See all Sun CentOS Linux related FAQs
OpenNTPD is a Unix system daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. How do I install OpenNTPD under CentOS / RHEL / Fedora Linux instead of default NTPD client / server supplied by Linux operating system?

OpenNTPD offers simplicity and security over traditional NTPD that comes with CentOS/RHEL/Fedora Linux. The software provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock. OpenNTPD is a part of OpenBSD project. In this tutorial, you will learn how to install OpenNTPD on a CentOS/RHEL/Fedora Linux.
Tutorial details
Difficulty level Advanced
Root privileges Yes
Requirements Linux terminal
Category System Management
OS compatibility AlmaLinux CentOS Fedora RHEL Rocky Stream
Est. reading time 6 minutes
Advertisement

CentOS / Redhat Linux: Install OpenNTPD To Synchronize The Local Clock

The procedure is as follows to install OpenNTPD on RHEL or CentOS or Rocky or Alma Linux using source code.

OpenNTPD on CentOS/RHEL 7 with systemd

OpenNTPD on CentOS/RHEL 7 with systemd

Step 1 – Downloading OpenNTPD

The following page is tested with CentOS/RHEL version 7/8/9 and should work with Rocky and Alma Linux, too, with systemd as init. The older information regarding CentOS/RHEL version “6.x” or earlier was removed as those are no longer supported.

Download portable OpenNTPD version by visiting this page. Try the wget command or curl command to download file. For example:
$ cd /tmp/
$ VERSION="6.8p1"
$ URL="https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenNTPD/openntpd-${VERSION}.tar.gz"
$ wget "$URL"
$ wget "$URL.asc"
$ ls -l openntpd-${VERSION}.tar.gz*

Here are two files downloaded for version 6.8p1:

-rw-rw-r-- 1 vivek vivek 443997 Dec  7  2020 openntpd-6.8p1.tar.gz
-rw-rw-r-- 1 vivek vivek    833 Dec  9  2020 openntpd-6.8p1.tar.gz.asc

Step 2 - Verifying OpenNTPD tarball on your CentOS/Red Hat Linux (RHEL)

Use the gpg command to verify tarball under Linux or Unix. For example:
$ gpg --with-fingerprint openntpd-$VERSION.tar.gz.asc
Note down the RSA key:

gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: assuming signed data in 'openntpd-6.8p1.tar.gz'
gpg: Signature made Wednesday 09 December 2020 08:24:38 PM IST
gpg:                using RSA key 6F67522EC596C025B24549911FFAA0B24B708F96
gpg: Good signature from "keybase.io/busterb " [unknown]
gpg:                 aka "Brent Cook <bcook@openbsd.org>" [unknown]
gpg:                 aka "Brent Cook <busterb@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A1EB 079B 8D3E B92B 4EBD  3139 663A F51B D5E4 D8D5
     Subkey fingerprint: 6F67 522E C596 C025 B245  4991 1FFA A0B2 4B70 8F96

Get the key:
$ gpg --keyserver pgp.mit.edu --recv-keys 6F67522EC596C025B24549911FFAA0B24B708F96
Outputs:

gpg: key 663AF51BD5E4D8D5: public key "keybase.io/busterb <busterb@keybase.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Here is how to verify it:
$ gpg --verify openntpd-${VERSION}.tar.gz.asc openntpd-${VERSION}.tar.gz
Look for gpg: Good signature message:

gpg: Signature made Wednesday 09 December 2020 08:24:38 PM IST
gpg:                using RSA key 6F67522EC596C025B24549911FFAA0B24B708F96
gpg: Good signature from "keybase.io/busterb <busterb@keybase.io>" [unknown]
gpg:                 aka "Brent Cook <bcook@openbsd.org>" [unknown]
gpg:                 aka "Brent Cook <busterb@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A1EB 079B 8D3E B92B 4EBD  3139 663A F51B D5E4 D8D5
     Subkey fingerprint: 6F67 522E C596 C025 B245  4991 1FFA A0B2 4B70 8F96

