http://www.ehow.com/how_7208875_connect-ubuntu-windows-crossover-cable.html
Windows:
1 Connect the crossover cable to the network port of both the Ubuntu and the Windows computers.
2 Go to the "Start" menu and type "netcpl.cpl" in the "Run" or "search programs and files" field and press "Enter."
3 Right-click on "Local Network connection" and select "Properties."
4 Select "TCP/IP V4" and click "Properties."
5 Select "Use the following IP address" and enter 192.168.1.1 in the "IP address" field.
6 Click on the "Subnet mask" field to fill it automatically. Click "OK."
Linux:
7 Press "CTRL + ALT + F1" to open a terminal.
8 Type "sudo ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up" and press "Enter."
9 Type your password and press "Enter."
10 Press "CTRL + ALT + F7" to go back to the graphical interface.
Showing posts with label Network. Show all posts
Showing posts with label Network. Show all posts
Thursday, August 16, 2012
Tuesday, March 27, 2012
Reuse SSH Connection To Speed Up Remote Login Process
/etc/ssh/ssh_config
host *
controlmaster autocontrolpath /tmp/ssh-%r@%h:%p
Monday, November 21, 2011
什麼是CGI、FastCGI、PHP-CGI、PHP-FPM、Spawn-FCGI?
http://www.linuxidc.com/Linux/2011-07/38108.htm
[日期:2011-07-05] 來源:Linux社區 作者:Linux
什麼是CGI
CGI全稱是「公共網關接口」(Common Gateway Interface),HTTP服務器與你的或其它機器上的程序進行「交談」的一種工具,其程序須運行在網絡服務器上。
CGI可以用任何一種語言編寫,只要這種語言具有標準輸入、輸出和環境變量。如php,perl,tcl等
什麼是FastCGI
FastCGI像是一個常駐(long-live)型的CGI,它可以一直執行著,只要激活後,不會每次都要花費時間去fork一次(這是CGI最為人詬病的fork-and-execute 模式)。它還支持分佈式的運算, 即 FastCGI 程序可以在網站服務器以外的主機上執行並且接受來自其它網站服務器來的請求。
FastCGI是語言無關的、可伸縮架構的CGI開放擴展,其主要行為是將CGI解釋器進程保持在內存中並因此獲得較高的性能。眾所周知,CGI解釋器的反覆加載是CGI性能低下的主要原因,如果CGI解釋器保持在內存中並接受FastCGI進程管理器調度,則可以提供良好的性能、伸縮性、Fail- Over特性等等。
FastCGI與CGI特點
1、如CGI,FastCGI也具有語言無關性.
2、如CGI, FastCGI在進程中的應用程序,獨立於核心web服務器運行,提供了一個比API更安全的環境。(APIs把應用程序的代碼與核心的web服務器鏈接在一起,這意味著在一個錯誤的API的應用程序可能會損壞其他應用程序或核心服務器; 惡意的API的應用程序代碼甚至可以竊取另一個應用程序或核心服務器的密鑰。)
3、FastCGI技術目前支持語言有:C/C++、Java、Perl、Tcl、Python、SmallTalk、Ruby等。相關模塊在Apache, ISS, Lighttpd等流行的服務器上也是可用的。
4、如CGI,FastCGI的不依賴於任何Web服務器的內部架構,因此即使服務器技術的變化, FastCGI依然穩定不變。
FastCGI的工作原理
1、Web Server啟動時載入FastCGI進程管理器(IIS ISAPI或Apache Module)
2、FastCGI進程管理器自身初始化,啟動多個CGI解釋器進程(可見多個php-cgi)並等待來自Web Server的連接。
3、當客戶端請求到達Web Server時,FastCGI進程管理器選擇並連接到一個CGI解釋器。Web server將CGI環境變量和標準輸入發送到FastCGI子進程php-cgi。
4、FastCGI子進程完成處理後將標準輸出和錯誤信息從同一連接返回Web Server。當FastCGI子進程關閉連接時,請求便告處理完成。FastCGI子進程接著等待並處理來自FastCGI進程管理器(運行在Web Server中)的下一個連接。 在CGI模式中,php-cgi在此便退出了。
在上述情況中,你可以想像CGI通常有多慢。每一個Web請求PHP都必須重新解析php.ini、重新載入全部擴展並重初始化全部數據結構。使用FastCGI,所有這些都只在進程啟動時發生一次。一個額外的好處是,持續數據庫連接(Persistent database connection)可以工作。
FastCGI的不足
因為是多進程,所以比CGI多線程消耗更多的服務器內存,PHP-CGI解釋器每進程消耗7至25兆內存,將這個數字乘以50或100就是很大的內存數。
Nginx 0.8.46+PHP 5.2.14(FastCGI)服務器在3萬並發連接下,開啟的10個Nginx進程消耗150M內存(15M*10=150M),開啟的64個php-cgi進程消耗1280M內存(20M*64=1280M),加上系統自身消耗的內存,總共消耗不到2GB內存。如果服務器內存較小,完全可以只開啟25個php-cgi進程,這樣php-cgi消耗的總內存數才500M。
什麼是PHP-CGI
PHP-CGI是PHP自帶的FastCGI管理器。
啟動PHP-CGI,使用如下命令:
1
php-cgi -b 127.0.0.1:9000
PHP-CGI的不足
1、php-cgi變更php.ini配置後需重啟php-cgi才能讓新的php-ini生效,不可以平滑重啟
2、直接殺死php-cgi進程,php就不能運行了。(PHP-FPM和Spawn-FCGI就沒有這個問題,守護進程會平滑從新生成新的子進程。)
什麼是PHP-FPM
PHP-FPM是一個PHP FastCGI管理器,是只用於PHP的,可以在 http://php-fpm.org/download下載得到.
