Monthly Archives: September 2016

Configuring Passwordless PowerShell Remoting over SSH

Open Source PowerShell has been on fire, getting tons of community support and really making people think about what’s to come with a single language to manage a heterogenous data center.

To highlight this point, in my recent Pluralsight Play By Play Microsoft Open Source PowerShell on Linux and Mac with Jason Helmick and Jeffrey Snover I did a demo on using PowerShell remoting where I connected from a Linux machine to three other machines and retrieved lists of top processes from each…two Linux and one Windows. I used one script to accomplish this and no passwords. A simple implementation highlighting a very big idea. After, some people have asked…how did I do this without passwords? 

Open Source PowerShell Remoting uses SSH as its communication protocol, so when we connect to a remote system using PowerShell Remoting we’ll need to enter a password. Normally SSH requires passwords to log into remote systems but it also allows for what’s called passwordless authentication, which means users can log into remote systems without having to key in a password. It does this, securely, by using a key pair to authenticate the user to the server. Basically you generate a key pair, copy the public key to the remote server and there you have it…you no longer have to enter a password when you SSH into the remote system. Let’s see how this is done.

You need a couple things to set up this demo

  1. A user account with the same name on each computer – create a user on each machine, Linux and Windows, with the same username.
  2. OpenSSH configured on all hosts – easy on Linux. It’s there by default. On Windows check out this link. Once you complete the installation of OpenSSH on your Windows system, test logging into that system from a remote computer with SSH. This will use the password for a user on that Windows system (likely the one you just created in step 1). If that doesn’t work, you won’t be able to proceed.
  3. Open Source PowerShell installed on all hosts – check out this link here
  4. Enable PowerShell Remoting over SSH – check out this link here. Once you have this configured, be certain to test PowerShell remoting, using passwords. Test Linux to Linux and also Linux to Windows. 

Now once we have the ability to connect to our hosts with SSH and we’ve confirmed we can use PowerShell SSH Remoting, we can move on to configuring passwordless authentication. 

First, on your Linux machine (I’m using a Mac, but there literally is no difference here) you can use your existing public key if you have one, which is stored in your home directory in .ssh/id_rsa.pub or you can generate a new one. 

To generate a new SSH key pair on your Linux machine

  1. Type sshkeygen
  2. The program will ask you for a file name, just press enter
  3. It will then ask you for a passphrase, press enter again and once more to confirm
You should get output that looks like this:

Demo-MacBook-Pro:.ssh demo$ ssh-keygen 

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/demo/.ssh/id_rsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /Users/demo/.ssh/id_rsa.

Your public key has been saved in /Users/demo/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:g5SyXmke+OAmYSl4nxc4wcRnsyeDO6RE9/Q9FKlcpKY demo@demo-MacBook-Pro.local

The key’s randomart image is:

+—[RSA 2048]—-+

|   ..    .oo     |

|  .oo =. .+      |

| . .+*o=o=       |

|. ..oB=== o      |

|o.=o*.E+S  .     |

| +.=oO o .       |

|  . *.+          |

|   o .           |

|                 |

+—-[SHA256]—–+

 
Copy the public key from the Linux machine to the Windows Server

Now copy the contents of the id_rsa.pub file you just created to C:\Users\username\.ssh\authorized_keys on your Windows machine. Where username is the user you want to use for Remoting. You’ll likely copy and paste the contents of this file to the remote computer…if you do this ensure the contents are all on one line. I’m not going to go into how to configure this on Linux as there are plenty of blogs about how to do this on Linux – check it out here.
 
You’ll want to make sure you copy the same public key to all the hosts you’d like to authenticate with from this private key. In our case, the two Linux machines and the Windows machine have the same public key in the authorized_keys file on each server, inside user accounts with the same name.
 
Confirm you have Authorized Keys configured on your Windows SSH server
 
Now on the Windows machine in C:\Program Files\OpenSSH\sshd_config verify that this line is uncommented, which it should be by default. If not, uncomment it and restart the ssh service. This is the place SSH will look for keys when a user logs into the system via…SSH.

