Developers Ubuntu Linux We've outlined a transition to using the Chrony project by default for precise time synchronization in all builds. Ubuntu 25.10. Earlier in Ubuntu The systemd-timesyncd service was used, which was decided to be replaced due to the desire to use the NTS (Network Time Security) protocol for cryptographic protection of time synchronization.
The Chrony project provides an independent implementation of NTP client and server, already used for precise time synchronization in Fedora, SUSE/openSUSE, and RHEL. NTS ensures that the client is communicating with the intended NTP server and not a spoofed one. Spoofing an NTP server is dangerous because setting the wrong time can be used to compromise the security of other time-aware protocols, such as TLS and DNSSEC. Changing the time can lead to incorrect interpretation of certificate validity data.
The NTS protocol uses elements of the public key infrastructure (PKI) to organize an encrypted communication channel and allows the use of TLS and authenticated encryption AEAD (Authenticated Encryption with Associated Data) to protect users from attacks that impersonate an NTP server. NTS includes two separate protocols: NTS-KE (NTS Key Establishment), used to handle initial authentication and key agreement over TLS, and NTS-EF (NTS Extension Fields), which is responsible for encryption and authentication of the time synchronization session. NTS adds several extended fields to NTP packets and stores all state information only on the client side, using the cookie transfer mechanism. Network port 4460 is used to process connections via the NTS protocol.
The Chrony package is already included in the main repository and is used by default in some editions. Ubuntu for cloud systems. Work to replace systemd-timesyncd with Chrony will begin on June 2. Including Chrony in builds will add an additional "libedit2" dependency and increase the image size by 803 KB. To replace systemd-timesyncd with Chrony in Ubuntu On 25.04 you can use the command "apt-mark auto systemd-timesyncd && apt install chrony", and to switch back to systemd-timesyncd you can use "apt-mark auto chrony && apt install systemd-timesyncd".
Source: opennet.ru
