From 819411b57708ff816c11538bac81153d3be41528 Mon Sep 17 00:00:00 2001 From: Yorick Downe Date: Mon, 20 Apr 2026 13:23:54 +0100 Subject: [PATCH] chronyc is default on Ubuntu 26.04 --- website/docs/Usage/LinuxSecurity.md | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/website/docs/Usage/LinuxSecurity.md b/website/docs/Usage/LinuxSecurity.md index 49873144..f36f15b0 100644 --- a/website/docs/Usage/LinuxSecurity.md +++ b/website/docs/Usage/LinuxSecurity.md @@ -63,10 +63,12 @@ Advanced, then make your user the owner with Full Access, while removing access and Administrators. Check "Replace all child object permissions", and click OK. That should solve the issues the OpenSSH client had. -Lastly, once key authentication has been tested, turn off password authentication. On your Linux server:
-`sudo nano /etc/ssh/sshd_config` - -Find the line that reads `#PasswordAuthentication yes` and remove the comment character `#` and change it to `PasswordAuthentication no`. +Lastly, once key authentication has been tested, turn off password authentication. On your Linux server: +`sudo nano /etc/ssh/ssh_config.d/99-disable-password-auth.conf` +``` +PasswordAuthentication no +``` +Save and close And restart the ssh service, for Ubuntu you'd run `sudo systemctl restart ssh`. @@ -84,21 +86,14 @@ For msmtp, I followed the instructions as-is. ## Time synchronization on Linux -The blockchain requires precise time-keeping. On Ubuntu, systemd-timesyncd is the default to synchronize time, +The blockchain requires precise time-keeping. On Ubuntu 24.04 and earlier, systemd-timesyncd is the default to synchronize time, and [chrony](https://en.wikipedia.org/wiki/Network_Time_Protocol) is an alternative. -systemd-timesyncd uses a single ntp server as source, and chrony uses several, typically a pool. The default shipping with Ubuntu can get -out of sync by as much as 600ms before it corrects. My recommendation is to use chrony for better accuracy. - -For Ubuntu, install the chrony package. This will automatically remove systemd-timesyncd. Chrony will start automatically.
+For Ubuntu 24.04 and earlier, install the chrony package. This will automatically remove systemd-timesyncd. Chrony will start automatically. `sudo apt update && sudo apt -y install chrony` Check that chrony is synchronized: Run `chronyc tracking`. -> If you wish to stay with systemd-timesyncd instead, check that `NTP service: active` via -> `timedatectl`, and switch it on with `sudo timedatectl set-ntp yes` if it isn't. You can check -> time sync with `timedatectl timesync-status --all`. - ## Firewalling You'll want to enable a host firewall. You can also forward the P2P ports of your execution and consensus