Add to del.icio.us     Digg this

July 24, 2008

(Continued from the previous page)

Tip No. 5: Getting back the SSH root password:

You simply forgot your SSH root password. Happens to all of us, right? Will you have to 'scrap' and reinstall the whole server? Sadly enough, there really ARE some people that would do this to get them out of this embarassing situation... But it's extremely easy to get on the server and change the password.

Note that this may NOT work in all cases, like if for example you made a GRUB password and forgot that too, but here's how you do it in a normal manner with a CentOS Linux server example:

First reboot the whole system! When it reboots, you'll come to the GRUB screen as shown below.

Now, simply move the arrow key so that you stay on this screen instead of proceeding all the way to a normal boot. Next, select the kernel that will boot with the arrow keys, and type E to edit the kernel line. You'll then see something like this:

Now, simply use the arrow key again to highlight the line that begins with the kernel, and press E to edit the kernel parameters. When you get to the screen shown below, just append the number 1 to the arguments as shown here:

After that, simply enter (press) B and the Linux kernel will boot up to single-user mode! Once there you can simply run the passwd command, changing the password for user root:

# passwd
# new UNIX password:
# retype new UNIX password:
# passwd: all authentication tokens updated successfully!

Now you can now safely reboot the server and it WILL actually reboot with your new password!

Tip No. 6: Actual remote VNC session through an SSH tunnel

Virtual Network Computing (VNC for short) has been around for ages now. Some sys admins find themselves needing to use it when the remote server has some type of graphical program that is only available on that specific server!

For instance, let's suppose that in Tip No. 1 above, ginger was/is a storage server. Today, there are many storage devices that come with a GUI interface to manage the storage controllers. Often these GUI management tools need a direct connection to the storage through a network that is at times kept in a very 'private' subnet.

So, the only 'sure' way to access this GUI is to do it from the 'ginger' example in Tip No. 1 above... You can try login into SSH inside ginger with the -X option and launch it that way, but often times the Internet bandwidth required is way too much, and you'll get frustrated waiting for it to appear and 'settle'. VNC is a very network-friendly tool and is readily available for nearly all Linux operating systems.

So now let's assume that the setup is the same as in Tip No. 1 above, but you want tech to be able to get VNC access instead of SSH. In that case, you will do something similar but forward VNC ports instead... Here's the correct way of doing this:

Start a VNC server session on ginger. This is done by running these commands:

root@ginger:~# vncserver -geometry 1024x768 -depth 24 :99

The options above simply tell the VNC server to start up with a resolution of 1024 x 768 and a pixel depth of 24 bits. If you are using a really slow connection setting, 8 would possibly be a better option. Using :99 specifies the port the VNC server will be accessible from. The VNC protocol starts at 5900 so specifying :99 means the server is accessible from port 5999.

When you start the above session, you'll be asked to specify a password. The user ID will be the same user that you launched the VNC server from. In our case, this is root. So here's the SSH instance from ginger to blackbox.example.com forwarding the port 5999 on blackbox to ginger. This is done from ginger by running the following command:

root@ginger:~# ssh -R 5999:localhost:5999 thedude@blackbox.example.com

Once you run that command, you'll need to keep this SSH session open in order to keep the port forwarded to ginger, otherwise it just won't work... At that point, if you were on blackbox, you could now access the VNC session on ginger by just running:

thedude@blackbox:~$ vncviewer localhost:99

That would simply forward the port through SSH to ginger. But we're interested in letting 'tech' get VNC access to ginger. So to accomplish this, you'll need another tunnel. From tech, you open a tunnel via SSH to forward your port 5999 to port 5999 on blackbox. This would be done by running:

root@tech:~# ssh -L 5999:localhost:5999 thedude@blackbox.example.com

This time the SSH flag we used was -L, which instead of pushing 5999 to blackbox, pulled from it. Once you are in on blackbox, you'll need to leave this session open, however. Now you're ready to VNC from tech. Enjoy! From tech, VNC to ginger by running this specific command:

root@tech:~# vncviewer localhost:99

The user 'tech' will now have a VNC session directly to ginger. While the effort might seem like a bit much to set up, it beats running all over the city to fix the storage arrays. Additionally, if you practice this just a few times, it becomes quite easy, really!

Simply let us add a little tip to this tip: If user 'tech' was running the Windows operating system and didn't have a command-line SSH client, then tech could run Putty. The small 'Putty interface' can be set to forward SSH ports by looking in the options in the sidebar. If the port were 5902 instead of our example of 5999, then you would enter something like this:

If this was set up exactly as depicted above, then 'tech' could really VNC to localhost:2 just as if tech were running the Linux operating system all by himself!

Tip No. 7: Checking your Internet bandwidth. Just HOW much is it exactly?

Ok, let's imagine this little scenario: Company Z has a storage server named ginger and it is being NFS-mounted by a client node named alleluia. Company Z has decided they really want to get more bandwidth out of ginger because they have lots of nodes they want to have NFS mount ginger's shared filesystem.

So far, so good, right? The most common and cheapest way to do this is to literally 'bond' two Gigabit ethernet NIC cards together! This is a lot cheaper simply because it means you will usually have an extra on-board NIC and an extra port on your switch somewhere...

So let's just do this. But now the question is: How much bandwidth do they really have? And Gigabit Ethernet has a theoretical limit of 128MBps... Where does that number come from?

Well, 1Gb = 1024Mb; 1024Mb/8 = 128MB; "b" = "bits," "B" = "bytes" Get it? However, what is it that we actually really see and what is an accurate, sure way to measure it? One tool we suggest is iperf. You can get iperf like this:

# wget http://dast.nlanr.net/Projects/Iperf2.0/iperf-2.0.2.tar.gz

However, you will need to install it on a shared filesystem that both ginger and beckham can see, or simply compile and install on both nodes. We will compile it in the home directory of the user that is viewable on both nodes:

tar zxvf iperf*gz
cd iperf-2.0.2
./configure -prefix=/home/bob/perf
make
make install

On ginger, simply run:

# /home/bob/perf/bin/iperf -s -f M

This machine simply will act as the server and print out performance speeds in Mbps. On the beckham node, run:

# /home/bob/perf/bin/iperf -c ginger -P 4 -f M -w 256k -t 60

You will be able to see the respective outputs in both screens telling you what the speed / Internet bandwidth really is. On a normal server with a Gigabit Ethernet adapter, you will probably see about 112 MBps, maybe a tad more. This is normal as bandwidth is lost in the TCP stack and physical Cat 5 or Cat 6 cables. By connecting two servers back-to-back, each with two bonded Ethernet cards, it is possible to get about 220 MBps, or sometimes 5 or 10 percent more...

What you are seeing here with NFS on bonded networks is around 150 to about 160 MBps. Still, this gives you us a good indication that our Internet bandwidth is going to be about what we had expected at the beginning. If you see something much less, then you should check for a problem.

We recently ran into a problem in which the bonding driver was used to bond two network interface cards that used different drivers. The performance was extremely sluggish and slow (very slow), leading to about just 20 MBps in Internet bandwidth, less than they would have gotten had they not bonded the Ethernet cards all together.

(Continued from the previous page)

(Please click here to read page 3 of this article)

Source: The Web Hosting Forum.

Add to del.icio.us     Digg this

ADVERTISERS:
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development, professional Web hosting services, Linux security, Linux Web development, etc. Inquire about our reasonable advertising rates on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.