一:實驗目的:
編譯安裝新版本的dropbear
二:實驗過程:
1、dropbear:是一個小型的ssh服務器和客戶端,所以和openssh類似,都是用於實現ssh安全遠程登錄協議的,系統默認安裝有openssh,而dropbear是基於epel源的,需要自己下載安裝,兩種選擇一種實現ssh即可,因爲兩者默認使用22端口,但若是你很想兩個都用,那麼就可以讓其中一個不走默認端口。
2、使用yum info dropbear可查看其信息,(前提是,你需要配好epel源)
[root@localhost ~]# yum info dropbear Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile Available Packages Name : dropbear Arch : x86_64 Version : 2016.74 #版本信息 Release : 1.el7 Size : 146 k Repo : epel Summary : Lightweight SSH server and client URL : #官網 License : MIT Description : Dropbear is a relatively small SSH server and client. It's : particularly useful for "embedded"-type Linux (or other Unix) : systems, such as wireless routers. [root@localhost ~]#
現在我的版本是2016.74版,所以我們可以根據提供的官網,去找一個最新版本的dropbear;如下圖所示,點擊dropbear-2017.75.tar.bz2,下載。
然後將其放在桌面上(方便上傳linix),如下面所示,將dropbear-2017.75.tar.bz2拷進linux的家目錄下了(rz是默認拷到當前目錄下的)
[root@localhost ~]# rz #執行rz命令,將dropbear-2017.75.tar.bz2拷進來 rz waiting to receive. Starting zmodem transfer. Press Ctrl+C to cancel. Transferring dropbear-2017.75.tar.bz2... 100% 1585 KB 1585 KB/sec 00:00:01 0 Errors [root@localhost ~]# ls anaconda-ks.cfg Downloads initial-setup-ks.cfg Public bin dropbear-2017.75.tar.bz2 ip.log Templates Desktop httpd-2.4.27 Music Videos Documents httpd-2.4.27.tar.bz2 Pictures [root@localhost ~]#
執行tar xvf dropbear-2017.75.tar.bz2將其解壓縮,生成dropbear-2017.75 的目錄文件,
[root@localhost ~]# tar xvf dropbear-2017.75.tar.bz2 [root@localhost ~]# cd dropbear-2017.75/ #進到目錄下
看一下,README(關於dropbear的介紹)和INSTALL(編譯的指南)文件;(下面是INSTALL文件)
[root@localhost ~/dropbear-2017.75]# cat INSTALL Basic Dropbear build instructions: - Edit options.h to set which features you want. - Edit debug.h if you want any debug options (not usually required). (If using a non-tarball copy, "autoconf; autoheader") ./configure (optionally with --disable-zlib or --disable-syslog, #第一步 or --help for other options) Now compile: make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" #第二步 And install (/usr/local/bin is usual default): make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install #第三步
3、編譯過程:
3.1)、首先,檢查一下"development tools"這個包組是否安裝,若沒有裝可以先裝上,也可以在編譯過程中,報錯時再安裝,這裏我先安裝一下:
[root@localhost ~]# yum groupinstall "development tools" #大小寫都可以
3.2)、然後:如下所示開始編譯,其中--prefix=/app/dropbear指定安裝後的總目錄位置,--sysconfdir=/etc/dropbear/是指定其配置文件存放路徑
[root@localhost ~/dropbear-2017.75]# ./configure --prefix=/app/dropbear --sysconfdir=/etc/dropbear/
執行第一次結果報錯:
configure: error: *** zlib missing - install first or check config.log ***
然後我們就根據報錯信息加上-devel去查找並且安裝:
[root@localhost ~/dropbear-2017.75]# yum search zlib-devel #查看一下是否有這個包 Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile ============================================== N/S matched: zlib-devel =============================================== ghc-zlib-devel.x86_64 : Haskell zlib library development files zlib-devel.i686 : Header files and libraries for Zlib development zlib-devel.x86_64 : Header files and libraries for Zlib development Name and summary matches only, use "search all" for everything. [root@localhost ~/dropbear-2017.75]# yum -y install zlib-devel #加上-y選項直接安裝
3.3)、將第一個錯誤排除後,再執行一次編譯,若還有錯,就根據提示加上-devel查找,安裝,直到編譯最後如下圖代碼所示,成功(上面的代碼省略,只截取的最後);注意:若在這一步頻繁出錯,而且在開始沒有安裝"development tools"這個包組的話,建議先裝一下這個包組,過程就會順利多了。
checking for writev... yes checking for library containing basename... none required configure: creating ./config.status config.status: creating Makefile config.status: creating libtomcrypt/Makefile config.status: creating libtommath/Makefile config.status: creating config.h configure: configure: Using bundled libtomcrypt and libtommath configure: configure: Now edit options.h to choose features. [root@localhost ~/dropbear-2017.75]#
3.4)、根據INSTALL文件的提示,進行第二步make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"(只寫make也行,但是這裏我按照提示做的),在這個過程按道理說不會再出錯的,(若有錯的話在configer那一步應該就會報錯),而且在這個過程中會出現一些warning信息,可以不用管(哈哈,因爲它不是erro *-*),最後代碼如下圖所示