PHP-FPM其實是PHP源代碼的一個補丁,旨在將FastCGI進程管理整合進PHP包中。必須將它patch到你的PHP源代碼中,在編譯安裝PHP後才可以使用。
現在我們可以在最新的PHP 5.3.2的源碼樹裡下載得到直接整合了PHP-FPM的分支,據說下個版本會融合進PHP的主分支去。相對Spawn-FCGI,PHP-FPM在CPU和內存方面的控制都更勝一籌,而且前者很容易崩潰,必須用crontab進行監控,而PHP-FPM則沒有這種煩惱。
PHP5.3.3已經集成php-fpm了,不再是第三方的包了。PHP-FPM提供了更好的PHP進程管理方式,可以有效控制內存和進程、可以平滑重載PHP配置,比spawn-fcgi具有更多有點,所以被PHP官方收錄了。在./configure的時候帶 –enable-fpm參數即可開啟PHP-FPM。
使用PHP-FPM來控制PHP-CGI的FastCGI進程
1
2
3
4
5
6
7
8
/usr/local/php/sbin/php-fpm{start|stop|quit|restart|reload|logrotate}
--start 啟動php的fastcgi進程
--stop 強制終止php的fastcgi進程
--quit 平滑終止php的fastcgi進程
--restart 重啟php的fastcgi進程
--reload 重新平滑加載php的php.ini
--logrotate 重新啟用log文件
什麼是Spawn-FCGI
Spawn-FCGI是一個通用的FastCGI管理服務器,它是lighttpd中的一部份,很多人都用Lighttpd的Spawn-FCGI進行FastCGI模式下的管理工作,不過有不少缺點。而PHP-FPM的出現多少緩解了一些問題,但PHP-FPM有個缺點就是要重新編譯,這對於一些已經運行的環境可能有不小的風險(refer),在php 5.3.3中可以直接使用PHP-FPM了。
Spawn-FCGI目前已經獨成為一個項目,更加穩定一些,也給很多Web 站點的配置帶來便利。已經有不少站點將它與nginx搭配來解決動態網頁。
最新的lighttpd也沒有包含這一塊了(http://www.lighttpd.net/search?q=Spawn-FCGI),但可以在以前版本中找到它。在lighttpd-1.4.15版本中就包含了(http://www.lighttpd.net/download/lighttpd-1.4.15.tar.gz)
目前Spawn-FCGI的下載地址是http://redmine.lighttpd.net/projects/spawn-fcgi,最新版本是http://www.lighttpd.net/download/spawn-fcgi-1.6.3.tar.gz
註:最新的Spawn-FCGI可以到lighttpd.net網站搜索「Spawn-FCGI」找到它的最新版本發佈地址
下面我們就可以使用Spawn-FCGI來控制php-CGI的FastCGI進程了
1
/usr/local/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -C 5 -u www-data -g www-data -f /usr/bin/php-CGI
參數含義如下:
-f 指定調用FastCGI的進程的執行程序位置,根據系統上所裝的PHP的情況具體設置
-a 綁定到地址addr
-p 綁定到端口port
-s 綁定到unix socket的路徑path
-C 指定產生的FastCGI的進程數,默認為5(僅用於PHP)
-P 指定產生的進程的PID文件路徑
-u和-g FastCGI使用什麼身份(-u 用戶 -g 用戶組)運行,Ubuntu下可以使用www-data,其他的根據情況配置,如nobody、apache等
PHP-FPM與spawn-CGI對比測試
PHP-FPM的使用非常方便,配置都是在PHP-FPM.ini的文件內,而啟動、重啟都可以從php/sbin/PHP-FPM中進行。更方便的是修改php.ini後可以直接使用PHP-FPM reload進行加載,無需殺掉進程就可以完成php.ini的修改加載
結果顯示使用PHP-FPM可以使php有不小的性能提升。PHP-FPM控制的進程cpu回收的速度比較慢,內存分配的很均勻。
Spawn-FCGI控制的進程CPU下降的很快,而內存分配的比較不均勻。有很多進程似乎未分配到,而另外一些卻佔用很高。可能是由於進程任務分配的不均勻導致的.而這也導致了總體響應速度的下降。而PHP-FPM合理的分配,導致總體響應的提到以及任務的平均。
PHP-FPM與Spawn-FCGI功能比較
http://php-fpm.org/about/
PHP-FPM、Spawn-FCGI都是守護php-cgi的進程管理器。
Thursday, September 08, 2011
Performance of Cipher and HMAC in OpenSSH
http://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/
Cipher: arcfour256 = arcfour128 > arcfour > blowfish > aes > 3des
HMAC: md5 (128) > sha-96 > sha1 (160)
Tuesday, September 06, 2011
vsFTPd and mount directories
http://radu.cotescu.com/vsftpd-and-symbolic-links/
1. create a directory inside user‘s chroot:
mkdir /tmp/harddisk/ftp_pvt/user/music
2. mount the folder you want user to access using the bind option:
mount --bind /tmp/harddisk/music /tmp/harddisk/ftp_pvt/user/music
Saturday, April 09, 2011
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
http://www.mail-archive.com/cygwin-xfree@cygwin.com/msg17927.html
Which means that ssh is going to use *trusted* X11 forwarding anyway,
because *untrusted* X11 forwarding depends on the Security (aka
XC-Security) extension, which has been disabled by default upstream.