AuthorizedKeysFile .ssh/authorized_keys

Make sure that if you’re running SSH as a service, the account the service is running as had the ability to read this file. In my case the account NT SERVICE\SSHD needed read access.

Confirm SSH passwordless access from Linux (or Mac) to Windows

With that you should be able to connect from your Linux (or Mac) to your Windows machine from the machine where you generated your SSH key without any password. Likewise for your Linux machines.

Demo-MacBook-Pro:~ demo$ ssh demo@172.16.94.9

Microsoft Windows [Version 10.0.14393]

(c) 2016 Microsoft Corporation. All rights reserved.

 

demo@DESKTOP C:\Users\demo>

Let that sink in for a second, I just SSH’d into a Windows machine…

…and finally connect via PowerShell remoting over SSH with passwordless authentication

OK now we’re in the home stretch…we can now create a PowerShell remoting session over SSH with passwordless authentication. 

PS /Users/demo> Enter-PSSession-HostName 172.16.94.9 -UserName demo                                       

[172.16.94.9]: PS C:\Users\demo\Documents>

And there we have it we’re able to connect to using PowerShell Remoting over SSH without a password.

Questions about Linux? PowerShell? Please feel free to ask aen@centinosystems.com or on Twitter @nocentino

 

5 Must Haves Before You Start Consulting

Please join me at IT/Dev Connections on Oct. 12 at 8:00AM* where I’ll be hosting a Birds of a Feather session “Moving to Independent Consulting” Bring your questions!

*Yes, an 8:00AM session in Las Vegas, but if you’re serious about going out on your own…you’ll already be up :)

The most common questions I’m asked during networking sessions at technical conferences and events aren’t technical! People want to know what it’s like being an independent consultant. Things like how to get started and what to look out for are common themes.  So I wanted to share the some of the discussion points I bring up when I’m having these conversations. In this post I’m going to boil it down to the top 5 “must haves” before you start consulting, there’s certainly more…many books have been written about it!

  1. Defining Your Niche 

    This is what you’re going to sell, the thing that your client wants or needs. It’s crucial that you specialize in an area. For me I have a very wide breadth of knowledge but I also have extraordinary depth in many areas. This is due to the excessive :) amount of education and training I’ve put myself through and also my career experiences. That all makes me an exceptional problem solver. The domain of the problem doesn’t matter that much. Give me the information and I’ll work out a solution. But guess what, “problem solver” doesn’t sell! Why? Because when people are looking for consultants, they’re looking for someone to make their problems to go away. These are usually very well defined problems. So define what you’re exceptional at doing, that’s what you’re going to sell. Write it down. Try to build a paragraph out of those ideas. That will be your pitch to your client. This is such a crucial step. It defines who you are to your client. For me I’ve used marketing consultants and mentors to help define my niche. The consultants I’ve worked with are worth every penny and the mentors are invaluable. The funny thing is I’m still fine tuning this. 

  2. Finding the Right Client 

    Once you know what your niche is, you need to identify who you’re marketing to, the consumer of your services. I’d like to be able to say that this “must have” is the most important but they’re all so crucial to success. Who purchases your services and what does that client look like? For me, the people that want my services are Chief (CIO) or Director level people that have a well defined problem to solve that they can’t solve with their internal resources. This can be a system performance issue, high availability design related or an overall system scalability issue. These are the people that make the decisions and sign the contacts. 

    Now the people I work with are the individual contributors on the teams. The architects, engineers and administrators, we develop the solutions and solve the problems, together. What I’ve learned through the years is I like working in smaller teams that have big, interesting problems. So in this sense, size matters. Smaller teams are more agile and as a individual consultant I can affect more positive change in a smaller amount of time. This isn’t entirely going to exclude a potential client, but is something I look at closely when onboarding a new client. Because…personality matters! You need to find a group that you sync up with well. Would you want to go out after work with your team? For me that’s a big facet of finding the right client. Because when you’re in a conference room for hours working out a solution, if you get along with your client, everything will work better. 

    What this all boils down to is…don’t just take any work. This idea is core to your success. You need to be happy with the work you’re performing and who your performing it for. If you’re enjoying it, you’ll produce better results and your client will be happy. Simple enough.

