NTP is the network time protocol, it enables you to keep the time in sync with “real time”. The reason for this is because a server needs accurate time for many things such as logging server activity or performing scheduled backups at an particular time interval. By ensuring the time is correct, we can ensure the logs to be accurate based on the time stamp.
One of the issues with in accurate time is due to time drift, this causes a number of issues for this website on 2 occasions.
1) The first instance was in relation to the OCSP as the time drift causes the certificate to believe it was in valid. We had to restart the server to force the server to recheck the time upon rebooting.
2) The second issue in relation to the Google authenticator, due to the time drift on the server and the time variance on the Google authenticator, the Google two factor authentication application wasn’t able to generate the correct code in correlation to the server time.
apt-get install ntp Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libnet-daemon-perl libplrpc-perl Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libopts25 Suggested packages: ntp-doc The following NEW packages will be installed: libopts25 ntp 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 637 kB of archives. After this operation, 1,457 kB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://debian.mirrors.ovh.net/debian/ wheezy/main libopts25 amd64 1:5.12-0.1 [73.8 kB] Get:2 http://security.debian.org/ wheezy/updates/main ntp amd64 1:4.2.6.p5+dfsg-2+deb7u4 [563 kB] Fetched 637 kB in 0s (4,074 kB/s) Selecting previously unselected package libopts25. (Reading database ... 28449 files and directories currently installed.) Unpacking libopts25 (from .../libopts25_1%3a5.12-0.1_amd64.deb) ... Selecting previously unselected package ntp. Unpacking ntp (from .../ntp_1%3a4.2.6.p5+dfsg-2+deb7u4_amd64.deb) ... Processing triggers for man-db ... Setting up libopts25 (1:5.12-0.1) ... Setting up ntp (1:4.2.6.p5+dfsg-2+deb7u4) ... [ ok ] Starting NTP server: ntpd.
With NTP installed, we can check our NTP sync with the following command:
ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== -18.104.22.168 22.214.171.124 2 u 45 64 377 0.143 3.149 0.300 *126.96.36.199 188.8.131.52 2 u 46 64 377 21.372 1.515 1.903 -2001:41d0:8:897 184.108.40.206 2 u 46 64 377 10.438 3.549 0.239 +220.127.116.11 18.104.22.168 2 u 42 64 377 12.148 1.394 0.205 +22.214.171.124 126.96.36.199 2 u 36 64 377 14.764 2.056 0.328
To find out how much time difference there is between your server and the official time sync we can run the following command:
ntpdate -q ntp0.ovh.net server 188.8.131.52, stratum 1, offset 0.001763, delay 0.02611 25 Aug 22:52:02 ntpdate: adjust time server 184.108.40.206 offset 0.001763 sec
As we can see the difference is minimum, this is good for us.
ntpdate -q ntp0.ovh.net server 220.127.116.11, stratum 1, offset -167.164755, delay 0.02640 5 Jan 22:40:43 ntpdate: step time server 18.104.22.168 offset -167.164755 sec
In the above example, we can see that the clock is off sync by 167 seconds which is over 2 minutes and 47 seconds difference.