Here's why:
Trusted X11 forwarding means that you trust the server that you wish to
ssh into is not using any keyloggers, screenshot utilities, packet
sniffers, or anything else to hijack your connection, in which case X11
will allow it to do whatever a local client would be able to do.
Untrusted X11 forwarding was meant to be a way to allow logins to
unknown or insecure systems. It generates a cookie with xauth and uses
the Security extension to limit what the remote client is allowed to do.
But this is widely considered to be not useful, because the Security
extension uses an arbitrary and limited access control policy, which
results in a lot of applications not working correctly and what is
really a false sense of security. This is true even today; I rebuilt
XWin with Security enabled and 'ssh -X' into my linux VM, and got
BadAccess errors from *any* GTK2 program. More on this subject:
http://www.openssh.com/faq.html#3.13
http://www.nsa.gov/selinuX/papers/x11/x93.html
Given the limited usefulness of untrusted X11 forwarding, *upstream* has
disabled it by default in favour of other security models, but it has
not yet been removed. So there are two options:
A) Leave things as they are now, with that warning advising people that
untrusted X11 forwarding is not available and that trusted mode is being
used instead. The warning can be silenced by using ssh -Y, since that
is what ssh -X is doing now anyway.
B) Re-enable the Security extension together with the openssh update,
and be swamped by questions that programs aren't running under ssh -X,
and have to tell everyone that ssh -X is generally broken anyway and
they should be using ssh -Y instead.
Unless someone can show me a case where something works correctly with
option (B) where it doesn't in (A), then I may reconsider, but otherwise
everyone now understands that the Security extension is not really
useful, not to be relied upon, and therefore is not available.
Too many Authentication Failures for user root
"Too many Authentication Failures for user root"
This means that Your SSH server's MaxAuthTries limit was exceeded. It happens so that Your client is trying to authenticate with all possible keys stored in /home/USER/.ssh/ .
This situation can be solved by these ways:
1. ssh -i /path/to/id_rsa root@host
2. Specify Host/IdentityFile pair in /home/USER/.ssh/config .
Host host
IdentityFile /home/USER/.ssh/id_rsa
This means that Your SSH server's MaxAuthTries limit was exceeded. It happens so that Your client is trying to authenticate with all possible keys stored in /home/USER/.ssh/ .
This situation can be solved by these ways:
1. ssh -i /path/to/id_rsa root@host
2. Specify Host/IdentityFile pair in /home/USER/.ssh/config .
Host host
IdentityFile /home/USER/.ssh/id_rsa
Wednesday, October 06, 2010
Tweak Linux TCP/IP
http://kaivanov.blogspot.com/2010/09/linux-tcp-tuning.html
Edit /etc/sysctl.conf
#It still loads the module but unhooks almost all of the calls into the module. net.ipv6.conf.all.disable_ipv6=1
# Allow reuse/recycling of TIME-WAIT sockets for new connections:
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# Enable TCP timestamps: (Timestamp add 12 bytes to the TCP headers. But, good for Gigabit network)
