Michael W. Lucas published his new book “SSH Mastery” (no link to an online store, get it from your preferred online or offline one in your part of the world).
Do you think you know a lot about SSH? I thought I did when Michael searched technical proof-readers for this book. I offered to have a look at his work in progress and he gently accepted (while I do not get money for this, I am one of the persons he thanks for the technical review in the beginning, so I am involved somehow and as such you should take the following with a grain of salt).
I already had user restrictions in place before the review, but now I narrowed down some restrictions based upon some conditionals. I already used SSH tunnels for various things before (where legally applicable), but I learned some additional VPN techniques with SSH. I already used multiple ssh-keys for various things, but Michael provides some interesting ways of handling a large-volume of ssh-keys over multiple machines. … I really hope that my review was as valuable for Michael, as it was for me to do the review.
He ends the book with “You now know more about SSH, OpenSSH and Putty than the vast majority of IT professionals! Congratulations”, and this is true, and all that in his writing style where you can come with a problem, read about it, and leave with a solution (normally with a little bit of entertainment in between).
I know a lot of people which work daily with SSH, and they know only a small part of what is presented in this book. In my opinion this book is a must-have for every System/Database/Application/Whatever Administrator in charge of something on an UNIX-like system, and even “normal users” of SSH (no matter if they use PuTTY, or a ssh command line program on an UNIX-like system (most probably it will be OpenSSH or a clone of it)) will get some helpful information from this book.
I can only recommend it.
I got a little bit of time to update my 3 year old work of adding static DTrace probes to the linuxulator.
The changes are not in HEAD, but in my linuxulator-dtrace branch. The revision to have a look at is r230910. Included are some DTrace scripts:
- script to check internal locks
- script to trace futexes
- script to generate stats for DTracified linuxulator parts
- script to check for errors:
- emulation errors (unsupported stuff, unknown stuff, …)
- kernel errors (resource shortage, …)
- programming errors (errors which can happen if someone made a mistake, but should not happen)
The programming-error checks give hints about userland programming errors respectively a hint about the reason of error return values due to resource shortage or maybe a wrong combination of parameters. An example error message for this case is “Application %s issued a sysctl which failed the length restrictions.\nThe length passed is %d, the min length supported is 1 and the max length supported is %d.\n”.
The stats-script (tailored specially to the linuxulator, but this can easily be extended to the rest of the kernel) can report about:
- number of calls to a kernel function per executable binary (not per PID!): allows to see where an optimization would be beneficial for a given application
- graph of CPU time spend in kernel functions per executable binary: together with the number of calls to this function this allows to determine if a kernel optimization would be beneficial / is possible for a given application
- graph of longest running (CPU-time!) kernel function in total
- timing statistics for the emul_lock
- graph of longest held (CPU-time!) locks
Unfortunately this can not be committed to HEAD as-is. The DTrace SDT provider can not handle probes which are added to the kernel after the SDT provider is already loaded. This means that you either have to compile the linuxulator statically into the kernel, or you have to load the SDT kernel module after the linuxulator module is loaded. If you do not respect this, you get a kernel panic on first access of one of the providers in the linuxulator (AFAIR this includes listing the probes available in the kernel).