The /etc/chrony.conf file contains configuration settings for chronyd. The default configuration assumes that the system has network access to public NTP servers with which it can synchronize. The following examples show modifications you can make in different networking scenarios.

For more information about the configuration file and its directives, see the chrony.conf(5) manual page.

The following example configures a system to access three NTP servers:

pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...

To configure chronyd to act as an NTP server for a specified client or subnet, use the allow directive, as shown in bold in the following example:

pool NTP_server_1
pool NTP_server_2
pool NTP_server_3
allow 192.168.2/24
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...

To create keys for an authentication mechanism based on public key cryptography, use the chronyc keygen command.

If a system has only intermittent access to NTP servers, the following configuration might be appropriate:

pool NTP_server_1 offline
pool NTP_server_2 offline
pool NTP_server_3 offline
driftfile /var/lib/chrony/drift
keyfile /etc/chrony.keys
...

If you specify the offline keyword, chronyd doesn't poll the NTP servers until it receives communication that network access is available. You can use the chronyc online and chronyc offline commands to inform chronyd of the state of network access.