net.ipv4.tcp_timestamps = 1
# Enable TCP Selective/Forward Acknowledgements:
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
# Enable support for large TCP windows:
net.ipv4.tcp_window_scaling = 1
# Lower FIN timeout (default: 60):
net.ipv4.tcp_fin_timeout = 15
# Wait time between isAlive interval probes (default: 75, recommended: 15-30):
net.ipv4.tcp_keepalive_intvl = 15
# Number of probes before timing out (default: 9, recommended: 5):
net.ipv4.tcp_keepalive_probes = 5
# Maximum TCP Send Window:
net.core.wmem_max = 33554432
# Maximum TCP Receive Window:
net.core.rmem_max = 33554432
# Memory reserved for TCP rcv buffers (default: 4Kb 85Kb 4Mb):
net.ipv4.tcp_rmem = 4096 87380 33554432
# Memory reserved for TCP snd buffers (default: 4Kb 16Kb 4Mb):
net.ipv4.tcp_wmem = 4096 65536 33554432
# Explicit Congestion Notification
net.ipv4.tcp_ecn=1
# Not to cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
# To increase this for 10G NICS
net.core.netdev_max_backlog = 30000
# Use TCP VEGAS. Do modprobe tcp_vegas first!
net.ipv4.tcp_congestion_control = vegas
Edit /etc/sysctl.conf
#It still loads the module but unhooks almost all of the calls into the module. net.ipv6.conf.all.disable_ipv6=1
# Allow reuse/recycling of TIME-WAIT sockets for new connections:
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# Enable TCP timestamps: (Timestamp add 12 bytes to the TCP headers. But, good for Gigabit network)
net.ipv4.tcp_timestamps = 1
# Enable TCP Selective/Forward Acknowledgements:
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
# Enable support for large TCP windows:
net.ipv4.tcp_window_scaling = 1
# Lower FIN timeout (default: 60):
net.ipv4.tcp_fin_timeout = 15
# Wait time between isAlive interval probes (default: 75, recommended: 15-30):
net.ipv4.tcp_keepalive_intvl = 15
# Number of probes before timing out (default: 9, recommended: 5):
net.ipv4.tcp_keepalive_probes = 5
# Maximum TCP Send Window:
net.core.wmem_max = 33554432
# Maximum TCP Receive Window:
net.core.rmem_max = 33554432
# Memory reserved for TCP rcv buffers (default: 4Kb 85Kb 4Mb):
net.ipv4.tcp_rmem = 4096 87380 33554432
# Memory reserved for TCP snd buffers (default: 4Kb 16Kb 4Mb):
net.ipv4.tcp_wmem = 4096 65536 33554432
# Explicit Congestion Notification
net.ipv4.tcp_ecn=1
# Not to cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
# To increase this for 10G NICS
net.core.netdev_max_backlog = 30000
# Use TCP VEGAS. Do modprobe tcp_vegas first!
net.ipv4.tcp_congestion_control = vegas
Sunday, September 26, 2010
LPR vs Raw TCP/IP Printing Protocol
According to the below paper, Raw TCP/IP is more than 50% faster than LPR.
Comparative Efficiency Analysis of LPR and Raw TCP/IP Printing Protocols
Apple Talk is not support by my printer server TE100-MP2U.
My printer's SMB printer can not see by my Windows 7.
LPR is slow.
My printer server's Raw TCP/IP is not compatible with Windows 7.
Comparative Efficiency Analysis of LPR and Raw TCP/IP Printing Protocols
Apple Talk is not support by my printer server TE100-MP2U.
My printer's SMB printer can not see by my Windows 7.
LPR is slow.
My printer server's Raw TCP/IP is not compatible with Windows 7.
Monday, August 02, 2010
Transforming a Unused Laptop into a Secondary Monitor
Install ZoneScreen and make the desktop extended to the virtual monitor.
Then, use the ZS Wizard to set up a screen server on my Windows. Run the the client mode of ZS Wizard via Wine on my Linux laptop and connect it to the Windows box.
Note:
1. The latest ZoneScreen 1.0.11.0 did not show virtual monitor on my Windows XP and the SC Wizard did not show the cursor. Version 1.0.10.0 worked fine.
2. TightVNC 2.0.2 did not support projecting only secondary monitor to the VNC client (remmina 0.8.1 with libvncclient). UltraVNC 1.0.8.2 did not show my cursor in the client. RealVNC 4.1.3 refused to make connection.
Then, use the ZS Wizard to set up a screen server on my Windows. Run the the client mode of ZS Wizard via Wine on my Linux laptop and connect it to the Windows box.
Note:
1. The latest ZoneScreen 1.0.11.0 did not show virtual monitor on my Windows XP and the SC Wizard did not show the cursor. Version 1.0.10.0 worked fine.
2. TightVNC 2.0.2 did not support projecting only secondary monitor to the VNC client (remmina 0.8.1 with libvncclient). UltraVNC 1.0.8.2 did not show my cursor in the client. RealVNC 4.1.3 refused to make connection.
