Passwordless root SSH Public Key Authentication on CentOS 6
It’s often useful to be able to SSH to other machines without being prompted for a password. Additionally, if you using tools such as Parallel SSH you will need to setup Public Key SSH Authentication. To set it up is relatively straight forward:
1. On the client machine (ie. the one you are SSH’ing from) you will need to create an SSH RSA key. So run the following command – ensure you don’t supply a password:
[root@node01 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c6:66:93:16:73:0b:bf:46:46:28:7d:a5:38:a3:4d:6d root@node01 The key's randomart image is: +--[ RSA 2048]----+ | . | | . + o | | . @ E | | * & . | | . S = | | = + . | | o | | . | | | +-----------------+
This will generate the following files:
[root@node01 ~]# cd ~/.ssh [root@node02 .ssh]# ls -l total 8 -rw-------. 1 root root 1675 Jul 27 15:01 id_rsa -rw-r--r--. 1 root root 406 Jul 27 15:01 id_rsa.pub
3. On the client machine tighten up file system permissions thus:
[root@node01 ~]# chmod 700 ~/.ssh [root@node01 ~]# chmod 600 ~/.ssh/* [root@node01 ~]# ls -ld ~/.ssh & ls -l ~/.ssh drwx------. 2 root root 4096 Jul 27 15:01 /root/.ssh -rw-------. 1 root root 1675 Jul 27 15:01 id_rsa -rw-------. 1 root root 406 Jul 27 15:01 id_rsa.pub
4. Now copy the public key to the machine you want to SSH and fix permissions (you will be prompted for the root password):
[root@node01 ~]# ssh root@node02 'mkdir -p /root/.ssh' [root@node01 ~]# scp /root/.ssh/id_rsa.pub root@node02:/root/.ssh/authorized_keys [root@node01 ~]# ssh root@node02 'chmod 700 /root/.ssh' [root@node01 ~]# ssh root@node02 'chmod 600 /root/.ssh/*'
You can also use the utility ssh-copy-id to do the above steps. If you don't have scp on the remote machine you will need to install it:
[root@node01 ~]# ssh root@node02 'yum install openssh-clients'
You should now be able to ssh directory from node01 to node02 without providing a password:
[root@node01 ~]# ssh node02 Last login: Wed Jul 27 15:41:56 2011 from 10.255.5.57 [root@node ~]#
IMPORTANT
There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
[root@node01 ~]# ssh root@node02 'restorecon -R -v /root/.ssh' restorecon reset /root/.ssh context system_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0 restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0
Setting up DHCP on an Enslaved VLAN Bridge on CentOS Linux
I had to setup a single interface on a server, with dual DHCP IP addresses that were obtained on the native untagged interface along with a tagged interface enslaved to VLAN bridge in order to rollout Enomaly SpotCloud. Thus the primary interface obtains its IP address via DHCP along with the bridged interface on a VLAN. To set this up :
1. cd /etc/sysconfig/network-scripts
2. vi ifcfg-eth0 so it looks like (change your MAC address accordingly):
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes HWADDR=f4:ce:46:82:55:f4
3. Then create your VLAN interface configuration. So vi ifcfg-eth0.1051:
DEVICE=eth0.1051 BOOTPROTO=dhcp VLAN=yes BRIDGE=virbr0 ONBOOT=yes
4. Then create your bridge interface configuration: So vi ifcfg-virbr0:
DEVICE=virbr0 TYPE=Bridge ONBOOT=yes DELAY=0 BOOTPROTO=dhcp
Note that TYPE must be Bridge with a capital B – otherwise it won’t work. And there you have it – when the box boots it gets a DHCP lease on eth0 and on virbr0 which is on VLAN 1051.
Identifying BlueArc Mercury M100 Hardware Revision
The BlueArc Mercury M100 has had minimally two distinct hardware revisions. The initial revision of the hardware was sometimes unreliable. To determine which hardware revision you are running do the following:
- Determine the management IP addresses of the nodes in your Mercury cluster . To do this log into the SMU (eg. https://smu) as admin. Then go to Home -> Server Settings -> Cluster Configuration and record the IP addresses of the cluster nodes (eg. 192.0.2.200 and 192.0.2.201).
- Then ssh into the SMU (eg. ssh manager@smu). Hit q to get to the command prompt.
- At the command prompt of the SMU ssh to each cluster node individually (eg. ssh 192.0.2.200).
- Run the following command: ver -h | grep Tachyon
- The output of that command will determine which hardware revision you are running:
- Rev A hardware is identified as follows: Tachyon: QX4 1.2 (HPFC-6440C)
- Rev B hardware is identified as follows: Tachyon: QE4+ 1.1 (PM8036 (Rev B))
BlueArc EVS Routing
You may have the need to set a default gateway on a BlueArc EVS (Enterprise Virtual Server). After you have configured the networking side of your EVS (via Home -> Server Settings -> EVS Management). Then go into Home -> Network Configuration -> Routing and add a gateway route for the subnet in question.
BlueArc EVS IP Configuration
BlueArc EVS Default Routing
Disabling CIFS Authentication on a BlueArc EVS In Standalone Security Mode
You might need to create a BlueArc EVS (Enterprise Virtual Server) with CIFS security disabled. You can’t do this through the GUI. So at the SMU command line:
1. Work out the EVS ID:
evs list
2. Select the EVS:
evs-select <id>
3. Disable domain authentication for CIFS:
cifs-auth off
Running TeamSpeak 3 Server As A Service With FireDaemon
Ran into this video today on Running TeamSpeak 3 Server under FireDaemon.
