|
|
Dropbear是一个相对较小的SSH服务器和客户端。是另一款ssh协议的开源实现;
主要功能:
类似于OpenSSH,实现完整的SSH客户端和服务器版本2协议。但它不支持SSH版本1,以节省空间和资源,并避免在SSH版本1的固有的安全漏洞。支持scp。
安装环境:
1、CentOS 7.2:
1
2
| [iyunv@CentOS7 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
|
2、安装开发环境,提供编译环境:
1
| [iyunv@CentOS7 ~]# yum groupinstall "Development Tools" "Server Plateform Development" -y
|
3、安装zlib依赖包文件,不然后续编译会报错:
1
| [iyunv@CentOS7 ~]# yum -y install zlib-devel
|
编译安装及配置:
1、下载dropbear:
1
2
3
4
5
6
7
8
9
| [iyunv@CentOS7 src]# wget http://matt.ucc.asn.au/dropbear/dropbear-2016.74.tar.bz2
--2016-11-08 16:56:44-- http://matt.ucc.asn.au/dropbear/dropbear-2016.74.tar.bz2
正在解析主机 matt.ucc.asn.au (matt.ucc.asn.au)... 130.95.13.18, 2405:3c00:5200:100::18
正在连接 matt.ucc.asn.au (matt.ucc.asn.au)|130.95.13.18|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1622234 (1.5M) [application/x-bzip2]
正在保存至: “dropbear-2016.74.tar.bz2”
100%[======================================>] 1,622,234 539KB/s 用时 2.9s
2016-11-08 16:56:50 (539 KB/s) - 已保存 “dropbear-2016.74.tar.bz2” [1622234/1622234])
|
2、解压dropbear-2016.74.tar.bz2
1
| [iyunv@CentOS7 src]# tar xf dropbear-2016.74.tar.bz2
|
3、编译/安装dropbear:
1)运行configure脚本:
1
2
3
| [iyunv@CentOS7 dropbear-2016.74]# ./configure prefix=/usr/local/dropbear --sysconfdir=/etc/dropbear --disable-pam
显示如下信息表示./configure运行成功,提示编辑options.sh文件选择功能,在此文件中可以设置监听的端口号:
configure: Now edit options.h to choose features.
|
2)运行make命令,完成项目构件:
1
| [iyunv@CentOS7 dropbear-2016.74]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
|
3)运行make install命令,完成安装:
1
2
3
4
5
6
7
| [iyunv@CentOS7 dropbear-2016.74]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
Dropbearkey是用来生成公钥的;
Dropbearconvert是用来与openssh转换的;
Dbclient可以用来连接远程的服务器;
用法:#./dbclient username@192.168.99.214
Scp可以向远程的服务器写文件和取文件;
用法:#./scp /home/bin/a.log username@192.168.99.214:/home/working
|
4、配置系统环境变量:
1
2
3
4
| [iyunv@CentOS7 ~]# vim /etc/profile.d/dropbear.sh
[iyunv@CentOS7 ~]# cat /etc/profile.d/dropbear.sh
export PATH=/usr/local/dropbear/bin:/usr/local/dropbear/sbin/:$PATH
[iyunv@CentOS7 ~]# . /etc/profile.d/dropbear.sh
|
5、配置dropbear服务器端:
1
2
3
4
5
6
7
8
9
| # dropbear -h
-r keyfile Specify hostkeys (repeatable)
defaults:
dss /etc/dropbear/dropbear_dss_host_key
rsa /etc/dropbear/dropbear_rsa_host_key
ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R Create hostkeys as required
-F Don't fork into background
-E Log to stderr rather than syslog
|
(1)sshd服务器都需要公钥,生成公钥:
1
2
3
4
| # mkdir /etc/dropbear
# cd /etc/dropbear
# dropbearkey -t dss -f dropbear_dss_host_key //生成dss密钥文件
# dropbearkey -t rsa -s 2048 -f dropbear_rsa_host_key //生成rsa密钥文件
|
(2)启动dropbear:
启动dropbear命令进程时注意监听的端口号:
方法1:使用-p选项指定监听的端口:
1
| [iyunv@CentOS7 ~]# dropbear -p 2022
|
方法2:在编译dropbear之前,修改options.sh文件中:
1
2
| define DROPBEAR_DEFPORT "22" 改为 define DROPBEAR_DEFPORT "2022"
或执行:# sed -i 's/22/2022/g' options.h
|
启动dropbear: 1
| [iyunv@CentOS7 ~]# dropbear -p 2022
|
查看端口是否监听成功:
1
2
3
| [iyunv@CentOS7 ~]# ss -tnlp | grep :2022
LISTEN 0 128 *:2022 *:* users:(("dropbear",pid=27687,fd=4))
LISTEN 0 128 :::2022 :::* users:(("dropbear",pid=27687,fd=5))
|
6、设置firwalld开放2022端口: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
| [iyunv@CentOS7 ~]# firewall-cmd --add-port=2022/tcp --permanent
success
[iyunv@CentOS7 ~]# firewall-cmd --reload
success
[iyunv@CentOS7 ~]# firewall-cmd --list-all
public (default, active)
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client http ssh
ports: 53/tcp 53/udp 2022/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
|
7、使用ssh client端测试:
8、设置为服务:
以下脚本内容来自:http://blog.iyunv.com/xmlrpc.php ... 4738&id=4234090
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
| # vim /etc/rc.d/init.d/dropbear
#!/bin/bash
#
# description: dropbear ssh daemon
# chkconfig: 2345 66 33
#
dsskey=/etc/dropbear/dropbear_dss_host_key
rsakey=/etc/dropbear/dropbear_rsa_host_key
lockfile=/var/lock/subsys/dropbear
pidfile=/var/run/dropbear.pid
dropbear=/usr/local/sbin/dropbear
dropbearkey=/usr/local/bin/dropbearkey
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/dropbear ] && . /etc/sysconfig/dropbear
keysize=${keysize:-1024}
port=${port:-22}
gendsskey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the dss key: "
$dropbearkey -t dss -f $dsskey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
}
genrsakey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the rsa key: "
$dropbearkey -t rsa -s $keysize -f $rsakey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
}
start() {
[ -e $dsskey ] || gendsskey
[ -e $rsakey ] || genrsakey
if [ -e $lockfile ]; then
echo -n "dropbear daemon is already running: "
success
echo
exit 0
fi
echo -n "Starting dropbear: "
daemon --pidfile="$pidfile" $dropbear -p $port -d $dsskey -r $rsakey
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockfile
return 0
else
rm -f $lockfile $pidfile
return 1
fi
}
stop() {
if [ ! -e $lockfile ]; then
echo -n "dropbear service is stopped: "
success
echo
exit 1
fi
echo -n "Stopping dropbear daemon: "
killproc dropbear
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
rm -f $lockfile $pidfile
return 0
else
return 1
fi
}
status() {
if [ -e $lockfile ]; then
echo "dropbear is running..."
else
echo "dropbear is stopped..."
fi
}
usage() {
echo "Usage: dropbear {start|stop|restart|status|gendsskey|genrsakey}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
stop
start
;;
status)
status
;;
gendsskey)
gendsskey
;;
genrsakey)
genrsakey
;;
*)
usage
;;
esac
|
ps:编译时报错:
1
| configure: error: *** zlib missing - install first or check config.log ***
|
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-12-2 08:09:41
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