diff --git a/ntpd/templates/chrony.conf.erb b/ntpd/templates/chrony.conf.erb
index 555e504..429e3c8 100644
--- a/ntpd/templates/chrony.conf.erb
+++ b/ntpd/templates/chrony.conf.erb
@@ -13,12 +13,16 @@ driftfile /var/lib/chrony/drift
 rtcsync
 
 # In first three updates step the system clock instead of slew
-# if the adjustment is larger than 100 seconds.
-makestep 100 3
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
 
-# Allow client access from local network.
+# Allow NTP client access from local network.
 #allow 192.168/16
 
+# Listen for commands only on localhost.
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+
 # Serve time even if not synchronized to any NTP server.
 #local stratum 10
 
@@ -27,6 +31,9 @@ keyfile /etc/chrony.keys
 # Specify the key used as password for chronyc.
 commandkey 1
 
+# Generate command key if missing.
+generatecommandkey
+
 # Disable logging of client accesses.
 noclientlog
 
@@ -35,4 +42,3 @@ logchange 0.5
 
 logdir /var/log/chrony
 #log measurements statistics tracking
-