Configuring iSCSI on CentOS 5.6
I recently had to load CentOS 5.6 on several HP BL2x220C blade servers to run Enomaly SpotCloud. One of the requirements was to provision disk for KVM virtual machine storage. This could be local disk or optionally iSCSI disk. The following describes the steps I went through to configure iSCSI successfully.
1. You will need to configure your storage system. I was using a BlueArc Mercury cluster. The configuration of the BlueArc is probably beyond the scope of this post but in essence you need to create a File System of your required size. Then assign that File System to an EVS (BlueArc terminology for a virtual storage system) with an assigned cluster node and IP address on the storage VLAN. You then need to create iSCSI Logical Units within the File System. One LUN will be required for each host. Lastly create iSCSI targets within the EVS iSCSI domain with access configuration only permitted from the host that will use it along with the LUN ID and LUN name. You will end up with is a series of Globally Unique Names that are of a finite size (eg. 500GB) that are only accessible from a single host: iqn.2011-04.spotcloud:sc-evs-iscsi01.sc-target01.
2. Back to the CentOS side of things – make sure your interfaces are configured correctly and you can ping the storage system. I have two Virtual Connect modules in the HP C7000 enclosure – hence two interface were available. Static IPs were used on the storage network. I edited:
/etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network
3. Make sure the iSCSI daemons are installed. You can do this via yum or from the original source media.
Via yum:
yum install iscsi
Via virtual media:
mount /dev/cdrom /mnt cd /mnt/CentOS rpm -ivh iscsi* cd / umount /mnt
Don’t forget to eject the virtual media.
4. Make sure iSCSI starts on boot and start the daemon:
chkconfig iscsi on service iscsi start
5. Discover your iSCSI targets:
iscsiadm -m discovery -t sendtargets -p 10.255.4.10
The IP address is that of the storage system.
6. Delete any unnecessary iSCSI nodes:
service iscsi stop iscsiadm -m node <nodename> -o delete service iscsi start
The <nodename> is the UIN mentioned earlier. Sometimes you will always discover multiple nodes – so you need to configure the storage system to filter available LUNs by client source IP address.
7. Work out which device is the iSCSI node:
fdisk -l
8. Create a partition then format it:
fdisk /dev/sdb mkfs.ext4 /dev/sdb1
7. Label the device:
e2label /dev/sdb1 /sc-node01
8. Configure the mount in /etc/fstab (note the _netdev mount option to ensure the iSCSI LUN is mounted after networking has been brought up):
LABEL=/sc-node01 /var/lib/xen/images ext3 defaults,_netdev,noatime 0 0
And that’s it – you are in business.
Lastly, if you are interested here is the Virtual Connect configuration used to configure the blades. This configures blade 1A and 1B interfaces 1 and 2. Interface 1 is assigned untagged VLAN of 1050 (eth0) and tagged VLAN 1051 (eth0.1051). Interface 2 is assigned untagged VLAN 1052 (eth1) – which is the storage network.
add profile D4-C2-B01 -NoDefaultEnetConn -NoDefaultFcConn -NoDefaultFcoeConn add enet-connection D4-C2-B01 add enet-connection D4-C2-B01 add server-port-map D4-C2-B01:1 SC-Management VlanID=1050 Untagged=True add server-port-map D4-C2-B01:1 SC-VM VlanID=1051 add server-port-map D4-C2-B01:2 SC-iSCSI VlanID=1052 Untagged=True assign profile D4-C2-B01 enc0:1A add profile D4-C2-B02 -NoDefaultEnetConn -NoDefaultFcConn -NoDefaultFcoeConn add enet-connection D4-C2-B02 add enet-connection D4-C2-B02 add server-port-map D4-C2-B02:1 SC-Management VlanID=1050 Untagged=True add server-port-map D4-C2-B02:1 SC-VM VlanID=1051 add server-port-map D4-C2-B02:2 SC-iSCSI VlanID=1052 Untagged=True assign profile D4-C2-B02 enc0:1B
Disable pagefile – will it increase Windows Server performance?
If you have a windows box as a server and you want to squeeze as much performance out of it as possible. There is one very often overlooked tweak (pagefile).
Windows by default uses the pagefile as additional memory when your RAM runs out. Because it uses the hard drive, it’s a lot slower than your RAM.
Disabling the pagefile will speed up everything on your server. › Continue reading
How do I increase my Game Performance
Games often require you to have a fast computer. Especially newer games. If you encounter 25 FPS or lower in your games, then something is slowing it and affecting your game performance. You should (if possible) be running a minimum of 30FPS at all times or else it will be difficult to play the game smoothly.
The following steps will help you to increase your game performance:
1) Check your process list before starting your game. Often anti-virus software and other applications that read or write to the hard drive will slow down your game performance. Especially applications that defrag it, they really slow it down. › Continue reading
Scheduling a Service to run once per day.
If you need a service to run once per day at a specific time and then exit, you can do so with the following:
- Create your service as normal
- Set Settings -> Upon Program Exit -> Disabled (or Report the Termination)
- Set Scheduling -> Schedule a Restart -> At Specific Time
This will cause FireDaemon to run your app initially to completion. When the app quits FireDaemon doesn’t restart it. At the “Specific Time” the app is run again and the cycle continues.
Recent Posts
- Passwordless root SSH Public Key Authentication on CentOS 6
- Setting up DHCP on an Enslaved VLAN Bridge on CentOS Linux
- Identifying BlueArc Mercury M100 Hardware Revision
- BlueArc EVS Routing
- Disabling CIFS Authentication on a BlueArc EVS In Standalone Security Mode
- Running TeamSpeak 3 Server As A Service With FireDaemon
- Configuring iSCSI on CentOS 5.6
- Disable pagefile – will it increase Windows Server performance?
- How do I increase my Game Performance
- Scheduling a Service to run once per day.