  3. Pricing Your Services 

    You’re worth more than you think, for whatever reason it’s human nature not set your value accurately. It’s also our nature as consultants to want to make our clients happy. But when it comes to setting your rate…you both need to be happy. Think about it this way, if you give a client a huge discount today and later a perfect client comes along at your normal rate, who are you going to want to spend most of your time with? Your focus shifts and your original client isn’t getting the attention they deserve and their satisfaction decreases. Remember, we’re in the business of keeping clients happy! There’s tons of empirical data on the Internet for setting the actual dollar amount based on you’re skills so I won’t go into that. The key here is setting a value that you and your client are pleased with. After a while, your client will care less about your rate because you’re providing value. Solving problems, making their lives easier.

  4. Time Management

    I’m going to be honest, this is my Achilles heel. It’s hard. In fact, scheduling is proven to be NP Hard :) Again there’s tons of data in the web about this and here’s what I do. 

    Time blocking – most of my clients have me on a retainer. I work for them for a fixed amount of time each month (This ties in with pricing, longer term contracts mean better rates for clients and more consistent work for me). But we’re in IT and somethings will take longer than you’ve expected or sometimes something will blow up for one client when you’ve allocated that day to another client. So I allocate my calendar based on my commitments and leave a whole day, each week, for that potential skew. If a client loses time during their scheduled allocation because of a fire, I allocate time out of that extra day. 

    Every day make a list – every morning I sit down and literally write down in a notebook what I need to get done that day. If it’s a big project, break it down into smaller tasks and do those. Doing this provides you a metal boost, a sense of accomplishment. It motivates you to keep moving. 

    Get up early – I wake up around 4:30AM. Yea, don’t laugh. I use this time to wade the sea of email I get and make that list I just told you about. I also read blogs and do the social media thing during this time. It’s my time, the rest of the working day will be my clients’ time. 

    Outsource everything you don’t like doing – Find things you can get rid of and give them to someone else to do for you.

    Billing – in theory this is not completely outsourced as I do my own time and billing. I use Freshbooks for my accounting package, which makes this insanely easy. Freshbooks does all my timekeeping for billable hours, invoicing and expenses. It literally takes me 10 minutes to send bills to clients that include line item details of hours worked and expenses with receipts attached. 

    Get an accountant – taxes are hard and time consuming. I used to like doing them myself, but I found I spent three to four days a year working on this. Not an effective use of my time. 

     

  5. Protecting You and Your Client

    Find an attorney you trust – Have him/her write a general contract for your services with your terms. This will be the base for your negotiations with your client. You’ll send it over to them and if they have a legal team, which many clients do, they’ll send back a version with revisions and sent that right back to your attorney. I have my attorney review every contract, my eyes literally cross when I read them (Disclaimer: I am not an attorney, but I offer my experiences to you as a consultant).

    Insurance – Be certain to have some sort of protection for yourself, there’s many types of insurances for businesses. Some I’ve seen are general liability, professional liability and even cyber liability. On the grand scheme of things these things don’t cost a lot of money and can really help you out of something goes south!

I hope this post gets you started on your road to independent consulting. Take the time to sit down and think about what your motivations are, set some goals and like any technical project you’ve ever worked on build a plan and do all the thinking up front!

Check out these references I used in this post – 

The Secrets of Consulting  – Gerald Weinberg

Brent Ozar’s Personal Blog 

Open Source PowerShell – Play by Play

What’s going on here?

So last week you may have seen this picture on Twitter…it went a little crazy…and you may have been wondering what are we up to? Well, last week I had the pleasure of filming a Pluralsight Play By Play. A Play By Play is a course on Pluralsight but in a slightly different format than you may be used to. A Play By Play bring together industry experts to discuss and demonstrate an emerging technology. This Play by Play is on “Microsoft Open Source PowerShell – PowerShell on Linux and Mac” and is available now and is FREE! You do not have to be a subscriber!

Open Source PowerShell

Jason, Jeffrey and Anthony (me)

A Motley Crew

The purpose of this Play By Play is to bring to you insider knowledge of Open Source PowerShell. We discuss why this is important and also how it works. To do that Pluralsight pulled together a team to bring this to you.

