Ubuntu Adopts Chrony and NTS for Secure Network Time
a year ago
- #Time Synchronization
- #Ubuntu
- #Security
- Ubuntu 25.10 Questing Quokka will replace systemd-timesync with Chrony, which has Network Time Security (NTS) enabled by default.
- NTS is more secure than NTP as it authenticates time sources, preventing malicious servers from providing incorrect time data.
- NTS uses TCP port 4460 for key exchange and UDP port 123 for NTP, ensuring reliable and authenticated time synchronization.
- Time accuracy is crucial for cryptography tasks like certificate validation and DNSSEC.
- Ubuntu 25.10 will use Chrony + NTS for new installations, while upgrades from Ubuntu 25.04 will retain systemd-timesyncd unless manually switched.
- Users can manually switch to Chrony with NTS using commands from the Ubuntu mailing list.
- The change enhances security without affecting day-to-day usage for most users.