15.5. Using chronyc

15.5.1. Using chronyc to Control chronyd

To make changes to the local instance of chronyd using the command line utility chronyc in interactive mode, enter the following command as root:
~]# chronyc -a
chronyc must run as root if some of the restricted commands are to be used. The -a option is for automatic authentication using the local keys when configuring chronyd on the local system. See Section 15.2.4, “Security with chronyc” for more information.
The chronyc command prompt will be displayed as follows:
chronyc>
You can type help to list all of the commands.
The utility can also be invoked in non-interactive command mode if called together with a command as follows:
chronyc command

Note

Changes made using chronyc are not permanent, they will be lost after a chronyd restart. For permanent changes, modify /etc/chrony.conf.

15.5.2. Using chronyc for Remote Administration

To configure chrony to connect to a remote instance of chronyd, issue a command in the following format:
~]$ chronyc -h hostname
Where hostname is the host name to connect to. The default is to connect to the local daemon.
To configure chrony to connect to a remote instance of chronyd on a non-default port, issue a command in the following format:
~]$ chronyc -h hostname -p port
Where port is the port in use for controlling and monitoring by the remote instance of chronyd.
Note that commands issued at the chronyc command prompt are not persistent. Only commands in the configuration file are persistent.
The first command must be the password command at the chronyc command prompt as follows:
chronyc> password password
200 OK
The password should not have any spaces.
If the password is not an MD5 hash, the hashed password must be preceded by the authhash command as follows:
chronyc> authhash SHA1
chronyc> password HEX:A6CFC50C9C93AB6E5A19754C246242FC5471BCDF
200 OK
The password or hash associated with the command key for a remote system is best obtained by SSH. An SSH connection should be established to the remote machine and the ID of the command key from /etc/chrony.conf and the command key in /etc/chrony.keys memorized or stored securely for the duration of the session.