How to fix "SSH is responding very slowly" ?

When we try to connect to other nodes in the cluster, SSH is responding very slowly. this is usually a dns issue, so we turn it off. For more information, please refer to: https://www.serverpronto.com/accounts/knowledgebase.php?action=displayarticle&id=16 

Solution

To test this issue, use:

1 2 arp -a # To check a lookup arp -an # To check for a reverse look up

To solve the issue, either update /etc/resolv.conf with the proper nameserver ip addresses or follow the steps below.

Update the ssh config:

1 sudo /etc/ssh/sshd_config

Find #useDNS yes

Replace with useDNS no

Restart the sshd service:

1 service sshd restart

How to fix "waagent logs disk space usage" ?

Sometimes, in the Azure environment, the waagent rsyslog can get out of control.

To Confirm

Look for the waagent in the process table and see it’s resource usage.

1 nice top -c

1 ps -ef | grep waagent

To Fix

Move the /etc/syslog.d/10-* files out of the way

• 1 2 mkdir -p /tmp/old-stuff mv /etc/syslog.d/10-* /tmp/old-stuff
• Restart rsyslogd
  1 sudo systemctl restart rsyslogd

When the system comes back, the waagent config files should be back in place and the system running much better.

TLS openssl check connection

IT sec would like to audit the TLS connection type provided by the web servers used by application

These instructions assume that you're using the RHEL or CentOS - like operating Systems.

Instructions

Use the standard openssl commands to check the connection type


TLS version 1.1 openssl s_client -tls1 -connect :443
TLS version 1.1 openssl s_client -tls1_1 -connect :443
TLS version 1.2 openssl s_client -tls1_2 -connect :443

Good Example

For this example, we used a self-signed cert, so your output may be a little different.

openssl s_client -tls1_2 -connect 1.2.3.4:443

CONNECTED(00000003)

depth=0 CN = 10.215.17.68
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = 10.215.17.68
verify return:1
---
Certificate chain

0 s:/CN=10.215.17.68

i:/CN=10.215.17.68

---

Server certificate

----BEGIN CERTIFICATE-----

[Server Certificate]

----END CERTIFICATE-----
subject=/CN=10.215.17.68
issuer=/CN=10.215.17.68

---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read X bytes and written Y bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA38
Session-ID: [64 char id]
Session-ID-ctx:
Master-Key: [Key Hash]
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:

[Returned TLS Key Hash]
Start Time: 1560364043
Timeout : 7200 (sec)

Verify return code: 18 (self signed certificate)

How to disable IPv6 Linux

On the node in question, become root then:

1 2 3 4 5 6 7 vi /etc/sysctl.conf # At the end, add: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # Save and quit

 To make this stick, execute:

1 sysctl -p

ssh connection speed test

Test ssh connection speed

#!/bin/bash
# scp-speed-test.sh

# Usage:
#   ./scp-speed-test.sh user@hostname [test file size in kBs]
#

ssh_server=$1
test_file=".scp-test-file"

# Optional: user specified test file size in kBs
if test -z "$2"
then
  # default size is 10kB ~ 10mB
  test_size="10000"
else
  test_size=$2
fi


# generate a 10000kB file of all zeros
echo "Generating $test_size kB test file..."
`dd if=/dev/zero of=$test_file bs=$(echo "$test_size*1024" | bc) \
  count=1 &> /dev/null`

# upload test
echo "Testing upload to $ssh_server..."
up_speed=`scp -v $test_file $ssh_server:$test_file 2>&1 | \
  grep "Bytes per second" | \
  sed "s/^[^0-9]*\([0-9.]*\)[^0-9]*\([0-9.]*\).*$/\1/g"`
up_speed=`echo "($up_speed*0.0009765625*100.0+0.5)/1*0.01" | bc`

# download test
echo "Testing download to $ssh_server..."
down_speed=`scp -v $ssh_server:$test_file $test_file 2>&1 | \
  grep "Bytes per second" | \
  sed "s/^[^0-9]*\([0-9.]*\)[^0-9]*\([0-9.]*\).*$/\2/g"`
down_speed=`echo "($down_speed*0.0009765625*100.0+0.5)/1*0.01" | bc`

# clean up
echo "Removing test file on $ssh_server..."
`ssh $ssh_server "rm $test_file"`
echo "Removing test file locally..."
`rm $test_file`

# print result
echo ""
echo "Upload speed:   $up_speed kB/s"
echo "Download speed: $down_speed kB/s"