Step 3 - Extract OpenNTPD tar ball

Untar tar ball using the tar command. For example
$ tar -zxvf openntpd-${VERSION}.tar.gz
$ cd openntpd-$VERSION
$ pwd

Step 4 - Compiling and installing OpenNTPD on CentOS/RHEL

You must have GNU compiler installed on your CentOS/RHEL 7 box. See how to install compilers on CentOS/RHEL 7 to compile OpenNTPD. To compile OpenNTPD with default options, enter:
$ ./configure
$ make
$ sudo make install

Sample outputs:

Making install in include
make[1]: Entering directory `/tmp/openntpd-6.0p1/include'
make[2]: Entering directory `/tmp/openntpd-6.0p1/include'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
....
..
...
make[2]: Entering directory `/tmp/openntpd-6.0p1/src'
 /usr/bin/mkdir -p '/usr/local/sbin'
  /bin/sh ../libtool   --mode=install /usr/bin/install -c ntpd '/usr/local/sbin'
libtool: install: /usr/bin/install -c ntpd /usr/local/sbin/ntpd
make  install-exec-hook
make[3]: Entering directory `/tmp/openntpd-6.0p1/src'
 
 WARNING: the privilege separation path is specified as /var/empty, 
          but this directory contains files!
 
 Please ensure that /var/empty is empty. If you installed a previous 
 OpenNTPD version and created a user with a home directory at /var/empty/ntpd, 
 please adjust that user to use /var/empty instead and delete /var/empty/ntpd.
 
make[3]: Leaving directory `/tmp/openntpd-6.0p1/src'
 /usr/bin/mkdir -p '/usr/local/share/man/man5'
 /usr/bin/install -c -m 644 ntpd.conf.5 '/usr/local/share/man/man5'
 /usr/bin/mkdir -p '/usr/local/share/man/man8'
 /usr/bin/install -c -m 644 ntpctl.8 ntpd.8 '/usr/local/share/man/man8'
make[2]: Leaving directory `/tmp/openntpd-6.0p1/src'
make[1]: Leaving directory `/tmp/openntpd-6.0p1/src'
make[1]: Entering directory `/tmp/openntpd-6.0p1'
make[2]: Entering directory `/tmp/openntpd-6.0p1'
make  install-exec-hook
make[3]: Entering directory `/tmp/openntpd-6.0p1'
 
 /usr/local/etc/ntpd.conf already exists, install will not overwrite
make[3]: Leaving directory `/tmp/openntpd-6.0p1'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/openntpd-6.0p1'
make[1]: Leaving directory `/tmp/openntpd-6.0p1'

Step 5 - Configuring OpenNTPD on CentOS / Redhat Linux to sync timee

Type the following commands to create _ntp user and group to run OpenNTPD in its own jail. Please create a dedicated group for ntpd using the groupadd command:
$ groupadd _ntp
Next create a dedicated user for ntpd and ensure it cannot be used to log in. Try the mkdir command, chown command, chgrp command, and chmod command as follows:
$ sudo useradd -g _ntp -s /sbin/nologin -d /var/run/openntpd -c 'OpenNTP daemon' _ntp
$ sudo mkdir -p /var/run/openntpd
$ sudo chown 0 /var/run/openntpd
$ sudo chgrp 0 /var/run/openntpd
$ sudo chmod 0755 /var/run/openntpd

Step 6 - Installing systemd based startup script on CentOS / Redhat Linux (RHEL)

Edit the /usr/lib/systemd/system/openntpd.service using a text editor. For example:
$ sudo vi /usr/lib/systemd/system/openntpd.service
Add the following lines:

[Unit]
Description=OpenNTP Daemon
After=network.target
Conflicts=systemd-timesyncd.service

[Service]
Type=forking
ExecStart=/usr/local/sbin/ntpd

[Install]
WantedBy=multi-user.target
Save and close the file by pressing Esc+:wq and hit the [Enter] key.

ntpd.conf configuration

Edit the /usr/local/etc/ntpd.conf, enter:
$ vi /usr/local/etc/ntpd.conf
Make sure it listen on localhost and main server IP:

 # replace IPs as per your need #
listen on 127.0.0.1
listen on 10.210.206.58
listen on ::1

Sync to a single server called ntp.example.com or ntp.isp.example.com:

server ntp.isp.example.com
 
# Or Use a random selection of 8 public stratum 2 servers
servers pool.ntp.org

Here is how my config looks:

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf
 
listen on 127.0.0.1
listen on 10.210.206.58
listen on ::1
 
servers pool.ntp.org
server time.cloudflare.com
sensor *
 
constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

Close and save the file.

