Getting ssh key authorization to work in linux

Client Side

On that machine that is acting as the ssh client you should run the following command to generate a public / private key pair. It will prompt you for the location of a file to be stored the default should be acceptable unless you already have another key generated.

ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/<username>/.ssh/id_rsa):

Created directory '/home/<username>/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/<username>/.ssh/id_rsa.

Your public key has been saved in /home/<username>/.ssh/id_rsa.pub.

The key fingerprint is:

5b:78:75:c2:58:0e:ff:89:c7:8c:0f:38:64:c0:e2:6b username@raspberrypi

The key's randomart image is:

You need to keep the private key private as this is what is going to effectively be your password. It doesn't matter if somebody see's the public key. It is setup this way so you can be granted access to a machine without ever having to exchange a password over the wire. As an example you could email the public key to another admin who already has access to the machine to install the key.

Server Side

On the machine that is acting as the ssh server you will need to copy the public key string that will have been generated on the client side in location "/home/<username>/.ssh/id_rsa.pub".

Once you add this to the file "/home/<username>/.ssh/authorized_keys" that the ssh authentication should work. If you are using multiple private keys and have a long list of authorization keys on the server it can be wise to comment which keys are from where. This is so that if there is an issue with a "privacy" of a key you know which one to remove at a later time.

Now that ssh works you can login to the machine by using ssh <username>@address. The username part can be omitted if the username on the destination host is the same as the current machine you are working at. As an added bonus it also will mean that scp will work if it is enabled on the server.

If you are tired of typing your password all the time and want to be able to sudo without using a password you can modify the sudo configuration so that you can always execute a command as root without a password.

Method 1 - For a single user

Edit the /etc/sudoers configuration file.

Add a line like this replacing the <username> with the correct user of course

<username> ALL=(ALL) NOPASSWORD: ALL

Method 2 - For multiple users

Create a new group on the system eg sudo or sudoers nu using the following command

groupadd <groupname>

Then add the usernames you want it to work for by using the following command

addgroup <usernames> <groupname>

Edit the /etc/sudoers configuration file and add the group to not use a password.

%<groupname> ALL=(ALL) NOPASSWORD: ALL

The above should work on debian and should only be used for trusted users as you have just given them root access without a password so some care should be taken!

I put together a simple program call tcp-bandwidth which measure performance over a data stream sent from the client to the server. So to do this test you will require two linux machines. eg the rasberry pi and another machine to act as a client or server.

Running the tool.

Download tcp-bandwidth-2012-12-01.c

Compile it using

gcc -Wall -O2 tcp-bandwidth.c -o tcp-bandwidth -lrt

You will need to repeat this on both the pi and the main machine.

On the pi run

./tcp-bandwidth 5000

On the main machine run

./tcp-bandwidth <pi ip address> 5000

Results - Machine -> PI

Speed: 6.529282 MBytes/Sec

Speed: 6.404114 MBytes/Sec

Speed: 6.443649 MBytes/Sec

Speed: 6.745232 MBytes/Sec

Speed: 6.453972 MBytes/Sec

On the main machine run

./tcp-bandwith 5000

On the pi run

./tcp-bandwidth <ip address of machine> 5000

Results - PI -> Machine

Speed: 6.398438 MBytes/Sec

Speed: 6.335938 MBytes/Sec

Speed: 6.109375 MBytes/Sec

Speed: 6.250000 MBytes/Sec

Speed: 6.320312 MBytes/Sec

Speed: 6.351562 MBytes/Sec

From this we know that the pi is capable of sending data at speeds > 6MBytes / sec or around 50MBit/sec. On an un-tuned tcp stack with the arm running at 700Mhz. Using around 30% cpu time (messured using top)

I would be interested if other people ran the tests and posted some of the results. If you do please include the client -> server speed, server -> client speed, cpu speed, whether its a 256Mb / 512Mb pi and if you have done any tuning / modifications of the Linux networking stack.

If people send in results i will put together a list of known configurations and performance results. Unfortunatly I have limited networking hardware to test with and is under load from other things in the enviroment which are probably knocking my results slightly.

Short example of using string stream in C++ to build a string.

#include <stdio.h>
#include <iostream>
#include <sstream>


int main(int argc, char **argv) {
    std::stringstream ss;

    ss << "Hello, World" << "\n" << 42 << "\n";


 std::string str = ss.str();

 std::cout << str;

    return 0;
}

This is a short guide on how to override malloc / free in C/C++ on linux so that custom tracing / logging can be used on the functions to detect double free's

It is actually very simple to do. All you require is a short program that is compiled into a shared lib. Then this lib is pre loaded before your program loads and instead of binding to the libc functions it will bind to the ones in the lib.

#include <stdio.h>
#include <dlfcn.h>

extern void abort();

void *malloc(int size) {
        void * (*ptr)(int);
        void * handle = (void*) -1;
        ptr = (void *) dlsym(handle, "malloc");
        if (ptr == NULL) {
                printf("Opps\n");
                abort();
        }
        void *alloc = (*ptr)(size);
        printf("Alloc = %p Size: %d\n", alloc, size);
        return alloc;
}

void *realloc(void *alloc, int size) {
        void * (*ptr)(void *, int);
        void * handle = (void*) -1;
        ptr = (void *) dlsym(handle, "malloc");
        if (ptr == NULL) {
                printf("Opps\n");
                abort();
        }
        alloc = (*ptr)(alloc, size);
        printf("Realloc = %p Size: %d\n", alloc, size);
        return alloc;
}

void free(void *alloc) {
        if (alloc == NULL)
                return;
        printf("free %p\n", alloc);
        void * (*ptr)(void *);
        void * handle = (void *) -1;
        ptr = (void *) dlsym(handle, "free");
        if (ptr == NULL)
                abort();

        (*ptr)(alloc);
}

You can compile the above with the following command

gcc -Wall sample.c -fPIC -shared -o libsample.so -lc -ldl

Then set the LD_LIBRARY_PATH= so that it includes the path to the location that the libsample.so is in.

Then set the LD_PRELOAD=libsample.so which will tell the dynamic lib loader to load that library first.

Then you can simply run your program.