To keep correct time on a StrongKey FIDO Server with no outside connections, enable NTP:
- To confirm whether the NTP service is enabled, please run the following commands on the appliance as root.
> ntpstat
Example output if the server is in sync with the NTP server:
If the NTP is not synced, please follow the steps below to connect it with the local NTP server.
- Login to the appliance as root.
- Using a text editor (e.g., vi or gedit) open the file /etc/ntp.conf and update the server information (similar to image below) in the file with internal NTP server.
You may use either the IP address or the FQDN of the NTP server here. If you use the FQDN, ensure the FQDN of the NTP server is resolvable by SKFS. You may ping <NTP-FQDN> (e.g., ping pool.ntp.server.org) the SKFS appliance to confirm that the FQDN is resolvable and the NTP server can be reached. If not, open the /etc/resolv.conf file using text editor (e.g., vi, edit, etc.), and at the end of the file add the DNS info (nameserver <IP>) for the NTP server.
- Add a firewall rule for the NTP service and reload the rules:
> firewall-cmd --add-service=ntp --permanent –zone=public
> firewall-cmd –reload
- Start the NTP service and enable it system-wide:
> systemctl restart ntpd
> systemctl enable ntpd
> systemctl status ntpd
- After NTP daemon has been started, wait few minutes for the server to synchronize time with its pool list servers, then run the following commands to verify NTP status:
> ntpstat
> timedatectl status