Step 7 - Starting OpenNTPD service on CentOS/RHEL

Reload our custom systemd unit file using the systemctl command:
$ sudo systemctl daemon-reload
Type the following command to start the service:
$ sudo systemctl start openntpd.service
Stop the openntpd, enter:
$ sudo systemctl stop openntpd.service
Restart the openntpd, enter:
$ sudo systemctl restart openntpd.service

How do I verify OpenNTPD is working or not on my CentOS / Redhat Linux (RHEL) machine?

Type the following systemctl command $ sudo systemctl status openntpd.service
Sample outputs:

? openntpd.service - OpenNTP Daemon
   Loaded: loaded (/usr/lib/systemd/system/openntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-11-22 10:20:08 UTC; 3s ago
  Process: 15508 ExecStart=/usr/local/sbin/ntpd -s (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/openntpd.service
           ??15509 ntpd: ntp engine
           ??15510 ntpd: dns engine
           ??15511 /usr/local/sbin/ntpd -s

Nov 22 10:20:07 cenots-db systemd[1]: Starting OpenNTP Daemon...
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on 127.0.0.1
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on 10.210.206.58
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on ::1
Nov 22 10:20:07 cenots-db ntpd[15509]: ntp engine ready
Nov 22 10:20:08 cenots-db systemd[1]: Started OpenNTP Daemon.

Make sure it starts on reboot:
$ sudo systemctl enable openntpd
Type the following command to verify OpenNTPD (ntpd) running:
$ sudo netstat -tulpn
$ sudo netstat -tulpn | grep :123

OR
]nixuser]sudo ss -ltun
Sample outputs:

udp        0      0 10.210.206.58:123               0.0.0.0:*                               31182/ntpd          
udp        0      0 127.0.0.1:123               0.0.0.0:*                               31182/ntpd  

Is my NTP synchronized?

Type the following command:
$ timedatectl status
Sample outputs:

      Local time: Tue 2016-11-22 10:25:46 UTC
  Universal time: Tue 2016-11-22 10:25:46 UTC
        RTC time: n/a
       Time zone: UTC (UTC, +0000)
     NTP enabled: n/a
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

See Also:

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

4 comments… add one
  • sandeep May 13, 2013 @ 13:03

    Hi,

    I followed all your steps on ubuntu but i could not get ntpd up after bootup. also the /etc/init.d/functions file is missing in ubuntu. Also
    # tail -f /var/log/messages

    is not printing anything for me even if i run it manually from command line.
    same for
    # netstat -tulpn | grep :123
    command.

    Please help me.

  • Spork Schivago Jun 15, 2017 @ 2:57

    I believe that the openntpd.service file should be installed in some place like:
    /etc/systemd/system/
    rather than:
    /usr/lib/systemd/system/

    The doc says:
    Table 9.2,

    • Spork Schivago Jun 15, 2017 @ 19:05

      I typed that late at night last night. There’s a typo in it. The configure command should actually look more like this:

      ./configure --prefix=/opt --sysconfdir=/etc/ntp --with-privsep-path=/var/run/openntpd

      The /etc/systemd/system/openntpd.service file would then look like this:

          [Unit]
          Description=OpenNTP Daemon
          After=network.target
          Conflicts=systemd-timesyncd.service
          
          [Service]
          Type=forking
          ExecStart=/opt/openntpd/sbin/ntpd -s
          
          [Install]
          WantedBy=multi-user.target
      
  • Arthur Mar 22, 2023 @ 12:04

    good tutorial was really helpful, and this one is much better than ntpd

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.