Wednesday, June 30, 2010
Folder Sharing via SMB Using Nautilus
Install nautilus-share
Edit /etc/samba/smb.conf
add "usershare owner only = False" under [global]
This also remove the error msg below
Nautilus-Share-Message: Called "net usershare info" but it failed: 'net usershare' returned error 255: net usershare: usershares are currently disabled
Edit /etc/samba/smb.conf
add "usershare owner only = False" under [global]
This also remove the error msg below
Nautilus-Share-Message: Called "net usershare info" but it failed: 'net usershare' returned error 255: net usershare: usershares are currently disabled
Thursday, April 15, 2010
Access Samba server under Linux
http://wiki.archlinux.org/index.php/Samba
In order to follow the symbolic link, nounix option need to be set while mounting
In order to follow the symbolic link, nounix option need to be set while mounting
Tuesday, March 30, 2010
數據傳輸優化篇
http://floss.blog.51cto.com/683157/138088
經過一個快速的簡單測試,可以明顯看到:建立ssh數據通道進行傳輸時,缺省使用的加密方式(3des-cbc為缺省優先選擇加密算法)和指定 arcfour(在openssl中為rc4)的傳輸速率相差很大,是否使用壓縮參數也差異顯著,大概有5倍左右的傳輸速率差異。
請取消如下參數:
-z壓縮選項,避免浪費CPU解壓縮計算資源。對於已經壓縮過或者可壓縮性很低的文件就不要使用此選項了。對於純文本或者有高壓縮率的文件可以考慮使用。但建立ssh加密通道時最好是別用了。鑑於目前大多數情況下的數據傳輸的實際使用場景,建議不要使用-z壓縮選項。
ssh的 cipher可用算法列表,同時也是缺省使用次序:3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blowfish-cbc, andcast128-cbc
尋找最快的加密算法的方法,用於選擇ssh的fastest cipher參數:openssl speed @ Linux hottie 2.6.33-ZEN #1 ZEN i686 Pentium M 1.73GHz
OpenSSL 0.9.8n 24 Mar 2010
built on: Wed Mar 24 14:21:12 UTC 2010
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 991.28k 2027.43k 2762.23k 3026.90k 3117.03k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 17233.64k 61935.82k 176811.69k 332014.81k 446297.79k
md5 14736.71k 49719.84k 131933.04k 225910.32k 285880.39k
hmac(md5) 13064.57k 44810.77k 123996.32k 219284.11k 285808.76k
sha1 13745.98k 42426.65k 97972.57k 144979.75k 495149056.00k
rmd160 33462768.00k 94506240.00k 201206784.00k 273613824.00k 310427648.00k
rc4 608679072.00k 712475264.00k 723046656.00k 750848000.00k 749789184.00k
des cbc 102333728.00k 109271168.00k 109681664.00k 110924800.00k 111853568.00k
des ede3 39130064.00k 39723776.00k 37981440.00k 39950336.00k 40148992.00k
idea cbc 73431808.00k 76847232.00k 76859904.00k 76259328.00k 78266368.00k
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 47297744.00k 49137408.00k 48640512.00k 49191936.00k 49963008.00k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 171583376.00k 171896128.00k 188671232.00k 187596800.00k 189677568.00k
cast cbc 93562608.00k 98648000.00k 98099456.00k 100521984.00k 100909056.00k
aes-128 cbc 86808912.00k 156550592.00k 215949824.00k 232400896.00k 241270784.00k
aes-192 cbc 80760080.00k 145644032.00k 180620800.00k 197377024.00k 203276288.00k
aes-256 cbc 76685536.00k 131800512.00k 159832576.00k 171541504.00k 172146688.00k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 26420976.00k 62012032.00k 106653440.00k 137116672.00k 149176320.00k
sha512 14625040.00k 58937472.00k 93570048.00k 137558016.00k 159031296.00k
aes-128 ige 188753024.00k 202563648.00k 204330752.00k 212256768.00k 215678976.00k
aes-192 ige 165618048.00k 174002048.00k 182565888.00k 183057408.00k 185917440.00k
aes-256 ige 146738864.00k 155212480.00k 155065600.00k 160993280.00k 162643968.00k
sign verify sign/s verify/s
rsa 512 bits 0.000000s 0.000000s 12423000.0 167908000.0
rsa 1024 bits 0.000000s 0.000000s 2662000.0 60169000.0
rsa 2048 bits 0.000002s 0.000000s 476000.0 16974000.0
rsa 4096 bits 0.000013s 0.000000s 79000.0 5638000.0
sign verify sign/s verify/s
dsa 512 bits 0.000000s 0.000000s 16075000.0 13642000.0
dsa 1024 bits 0.000000s 0.000000s 5969000.0 5000000.0
dsa 2048 bits 0.000001s 0.000001s 1914000.0 1616000.0
kuro Windows 7 x64, Duo Core 1.73GHz
Cygwin won most of the time.
