NTP Stratum 不会“弄虚作假”

NTP Stratum 不会“弄虚作假”

我有两台服务器,蓝色和绿色。我想让蓝色从绿色服务器中抽取时间,但因为绿色服务器的层级太高,所以抽取时间是不可能的。绿色服务器有正常的互联网连接,而蓝色服务器没有。在谷歌上搜索这个主题时,我应该能够“伪造”层级值,但似乎行不通。

在代码的底部,客户端确认层太高。

有什么建议强制 ntp 服务器撒谎吗?

Ubuntu 18.04.2

root@ntpserver:/home/green# ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.1.150.93     .INIT.          16 u    -   64    0    0.000    0.000   0.000
+2610:20:6f97:97 .NIST.           1 u   14   64   17  102.882  -34.929  35.299
+2001:67c:1560:8 17.253.34.253    2 u   16   64   17  161.268  -13.182  12.489
root@ntpserver:/home/green# cat /etc/ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
logfile /var/log/ntp.log


# You must create /var/log/ntpstats (owned by ntp:ntp) to enable logging.
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
tos minclock 4 minsane 3

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
server time.nist.gov

server   10.1.150.93
fudge    10.1.150.93 stratum 8

# Use Ubuntu's ntp server as a fallback.
server ntp.ubuntu.com preempt

# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
root@ntpserver:/home/green#



root@blue:/etc# ntpdate -dv 10.1.150.93
 1 Mar 18:13:34 ntpdate[122014]: ntpdate [email protected] Fri Jul 22 17:30:52 UTC 2016 (1)
transmit(10.1.150.93)
receive(10.1.150.93)
transmit(10.1.150.93)
receive(10.1.150.93)
transmit(10.1.150.93)
receive(10.1.150.93)
transmit(10.1.150.93)
receive(10.1.150.93)
10.1.150.93: Server dropped: strata too high
server 10.1.150.93, port 123
stratum 16, precision -23, leap 11, trust 000
refid [10.1.150.93], delay 0.02589, dispersion 0.00005
transmitted 4, in filter 4
reference time:    00000000.00000000  Mon, Jan  1 1900  0:00:00.000
originate timestamp: e023f4ea.f1a932d2  Fri, Mar  1 2019 18:14:02.943
transmit timestamp:  e023f4d4.5f61696f  Fri, Mar  1 2019 18:13:40.372
filter delay:  0.02594  0.02596  0.02611  0.02589
         0.00000  0.00000  0.00000  0.00000
filter offset: 22.57128 22.57129 22.57125 22.57120
         0.000000 0.000000 0.000000 0.000000
delay 0.02589, dispersion 0.00005
offset 22.571203

 1 Mar 18:13:40 ntpdate[122014]: no server suitable for synchronization found
root@blue:/etc#

答案1

您的服务器和 fudge 行是否错误,即 stratum 选项应该在 fudge 行上?我已经使用这种配置好几年了,但是为了同步我家用机器上的时间。

主主机,Centos 6,192.168.1.200(当然是不一样的!):

driftfile /var/lib/ntp/drift

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1 
restrict -6 ::1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

fudge server 127.127.1.0 stratum 10

客户端,Ubuntu 18.04:

driftfile /var/lib/ntp/ntp.drift

leapfile /usr/share/zoneinfo/leap-seconds.list

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server 192.168.1.200 iburst

server 127.127.1.0
fudge 127.127.1.0 stratum 10

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

restrict 127.0.0.1
restrict ::1

restrict source notrap nomodify noquery

另一个客户端,Ubuntu 16.04:

driftfile /var/lib/ntp/ntp.drift

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server 192.168.1.200 iburst

server 127.127.1.0
fudge   127.127.1.0 stratum 10

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

restrict 127.0.0.1
restrict ::1

restrict source notrap nomodify noquery

答案2

答案是:删除本地服务器 IP 并伪造条目。他们正在创建第 16 层条目,这导致了我的问题。

这有点令人困惑,因为这个类似问题的旧答案是:

server x.x.x.x stratum 10
fudge  x.x.x.x

在 ntp.conf 中。有些东西已经发生改变,不再起作用。

相关内容