Created
September 23, 2020 11:04
-
-
Save mlichvar/e6b183daa16599d7985dc81fdde7af39 to your computer and use it in GitHub Desktop.
Test chrony NTS on localhost
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| server_name=chrony-nts-test | |
| cert=/etc/pki/tls/certs/nts.crt | |
| key=/etc/pki/tls/private/nts.key | |
| sed -i "/ $server_name\$/d" /etc/hosts | |
| echo "127.0.0.1 $server_name" >> /etc/hosts | |
| cat > cert.cfg <<EOF | |
| cn = "$server_name" | |
| serial = 001 | |
| activation_date = "2020-01-01 00:00:00 UTC" | |
| expiration_date = "2030-01-01 00:00:00 UTC" | |
| signing_key | |
| encryption_key | |
| EOF | |
| certtool --generate-privkey --key-type=ed25519 --outfile $key | |
| certtool --generate-self-signed --load-privkey $key --template cert.cfg --outfile $cert | |
| chmod 640 $cert $key | |
| chown root:chrony $cert $key | |
| cat > /etc/chrony.conf <<EOF | |
| server chrony-nts-test iburst nts | |
| server time.cloudflare.com iburst nts | |
| ntsserverkey $key | |
| ntsservercert $cert | |
| ntstrustedcerts $cert | |
| ntsdumpdir /var/lib/chrony | |
| local | |
| allow | |
| EOF | |
| systemctl restart chronyd | |
| sleep 3 | |
| chronyc -N authdata |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I came here via an internet search hoping to find the oneliner I was looking for, but instead found something else.
Because I may not be the only one, I figured I add that oneliner here, for the benefit of all:
Oneliner to test an NTS server:
chronyd -Q -t 3 'server nts.time.nl iburst nts maxsamples 1'