Cygwin
OpenSSL 0.9.8n 24 Mar 2010
built on: Wed Mar 24 16:07:40 CET 2010
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=1000 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 1774.03k 3806.61k 5098.23k 5670.10k 5977.21k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 15973.63k 53201.90k 158294.55k 335919.95k 534955.83k
md5 13512.23k 46812.05k 134339.46k 242230.53k 317048.99k
hmac(md5) 18015.69k 66210.28k 157862.22k 245168.59k 326490.18k
sha1 13086.19k 39198.67k 106817.64k 188203.38k 239562.27k
rmd160 10359.44k 33694.52k 75268.00k 107819.28k 122044.75k
rc4 170165.79k 202053.91k 172411.94k 164065.48k 155313.36k
des cbc 40737.24k 36721.55k 40984.41k 43932.35k 41196.70k
des ede3 15602.36k 14746.06k 15628.67k 15607.67k 15760.96k
idea cbc 0.00 0.00 0.00 0.00 0.00
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 17066.69k 18998.16k 18431.05k 18941.11k 17674.04k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 63177.65k 71263.58k 68140.47k 67408.52k 70304.23k
cast cbc 47026.79k 46374.28k 53050.68k 53212.97k 53370.47k
aes-128 cbc 47917.46k 77158.00k 91592.10k 92582.39k 90879.23k
aes-192 cbc 42802.48k 69055.47k 77293.81k 79001.38k 71507.92k
aes-256 cbc 53991.53k 60098.53k 69963.90k 64256.60k 73137.61k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 11226.08k 22969.67k 38357.49k 53051.41k 59428.24k
sha512 7520.37k 32957.11k 50212.74k 77590.36k 78861.94k
aes-128 ige 72018.82k 83387.35k 88261.68k 88866.87k 80829.01k
aes-192 ige 61859.70k 62520.99k 72114.72k 70603.63k 74340.16k
aes-256 ige 45764.42k 62939.78k 61760.09k 64189.15k 65952.27k
sign verify sign/s verify/s
rsa 512 bits 0.000588s 0.000051s 1701.8 19599.0
rsa 1024 bits 0.002769s 0.000133s 361.2 7533.5
rsa 2048 bits 0.014881s 0.000410s 67.2 2439.9
rsa 4096 bits 0.098602s 0.001237s 10.1 808.7
sign verify sign/s verify/s
dsa 512 bits 0.000536s 0.000568s 1865.2 1761.1
dsa 1024 bits 0.001261s 0.001487s 793.0 672.6
dsa 2048 bits 0.003805s 0.004673s 262.8 214.0
SUA
OpenSSL 0.9.8k 25 Mar 2009
built on: Thu Apr 16 03:25:54 EDT 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(ptr2)
compiler: cc -DOPENSSL_THREADS -D_REENTRANT -D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -DPEDANTIC
-O2 -Wall -DMD32_REG_T=int
available timing options: TIMES TIMEB HZ=1000 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 709.91k 1762.52k 1933.05k 2636.76k 2677.52k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 11568.97k 38903.77k 121203.14k 257570.52k 348330.04k
md5 9865.43k 34314.58k 104578.51k 192965.83k 258038.48k
hmac(md5) 10491.79k 35665.20k 103016.27k 192911.26k 257197.78k
sha1 10558.55k 36331.40k 97451.49k 147857.78k 229204.60k
rmd160 8884.38k 26725.55k 63539.54k 94661.58k 111342.82k
rc4 182501.91k 249617.41k 279596.45k 288812.45k 279937.32k
des cbc 27968.83k 30959.70k 30299.65k 30428.11k 29862.30k
des ede3 11671.23k 11787.71k 12167.52k 11829.22k 11040.56k
idea cbc 29184.18k 30357.28k 30381.87k 29988.57k 30637.70k
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 13889.31k 16599.00k 17466.36k 17473.64k 17469.56k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 52247.80k 54759.43k 57292.65k 58522.23k 55975.49k
cast cbc 41661.62k 43441.72k 45341.51k 45414.54k 46708.77k
aes-128 cbc 85900.89k 92138.74k 90629.98k 87379.41k 93412.20k
aes-192 cbc 70500.59k 78695.45k 77225.07k 81734.69k 72644.85k
aes-256 cbc 66963.42k 69092.83k 72163.20k 66184.76k 71614.02k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 9721.80k 26570.99k 55769.40k 75787.23k 86032.41k
sha512 7239.01k 28654.03k 58970.04k 98096.82k 125325.90k
aes-128 ige 89115.10k 95370.72k 96083.25k 96014.70k 91478.24k
aes-192 ige 79208.26k 82281.36k 81975.97k 84082.65k 83136.15k
aes-256 ige 70663.06k 72209.75k 72236.99k 73232.75k 74348.90k
sign verify sign/s verify/s
rsa 512 bits 0.000723s 0.000068s 1382.8 14758.1
rsa 1024 bits 0.004020s 0.000205s 248.7 4871.5
rsa 2048 bits 0.026289s 0.000773s 38.0 1293.9
rsa 4096 bits 0.177732s 0.002829s 5.6 353.4
sign verify sign/s verify/s
dsa 512 bits 0.000662s 0.000787s 1509.7 1271.0
dsa 1024 bits 0.002054s 0.002550s 486.9 392.2
