Wednesday, May 23, 2012

How do I set up ssh so that I don't have to use a password?

In a multi-tiered environment, you must rely on ssh to run your benchmarks automatically and remotely.  To run remote applications, it also relies on the ability of running them without the need of providing password.

In this article, we will discuss how to set up ssh so that you don't have to use a password.

OpenSSH

The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (SSH daemon), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.

In this article, we assume you have OpenSSH installed on your platforms.   In our benchmark environment, we are using Windows and Linux systems.  On the Windows, we have installed MKS Toolkit.  For example, ssh-keygen.exe can be found in its bin folder.

Testing

OpenSSH SSH daemon on the server listens for connections from clients. It is normally started at boot time.  It supports SSH protocols 1 and 2:
  • Protocol 1
    • only supports RSA keys.
  • Protocol 2
    • supports both RSA and DSA keys
For both protocols, each host has a host-specific key, normally 2048 bits, used to identify the host.

OpenSSH suite has been installed on anotherserver below and sshd is up and running.  By default, when you ssh into a remote machine, you will be asked to provide a password as shown below.

$ ssh anotheruser@anotherserver
The authenticity of host 'anotherserver(10.xxx.xxx.159)' can't be established.
RSA key fingerprint is ed:eb:67:75:21:50:e5:33:72:36:d1:43:b6:64:4e:19.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'anotherserver,10.xxx.xxx.159' (RSA) to the list of known hosts.
anotheruser@anotherserver's password:
Last login: Wed May 9 18:08:23 2012 from dhcp-xxxx-xxx-xxxx-anyconnect-10-xxx-xxx-153.xxx.mycompany.com

Set up ssh So You Aren't Asked for a Password

Our servers will use SSH protocol 1 and RSA keys for communication. Here are the steps:
  1. Use ssh-keygen to set up your user public and private keys 
    • You probably should  passphrase protect your keys.  However, we didn't do it here for simplicity.
  2. Make sure the remote system knows about your public keys.
    • This means making sure that on the remote system (i.e., ssh server) there is a file called authorized_keys in your .ssh directory. This file should contain the contents of id_rsa.pub of ssh clients.
As the first step, run ssh-keygen on your local machine (i.e., "myserver") and just hit enter when asked for a passphrase.

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Documents and Settings\localuser\.ssh\id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Documents and Settings\localuser\.ssh\id_rsa.
Your public key has been saved in C:\Documents and Settings\localuser\.ssh\id_rsa.pub.
The key fingerprint is:
bd:97:40:b7:d6:8b:35:76:0d:6a:7c:fe:5a:20:3a:6a localuser@myserver

This command will generate both a private and a public key in the ~/.ssh folder:
  • id_rsa
  • id_rsa.pub
Make sure these files are placed in the .ssh directory of your home directory with the private key having mode 0600. Next, add the contents of the public key file (i.e. id_rsa.pub) into:
  •  ~/.ssh/authorized_keys 
on the remote machine (i.e., "anotherserver").  Note that the file should be mode 600.  If the user account to be accessed on the remote machine is "anotheruser", ".ssh" folder is under that user account's home directory.

After the above setup. you should then be able to use ssh to log in to the remote server without being asked for a password.

$ ssh anotheruser@anotherserver
Last login: Wed May 23 11:41:31 2012 from dhcp-xxxx-xxx-xxxx-anyconnect-10-xxx-xxx-94.xxx.mycompany.com
[anotheruser@anotherserver ~]$


If you have any problems, try:
  • Adding the -v switch to ssh command
  • Check the log to determine why the connections were blocked
    • For example, you can look at /var/log/secure log file on systems with Oracle Linux Server release 6.8
  • Read [7] for more ideas
    • For example, permissions could be another sort of problem causing publickey authentication failures.
    • Check that your ~ and ~/.ssh directories are not readable by anybody except for your user (chmod 750 ~ && chmod 700 ~/.ssh could fix that)

References

  1. OpenSSH
  2. How do I set up ssh so that I don't have to use a password?
  3. How to set up ssh so you aren't asked for a password
  4. HOWTO: set up ssh keys
  5. Verifying SSH Key Fingerprint and More
  6. Setting up ssh
  7. Public Key authentication failed
  8. Can't SSH to remote machine: Connection closed by remote host

Tuesday, May 22, 2012

How to Release the Linux Disk Buffer/Cache

Linux like most modern OS will always try to use free RAM for caching stuff.  For performance benchmarks, we recommend you to release the Linux disk buffer/cache before each test for more meaningful comparisons.  This step is necessary.  For example, in the first run of your application, Linux could load the files your application use into the buffer cache and leave them there; thus subsequent runs of the same application could run faster.

In this article, we will show you:
  1. How to check your disk buffer and cache usage before and after releasing them?
  2. How to release disk buffer and cache?

How to Check

To check the disk buffer and cache usage, you can use Linux free command or read /proc/meminfo file.  For example, here is the disk buffer and cache usage before their release:

$ free -k
             total       used       free     shared    buffers     cached
Mem:      11790008   10241024    1548984          0     833088    8391724
-/+ buffers/cache:    1016212   10773796
Swap:      8191968          0    8191968


With "-k" option above, the space is displayed in KB.  For example, the system has total 11 GB with 9 GB used and 1GB free.  In the used space, it also counts the space used by disk buffers and caches.  The second row in the display (i.e., "-/+ buffers/cache") shows the space when ignoring buffers and caches.  For example, after counting buffers (i.e., 813MB) and caches (i.e., 8 GB) as free, the total free space becomes:
  • 10773796 KB =  1548984 KB +  833088 KB +  8391724 KB
When memory gets scarce, buffers and caches will be freed automatically.  So, they can be counted as free space.

How to Release

To release disk buffers and caches used by the kernel, you need to be "root".  Then the following one line command can do the work:

# sync && echo 3 > /proc/sys/vm/drop_caches

First we run the sync command before dropping the cache. Doing this will ensure that all memory in the cache is updated and all dirty pages are synchronized before dropping the cache.  The next step is echoing “3″ to the /proc/sys/vm/drop_caches file which will signal the kernel to release the pagecache, dentries and inodes.

After the commands, we can see some buffers and caches have been released by the kernel:

# free -k
             total       used       free     shared    buffers     cached
Mem:      11790008    6692304    5097704          0        940    5949888
-/+ buffers/cache:     741476   11048532
Swap:      8191968          0    8191968

Note that free command displays amount of free and used memory in the system by reading /proc/meminfo file.  So, you can find the same information from that file.

References