Re: [chrony-users] Chrony and NTP hardening

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


Hello.

On 2/4/26 17:27, Rob Janssen wrote:
or a last-known-good time, which will be saved to a file once a day.
But that would be disaster waiting to happen!
What when your system syncs to an invalid time in the future?

I thought this could be avoided via the maxchange instruction.

With a more advanced system using NTP (like ntpd or chrony) with several servers and with limited time step, there isn't much risk that things go wrong.

Yeah, I should have mentioned that this is a (mostly) closed network (a train actually). There will be only one master and one backup time server in the train, which (optionally) synchronize with GPS. All other devices then synchronize with only these two servers. But it cannot be ruled out that an attacker gets access to the network, either from within the train or a maintenance connection.

Thanks and best regards,
Bernd

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/