dsa 2048 bits 0.007379s 0.009024s 135.5 110.8
經過一個快速的簡單測試,可以明顯看到:建立ssh數據通道進行傳輸時,缺省使用的加密方式(3des-cbc為缺省優先選擇加密算法)和指定 arcfour(在openssl中為rc4)的傳輸速率相差很大,是否使用壓縮參數也差異顯著,大概有5倍左右的傳輸速率差異。
請取消如下參數:
-z壓縮選項,避免浪費CPU解壓縮計算資源。對於已經壓縮過或者可壓縮性很低的文件就不要使用此選項了。對於純文本或者有高壓縮率的文件可以考慮使用。但建立ssh加密通道時最好是別用了。鑑於目前大多數情況下的數據傳輸的實際使用場景,建議不要使用-z壓縮選項。
ssh的 cipher可用算法列表,同時也是缺省使用次序:3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blowfish-cbc, andcast128-cbc
尋找最快的加密算法的方法,用於選擇ssh的fastest cipher參數:openssl speed @ Linux hottie 2.6.33-ZEN #1 ZEN i686 Pentium M 1.73GHz
OpenSSL 0.9.8n 24 Mar 2010
built on: Wed Mar 24 14:21:12 UTC 2010
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 991.28k 2027.43k 2762.23k 3026.90k 3117.03k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 17233.64k 61935.82k 176811.69k 332014.81k 446297.79k
md5 14736.71k 49719.84k 131933.04k 225910.32k 285880.39k
hmac(md5) 13064.57k 44810.77k 123996.32k 219284.11k 285808.76k
sha1 13745.98k 42426.65k 97972.57k 144979.75k 495149056.00k
rmd160 33462768.00k 94506240.00k 201206784.00k 273613824.00k 310427648.00k
rc4 608679072.00k 712475264.00k 723046656.00k 750848000.00k 749789184.00k
des cbc 102333728.00k 109271168.00k 109681664.00k 110924800.00k 111853568.00k
des ede3 39130064.00k 39723776.00k 37981440.00k 39950336.00k 40148992.00k
idea cbc 73431808.00k 76847232.00k 76859904.00k 76259328.00k 78266368.00k
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 47297744.00k 49137408.00k 48640512.00k 49191936.00k 49963008.00k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 171583376.00k 171896128.00k 188671232.00k 187596800.00k 189677568.00k
cast cbc 93562608.00k 98648000.00k 98099456.00k 100521984.00k 100909056.00k
aes-128 cbc 86808912.00k 156550592.00k 215949824.00k 232400896.00k 241270784.00k
aes-192 cbc 80760080.00k 145644032.00k 180620800.00k 197377024.00k 203276288.00k
aes-256 cbc 76685536.00k 131800512.00k 159832576.00k 171541504.00k 172146688.00k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 26420976.00k 62012032.00k 106653440.00k 137116672.00k 149176320.00k
sha512 14625040.00k 58937472.00k 93570048.00k 137558016.00k 159031296.00k
aes-128 ige 188753024.00k 202563648.00k 204330752.00k 212256768.00k 215678976.00k
aes-192 ige 165618048.00k 174002048.00k 182565888.00k 183057408.00k 185917440.00k
aes-256 ige 146738864.00k 155212480.00k 155065600.00k 160993280.00k 162643968.00k
sign verify sign/s verify/s
rsa 512 bits 0.000000s 0.000000s 12423000.0 167908000.0
rsa 1024 bits 0.000000s 0.000000s 2662000.0 60169000.0
rsa 2048 bits 0.000002s 0.000000s 476000.0 16974000.0
rsa 4096 bits 0.000013s 0.000000s 79000.0 5638000.0
sign verify sign/s verify/s
dsa 512 bits 0.000000s 0.000000s 16075000.0 13642000.0
dsa 1024 bits 0.000000s 0.000000s 5969000.0 5000000.0
dsa 2048 bits 0.000001s 0.000001s 1914000.0 1616000.0
kuro Windows 7 x64, Duo Core 1.73GHz
Cygwin won most of the time.
Cygwin
OpenSSL 0.9.8n 24 Mar 2010
built on: Wed Mar 24 16:07:40 CET 2010
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -D_WINDLL -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
available timing options: TIMES TIMEB HZ=1000 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 1774.03k 3806.61k 5098.23k 5670.10k 5977.21k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 15973.63k 53201.90k 158294.55k 335919.95k 534955.83k
md5 13512.23k 46812.05k 134339.46k 242230.53k 317048.99k
hmac(md5) 18015.69k 66210.28k 157862.22k 245168.59k 326490.18k
sha1 13086.19k 39198.67k 106817.64k 188203.38k 239562.27k
rmd160 10359.44k 33694.52k 75268.00k 107819.28k 122044.75k
rc4 170165.79k 202053.91k 172411.94k 164065.48k 155313.36k
des cbc 40737.24k 36721.55k 40984.41k 43932.35k 41196.70k
des ede3 15602.36k 14746.06k 15628.67k 15607.67k 15760.96k
idea cbc 0.00 0.00 0.00 0.00 0.00
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 17066.69k 18998.16k 18431.05k 18941.11k 17674.04k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 63177.65k 71263.58k 68140.47k 67408.52k 70304.23k
cast cbc 47026.79k 46374.28k 53050.68k 53212.97k 53370.47k
aes-128 cbc 47917.46k 77158.00k 91592.10k 92582.39k 90879.23k
