Linux uses controlpersist to speed up SSH connections to improve efficiency

Time:2022-1-8

During the migration of server configuration management in Linux system, the SSH connection speed is a headache, and too slow affects the efficiency. What methods can speed up the SSH connection speed? It can be realized through controlpersist. The following small series will give you a brief introduction.

linux如何使用ControlPersist加快SSH连接速度

At present, the server configuration management in the project has been migrated from puppet to ansible, and the problem of slow SSH channel, which was previously thought not to cause trouble, has been exposed obviously.

Because hundreds of servers need to be updated at the same time, many servers are not in the same IDC room as ansible host.

Opening the SSH controlmaster and persisting the socket connection can accelerate the execution speed of ansible without going through SSH authentication every time. A single server may save only about 1 second, while hundreds of servers can save about 1 minute.

However, to enable this function, you must install a newer version of openssh, and most of our hosts are CentOS 6 4 x86_ 64. The default version is too old, and the version in the official Yum warehouse is also very old.

Considering that this function only needs the support of the client and does not need to be installed on each server, we downloaded the latest openssh source code package, packaged it into rpm and directly installed it on the ansible operation host.

Server environment:

  CentOS 6.4 x86_64 Minimal

1. Compile and generate openssh rpm

1.1 tools required for installation and compilation

  $ sudo yum -y groupinstall “Development tools”

  $ sudo yum -y install pam-devel rpm-build rpmdevtools zlib-devel krb5-devel tcp_wrappers tcp_wrappers-devel tcp_wrappers-libs

1.2 configuring RPM compilation environment

  $ cd /home/dong.guo

  $ mkdir rpmbuild

  $ cd rpmbuild

  $ mkdir -pv {BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS,TMP}

  $ cd /home/dong.guo

  $ vim .rpmmacros

  %_topdir /home/dong.guo/rpmbuild

  %_tmppath /home/dong.guo/TMP

1.3 upgrade OpenSSL to the latest

  $ sudo yum update openssl

1.4 compiling openssh rpm

1.4.1 download the source package

  $ cd /home/dong.guo/rpmbuild/SOURCES/

  $ wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz

  $ wget http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz.asc

  $ openssl dgst -sha1 openssh-6.6p1.tar.gz; echo b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e

1.4.2 configuring spec files

  $ cd /home/dong.guo/rpmbuild/SPECS

  $ tar xfz 。。/SOURCES/openssh-6.6p1.tar.gz openssh-6.6p1/contrib/redhat/openssh.spec

  $ mv openssh-6.6p1/contrib/redhat/openssh.spec openssh-6.6p1.spec

  $ rm -rf openssh-6.6p1

  $ sudo chown 74:74 openssh-6.6p1.spec

  $ sed -i -e “s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g” openssh-6.6p1.spec

  $ sed -i -e “s/%define no_x11_askpass 0/%define no_x11_askpass 1/g” openssh-6.6p1.spec

  $ sed -i -e “s/BuildPreReq/BuildRequires/g” openssh-6.6p1.spec

1.4.3 build rpm

  $ cd /home/dong.guo/rpmbuild/SPECS

  $ rpmbuild -ba openssh-6.6p1.spec

1.4.4 viewing the generated rpm

  $ cd /home/dong.guo/rpmbuild/RPMS/x86_64

  $ ls openssh-*

  openssh-6.6p1-1.x86_64.rpm openssh-clients-6.6p1-1.x86_64.rpm openssh-debuginfo-6.6p1-1.x86_64.rpm openssh-server-6.6p1-1.x86_64.rpm

1.4.5 installing the generated rpm

  $ cd /home/dong.guo/rpmbuild/RPMS/x86_64

  $ sudo rpm -e openssh-askpass

  $ sudo rpm -e openssh-ldap

  $ sudo rpm -Fvh openssh*6.6p1-1*rpm

  Preparing.。。 ########################################### [100%]

  1:openssh ########################################### [ 33%]

  2:openssh-clients ########################################### [ 67%]

  3:openssh-server warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew ##################################### [100%] 

1.4.6 viewing installed RPMs

  $ sudo rpm -qa | grep openssh

  openssh-clients-6.6p1-1.x86_64

  openssh-server-6.6p1-1.x86_64

  openssh-6.6p1-1.x86_64

2. Configure controlmaster

  $ cd /home/dong.guo

  $ vim .ssh/config

  Host *

  Compression yes

  ServerAliveInterval 60

  ServerAliveCountMax 5

  ControlMaster auto

  ControlPath ~/.ssh/sockets/%[email protected]%h-%p

  ControlPersist 4h

3. Download the CMC tool to manage sockets

  $ cd ~

  $ sudo yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

  $ sudo yum install git

  $ cd /home/dong.guo

  $ mkdir bin

  $ git clone https://github.com/ClockworkNet/cmc.git

  $ cp cmc/cmc bin/

4. Use and test

4.1 view current sockets

  $ cmc -l

  No ControlMaster connection sockets found.

4.2 statistics of the first execution time

  $ time ssh [email protected] ‘hostname -s’

  ec2-tokyo

  real 0m9.486s

  user 0m0.017s

  sys 0m0.015s

It takes 9.5 seconds

4.3 view current sockets

  $ cmc -l

  Master running (pid=32857, cmd=ssh: /home/dong.guo/.ssh/sockets/[email protected] [mux], start=19:19:05)

  Socket: /home/dong.guo/.ssh/sockets/[email protected]

4.4 count the execution time with socket

  $ time ssh [email protected] ‘hostname -s’

  ec2-tokyo

  real 0m0.240s

  user 0m0.004s

  sys 0m0.005s

It takes 0.24 seconds

4.5 delete all current sockets

  $ cmc -X

  - Closing ControlMaster connection

  Exit request sent.

4.6 count the execution time without socket

  ec2-tokyo

  real 0m9.468s

  user 0m0.016s

  sys 0m0.017s

It’s still 9.5 seconds

5. Conclusion

After the persistence of controlmaster is enabled, SSH saves the time of each verification and connection creation after establishing sockets.

When the network condition is not particularly ideal, especially in the case of cross Internet, the performance improvement is very considerable, and 9 seconds are saved in the above test.

Even if it is used inside the LAN, each server can save about 1 second. When hundreds of servers are operated at the same time, the time saved is also very considerable.

The above is how Linux uses controlpersist to speed up SSH connection. Although it only speeds up a little, it is still useful when there is a large amount.

Recommended Today

Proper memory alignment in go language

problem type Part1 struct { a bool b int32 c int8 d int64 e byte } Before we start, I want you to calculatePart1What is the total occupancy size? func main() { fmt.Printf(“bool size: %d\n”, unsafe.Sizeof(bool(true))) fmt.Printf(“int32 size: %d\n”, unsafe.Sizeof(int32(0))) fmt.Printf(“int8 size: %d\n”, unsafe.Sizeof(int8(0))) fmt.Printf(“int64 size: %d\n”, unsafe.Sizeof(int64(0))) fmt.Printf(“byte size: %d\n”, unsafe.Sizeof(byte(0))) fmt.Printf(“string size: %d\n”, […]