step is to configure your other servers or devices (clients) to use your new NTP server. On each client machine, edit the /etc/ntp.conf file. Comment out the default pool entries and add a server entry pointing to your NTP server’s IP address.

# server 0.ubuntu.pool.ntp.org
# server 1.ubuntu.pool.ntp.org
# server 2.ubuntu.pool.ntp.org

server your_ntp_server_ip prefer iburst

Replace your_ntp_server_ip with the actual IP address of the NTP server you just configured. The prefer option tells the client that this is its preferred time source.

After saving the file, restart the NTP service on the client machine:

sudo systemctl restart ntp

You have now successfully deployed a centralized and secure time synchronization server for your network, ensuring that all your systems operate on a consistent and accurate timeline.

Source: https://kifarunix.com/quickly-setup-ntp-server-using-ntpd-on-ubuntu-20-04-18-04/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket