Lightweight NTP clients for Unix

NTP is important, it sets your system clock. A proper Unix machine with an ordinary network connection should be within 10ms of true time. The problem is the traditional software we use to do this, ntpd, is old and complicated and has had a lot of security problems. It also does way more than your typical server needs, supporting obscure protocols and funky hardware you’ll never access.

I think a modern Unix machine just needs a simple network only time setter. Poll the time from ~4 NTP servers, discipline the clock to ~10ms, implement leap seconds correctly. That’s about it. I’m on the fence about client-only; if it’s not a big deal to be a simple server, that’d be better. I’m also ignorant about security, the historical crypto stuff in ntpd is pretty woolly.

A lot of other people think there should be a simpler time settings, there’s a bunch of alternatives now.

  • chrony is the best alternative I know of. It seems to do time correctly, and it has some clever accommodations for running in difficult environments like a VM or on a machine like a laptop that’s asleep a lot of time.
  • NTPSec, a big effort to first simplify the old ntpd code, then port it to a safe language like Rust or Go. The project has some problems but they are getting ambitious work done. Keep an eye on it.
  • systemd-timesyncd is everywhere now thanks to systemd. It’s too simple though, really just an SNTP client, and can’t discipline the clock nearly accurately enough to be useful for good time.
  • ntimed, see the blog. This project was looking promising but seems to have stalled out.
  • openntpd, the OpenBSD rewrite of an NTP daemon. It has a lot of problems including good clock discipline and leap seconds and is not really suitable.
  • ntpd! The venerable classic. Despite the problems the bugs are being fixed and it’s still the daemon I suspect powers most of the world’s Unix machines.

Chrony has a very useful comparison of chrony, ntp, and openntpd. The Performance numbers at the bottom are what’s most interesting to me (those numbers are microseconds).

End of the day, I think ntpd is still a decent choice. Chrony looks like the best alternative. I don’t have experience with it to comment on. I have no way of knowing if it’s more secure than ntpd. It’s also in C and has had some security problems.