aes-192 cbc 42802.48k 69055.47k 77293.81k 79001.38k 71507.92k
aes-256 cbc 53991.53k 60098.53k 69963.90k 64256.60k 73137.61k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 11226.08k 22969.67k 38357.49k 53051.41k 59428.24k
sha512 7520.37k 32957.11k 50212.74k 77590.36k 78861.94k
aes-128 ige 72018.82k 83387.35k 88261.68k 88866.87k 80829.01k
aes-192 ige 61859.70k 62520.99k 72114.72k 70603.63k 74340.16k
aes-256 ige 45764.42k 62939.78k 61760.09k 64189.15k 65952.27k
sign verify sign/s verify/s
rsa 512 bits 0.000588s 0.000051s 1701.8 19599.0
rsa 1024 bits 0.002769s 0.000133s 361.2 7533.5
rsa 2048 bits 0.014881s 0.000410s 67.2 2439.9
rsa 4096 bits 0.098602s 0.001237s 10.1 808.7
sign verify sign/s verify/s
dsa 512 bits 0.000536s 0.000568s 1865.2 1761.1
dsa 1024 bits 0.001261s 0.001487s 793.0 672.6
dsa 2048 bits 0.003805s 0.004673s 262.8 214.0
SUA
OpenSSL 0.9.8k 25 Mar 2009
built on: Thu Apr 16 03:25:54 EDT 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(ptr2)
compiler: cc -DOPENSSL_THREADS -D_REENTRANT -D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -DPEDANTIC
-O2 -Wall -DMD32_REG_T=int
available timing options: TIMES TIMEB HZ=1000 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md2 709.91k 1762.52k 1933.05k 2636.76k 2677.52k
mdc2 0.00 0.00 0.00 0.00 0.00
md4 11568.97k 38903.77k 121203.14k 257570.52k 348330.04k
md5 9865.43k 34314.58k 104578.51k 192965.83k 258038.48k
hmac(md5) 10491.79k 35665.20k 103016.27k 192911.26k 257197.78k
sha1 10558.55k 36331.40k 97451.49k 147857.78k 229204.60k
rmd160 8884.38k 26725.55k 63539.54k 94661.58k 111342.82k
rc4 182501.91k 249617.41k 279596.45k 288812.45k 279937.32k
des cbc 27968.83k 30959.70k 30299.65k 30428.11k 29862.30k
des ede3 11671.23k 11787.71k 12167.52k 11829.22k 11040.56k
idea cbc 29184.18k 30357.28k 30381.87k 29988.57k 30637.70k
seed cbc 0.00 0.00 0.00 0.00 0.00
rc2 cbc 13889.31k 16599.00k 17466.36k 17473.64k 17469.56k
rc5-32/12 cbc 0.00 0.00 0.00 0.00 0.00
blowfish cbc 52247.80k 54759.43k 57292.65k 58522.23k 55975.49k
cast cbc 41661.62k 43441.72k 45341.51k 45414.54k 46708.77k
aes-128 cbc 85900.89k 92138.74k 90629.98k 87379.41k 93412.20k
aes-192 cbc 70500.59k 78695.45k 77225.07k 81734.69k 72644.85k
aes-256 cbc 66963.42k 69092.83k 72163.20k 66184.76k 71614.02k
camellia-128 cbc 0.00 0.00 0.00 0.00 0.00
camellia-192 cbc 0.00 0.00 0.00 0.00 0.00
camellia-256 cbc 0.00 0.00 0.00 0.00 0.00
sha256 9721.80k 26570.99k 55769.40k 75787.23k 86032.41k
sha512 7239.01k 28654.03k 58970.04k 98096.82k 125325.90k
aes-128 ige 89115.10k 95370.72k 96083.25k 96014.70k 91478.24k
aes-192 ige 79208.26k 82281.36k 81975.97k 84082.65k 83136.15k
aes-256 ige 70663.06k 72209.75k 72236.99k 73232.75k 74348.90k
sign verify sign/s verify/s
rsa 512 bits 0.000723s 0.000068s 1382.8 14758.1
rsa 1024 bits 0.004020s 0.000205s 248.7 4871.5
rsa 2048 bits 0.026289s 0.000773s 38.0 1293.9
rsa 4096 bits 0.177732s 0.002829s 5.6 353.4
sign verify sign/s verify/s
dsa 512 bits 0.000662s 0.000787s 1509.7 1271.0
dsa 1024 bits 0.002054s 0.002550s 486.9 392.2
dsa 2048 bits 0.007379s 0.009024s 135.5 110.8
Saturday, March 13, 2010
How to disable Windows Vista/7 from probing the internet via msftncsi?
Set the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing to 0
Windows Vista/7 will no longer probe for internet connectivity, but you also lose the 'earth' overlaid on the internet connectivity.
Windows Vista/7 will no longer probe for internet connectivity, but you also lose the 'earth' overlaid on the internet connectivity.
Saturday, February 27, 2010
Disabling IP v6 in Linux (Kernel 2.6)
In /etc/modprobe.d/modprobe.conf, add a line
alias net-pf-10 off
alias net-pf-10 off
Friday, February 19, 2010
No Half-Open TCP Connections Limitation in Win7 and Vista SP2
Windows Vista SP2跟 Windows 7 RTM 已經沒有 TCP 半開放式連線數上限的限制了
都不需要補丁
http://www.mydigitallife.info/2009/06/07/half-open-outbound-tcp-connections-limit-removed-in-windows-7-and-vista-sp2-no-patch-required/
都不需要補丁
http://www.mydigitallife.info/2009/06/07/half-open-outbound-tcp-connections-limit-removed-in-windows-7-and-vista-sp2-no-patch-required/