What’s Covered in the Course

We dive deep into PowerShell’s architecture, the reasoning behind going Open Source, and also how you can leverage this in your data center. It’s not just talk, we show you with many live demos highlighting how really things work. The course is broken into 7 modules and since we’re all computer scientists, we start with Module 0…naturally.

  • Module 0Introduction
  • Module 1Open Source PowerShell – Architecture, concepts and getting started
  • Module 2PowerShell on Linux and Mac – An overview for the Linux pro of how PowerShell works
  • Module 3PowerShell Remoting – An overview for the Linux pro of how PowerShell Remoting works
  • Module 4Common Management Tasks – Common operations in Linux that can be done with PowerShell
  • Module 5Advanced Functions – Building higher level tooling with PowerShell
  • Module 6Desired State Configuration – What is DSC and how it works

The course is now available at Pluralsight

Personal Note

This was an incredible experience. I had to buckle down and learn PowerShell in about 6 weeks…I certainly didn’t want to make a fool of myself in front of the inventor of PowerShell and an industry recognized expert. The shoot lasted literally all day from 9-6PM. There’s a ton of material…you all will be very pleased. The key point to all of this is opening up PowerShell to multi-platform environments which is huge…TITANIC. This enables you to have one tool to manage a heterogenous data center. I’m taking this seriously and will continue to learn PowerShell. Thanks to Jason for guiding me along the way and sharing his knowledge with me you made this easy(er)! Thanks to Jeffrey for sharing your insight and vision. It was truly a pleasure. 

Behind the scenes!

Behind the scenes – Jason and Jeffrey

SQLMonitor Adds Graphical Query Plans!

The SQLMonitor team at Redgate has been releasing updates at a much more rapid rate…what’s this mean to you? More fixes and more features. In this latest release, they certainly added something special…Graphical Query Plans! Yes, right inside of SQLMonitor’s user interface. Why is this important?  Well for me, when I’m troubleshooting a performance issue…I usually start with identifying what system resource is being taxed and try to zoom in from there on the root cause. Now lets say the root cause is a poorly performing query, SQLMonitor let’s you find that query pretty easily, but stopped short when it came to diagnosing that actual performance issue in the query. 

In this article I’m going to show you how to drill down to find a graphical query plan for a poorly performing query!

In full disclosure, I’m a Friend of Redgate…but I can tell you this, I’ve been using SQLMonitor for a lot longer than I was a FoRG. I truly believe it’s a great product.

First up, download the new SQL Monitor latest release – here

Once installed and you’ve collected some data, navigate to the new server overview page by clicking on your server’s name. A couple things I want to point out to you on this page, first you get a clear layout of the critical system resources, CPU, memory and disk I/O, also included is Waits…all crucial information. With this you will be quickly able to determine if there is a resource problem. All the menus have context, so when you click on that spike in the CPU chart, the rest of the data on the page will change and adjust their data to that point in time.

New Server Overview

Figure 1: New Server Overview

Right below resource charts, there’s the list top 10 queries, this view has always been my go to spot to find “that query” that’s performing poorly. And since the data is all zoomed in on the point in time we clicked on in the previous chart we can sort the query list by CPU, physical or local I/O and both by average or total usage gives you the ability to quickly sort through tons of data and sift out that one query.

Top 10 Query List

Figure 2: Top 10 Query List

Now, once that we’ve zoomed in on “that query” causing you grief, you can select it on the left in the list by clicking on the row in the “query text” and that will bring up the query details on the right. With that window up, you get the full query text, any query level waits, and a plan hash to pull the query plan from the plan cache. But in the latest release of SQLMonitor there’s now a “View Query Plan” button. CLICK THAT!

Graphical Query Plan!

Figure 3: Query Details

Now you get a graphical query plan highlighting what just happened! Prior to this version SQLMonitor would get you all the way to this point and we had to grab the query hash and take that back into SSMS or other products for graphical analysis…that can be time consuming.

Query Plan!

Figure 4: Graphical Query Plan!

With this new functionality, SQLMonitor takes you all the all the way through your troubleshooting workflow from the reporting of your issue, enabling you to very quickly sift out the performance anomaly and help identify it’s cause.