Shulou(Shulou.com)06/01 Report--

The main content of this article is to explain "using ControlPersist to speed up SSH connection under linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "using ControlPersist to speed up SSH connections under linux".

When the Linux system migrates the server configuration management, the connection speed of SSH is a headache, and too slow affects the efficiency, so is there any way to speed up the connection speed of SSH? Can be achieved through ControlPersist, the following editor to give you a brief introduction.

At present, the configuration management of the server in the project has all migrated from Puppet to Ansible, and the problem of slow SSH channel, which has always been thought to be untroubling, is very obvious.

Because many times you need to update hundreds of servers at the same time, many servers and Ansible hosts are not in the same IDC room.

Enabling the ControlMaster of SSH and persisting the socket connection can speed up the execution of Ansible without going through SSH authentication every time. A single server may save only about 1 second, while hundreds of servers can save about 1 minute.

But to turn on this feature, you must install a newer version of openssh, and most of our hosts are CentOS6.4 x86x64, the default version is too old and the version in the official yum repository is also very old.

Considering that this feature only needs the support of the client and does not need to be installed on every server, we downloaded the latest openssh source package and packaged it into RPM and installed it directly on the Ansible operating host.

Server environment:

CentOS 6.4 x86_64 Minimal

1. Compile and generate OpenSSH RPM

1.1 install the tools required for compilation

$sudo yum-y groupinstall "Development tools"

$sudo yum-y install pam-devel rpm-build rpmdevtools zlib-devel krb5-devel tcp_wrappers tcp_wrappers-devel tcp_wrappers-libs

1.2 configure the RPM compilation environment

$cd / home/dong.guo

$mkdir rpmbuild

$cd rpmbuild

$mkdir-pv {BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS,TMP}

$cd / home/dong.guo

$vim .rpmmacros

% _ topdir / home/dong.guo/rpmbuild

% _ tmppath / home/dong.guo/TMP

1.3 upgrade OpenSSL to the latest

$sudo yum update openssl

1.4 compiling OpenSSH RPM

1.4.1 download the source package

$cd / home/dong.guo/rpmbuild/SOURCES/

$wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz

$wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz.asc

$openssl dgst-sha1 openssh-6.6p1.tar.gz; echo b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e

1.4.2 configure the SPEC file

$cd / home/dong.guo/rpmbuild/SPECS

$tar xfz. / SOURCES/openssh-6.6p1.tar.gz openssh-6.6p1/contrib/redhat/openssh.spec

$mv openssh-6.6p1/contrib/redhat/openssh.spec openssh-6.6p1.spec

$rm-rf openssh-6.6p1

$sudo chown 74:74 openssh-6.6p1.spec

$sed-I-e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1gamg" openssh-6.6p1.spec

$sed-I-e "s/%define no_x11_askpass 0/%define no_x11_askpass 1gamg" openssh-6.6p1.spec

$sed-I-e "s/BuildPreReq/BuildRequires/g" openssh-6.6p1.spec

1.4.3 compile and generate RPM

$cd / home/dong.guo/rpmbuild/SPECS

$rpmbuild-ba openssh-6.6p1.spec

1.4.4 View the generated RPM

$cd / home/dong.guo/rpmbuild/RPMS/x86_64

$ls openssh-*

Openssh-6.6p1-1.x86_64.rpm openssh-clients-6.6p1-1.x86_64.rpm openssh-debuginfo-6.6p1-1.x86_64.rpm openssh-server-6.6p1-1.x86_64.rpm

1.4.5 install the generated RPM

$cd / home/dong.guo/rpmbuild/RPMS/x86_64

$sudo rpm-e openssh-askpass

$sudo rpm-e openssh-ldap

$sudo rpm-Fvh openssh*6.6p1-1*rpm

Preparing. . . # [100%]

1:openssh # [33%]

2:openssh-clients # [67%]

3:openssh-server warning: / etc/ssh/sshd_config created as / etc/ssh/sshd_config.rpmnew # #

1.4.6 View installed RPM

$sudo rpm-qa | grep openssh

Openssh-clients-6.6p1-1.x86_64

Openssh-server-6.6p1-1.x86_64

Openssh-6.6p1-1.x86_64

two。 Configure ControlMaster

$cd / home/dong.guo

$vim .ssh / config

Host *

Compression yes

ServerAliveInterval 60

ServerAliveCountMax 5

ControlMaster auto

ControlPath ~ / .ssh / sockets/%r@%h-%p

ControlPersist 4h

3. Download the cmc tool to manage sockets

$cd ~

$sudo yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

$sudo yum install git

$cd / home/dong.guo

$mkdir bin

$git clone https://github.com/ClockworkNet/cmc.git

$cp cmc/cmc bin/

4. Use and testing

4.1View current sockets

$cmc-l

No ControlMaster connection sockets found.

4.2 Statistics on the execution time of the first time

$time ssh rainbow@ 'hostname-s'

Ec2-tokyo

Real 0m9.486s

User 0m0.017s

Sys 0m0.015s

It takes 9.5 seconds

4.3 View current sockets

$cmc-l

Master running (pid=32857, cmd=ssh: / home/dong.guo/.ssh/sockets/rainbow@-22 [mux], start=19:19:05)

Socket: / home/dong.guo/.ssh/sockets/rainbow@-22

4.4 Statistics of execution time with socket

$time ssh rainbow@ 'hostname-s'

Ec2-tokyo

Real 0m0.240s

User 0m0.004s

Sys 0m0.005s

It takes 0.24 seconds

4.5 Delete all current sockets

$cmc-X

-Closing ControlMaster connection

Exit request sent.

4.6 Statistics of execution time without socket

Ec2-tokyo

Real 0m9.468s

User 0m0.016s

Sys 0m0.017s

It's still 9.5 seconds.

5. Conclusion

After enabling the persistence of ControlMaster, SSH saves time on each validation and connection creation after establishing the sockets.

In the network condition is not particularly ideal, especially across the Internet, the performance improvement is very considerable, in the above test saved 9 seconds.

Even if it is used within the local area network, each server saves about 1 second, and when operating hundreds of servers at the same time, the time saved is also very considerable.

At this point, I believe you have a deeper understanding of "using ControlPersist to speed up SSH connection speed under linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.