scpmisc.c: In function ‘freeargs’: scpmisc.c:196:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] for (i = 0; i < args->num; i++) ^ gcc -o scp scp.o progressmeter.o atomicio.o scpmisc.o compat.o
3.5)、第三步:在第二步的代碼後加上instll即可,make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install;可以看到下載的文件,在/app/dropbear下。
其中:bin下的是客戶端程序;sbin下的是服務端程序;/app/dropbear/bin/dbclient就相當於ssh協議。
[root@localhost ~/dropbear-2017.75]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install install -d /app/dropbear/sbin install dropbear /app/dropbear/sbin #服務端程序 install -d /app/dropbear/share/man/man8 install -m 644 ./dropbear.8 /app/dropbear/share/man/man8/dropbear.8 install -d /app/dropbear/bin install dbclient /app/dropbear/bin install -d /app/dropbear/share/man/man1 if test -e dbclient.1; then install -m 644 dbclient.1 /app/dropbear/share/man/man1/dbclient.1; fi install -d /app/dropbear/bin install dropbearkey /app/dropbear/bin install -d /app/dropbear/share/man/man1 if test -e dropbearkey.1; then install -m 644 dropbearkey.1 /app/dropbear/share/man/man1/dropbearkey.1; fi install -d /app/dropbear/bin install dropbearconvert /app/dropbear/bin install -d /app/dropbear/share/man/man1 if test -e dropbearconvert.1; then install -m 644 dropbearconvert.1 /app/dropbear/share/man/man1/dropbearconvert.1; fi install -d /app/dropbear/bin install scp /app/dropbear/bin install -d /app/dropbear/share/man/man1 if test -e scp.1; then install -m 644 scp.1 /app/dropbear/share/man/man1/scp.1; fi [root@localhost ~/dropbear-2017.75]#
三:實現:
編譯安裝結束,驗證一下:
1、先在/etc/profile.d/下建一個path.sh的文件,定義PATH變量,將我們剛編譯安裝的目錄/app/bin和/app/sbin都添加到PATH裏,方便運行(也可以不寫,到運行時寫絕對路徑也行)
[root@localhost ~/dropbear-2017.75]# vim /etc/profile.d/path.sh export PATH=/app/dropbear/bin:/app/dropbear/sbin:$PATH
[root@localhost ~/dropbear-2017.75]# . /etc/profile.d/path.sh #使其生效 [root@localhost ~/dropbear-2017.75]# echo $PATH #查看PATH變量 /app/dropbear/bin:/app/dropbear/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin [root@localhost ~/dropbear-2017.75]#
現在發現一個問題:在下載過程中,並沒有將我們指定的/etc/dropbear生成,而且我們服務端運行的話需要KEY,所以我們要先生成key(可根據REDME文檔中的提示):
[root@localhost ~/dropbear-2017.75]# cat README #截取其中一段 ...... To run the server, you need to server keys, this is one-off: #有三種加密方式,任選其一 ./dropbearkey -t rsa -f dropbear_rsa_host_key ./dropbearkey -t dss -f dropbear_dss_host_key ./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
這裏我選擇用的rsa加密,即第一條,因爲前面我們配置過PATH變量了,所以可以直接使用命令,若沒配置就需要/app/dropbear/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
[root@localhost /etc/dropbear]# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key Generating key, this may take a while... Public key portion is: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCJv8CnwVUc8gjHf1/9PVjKdNFzMUpUZXZXrMVhxJd+91QvpyI6C5cfDEWdc/xfPy0FZ0Wj+Dzg13YhR5R9kEFRb7id1/MUzSVU7JkFTae+zIBzwQ3z+IzQiMcJnlB65zB8d/0aqmibelR1m1VZiNgJtxMco5oSNAZQdv8wgO3bUXrwFR6ZeXg5FeQ9AiLQFCj0ZFvLUQOpRGX4LsQneIZjW9xAZnLpWkYeib+XK7eACpYepBpPetyVirSmImcchf0G5894IK9DYkjnQr+yI9BO6Nw5kXFH9c9QiLoWHeqi5HZXasHiH8+Sq4La8ZEFRxqdFnR4UjckfTJ0fZUUM8DD [email protected] Fingerprint: md5 88:1e:1e:6f:47:a0:da:49:7a:33:a3:39:8e:cb:26:db [root@localhost /etc/dropbear]# ls dropbear_rsa_host_key [root@localhost /etc/dropbear]#
2、現在key也有了,我們就可以考慮啓動了,但是我們默認走22端口,但是我們的sshd服務還在開着,所以,我們可以用dropbear --help查一下它的幫助:
[root@localhost /etc/dropbear]# dropbear --help -F Don't fork into background #放前臺執行 -p [address:]port #指定端口號 #指定端口號 Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 22 if none specified)
然後執行命令前先看一下端口信息:
[root@localhost /app/dropbear/bin]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 *:25 *:* LISTEN 0 128 :::111 :::* LISTEN 0 32 :::21 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 :::23 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 :::25 :::*
執行命令:
[root@localhost /etc/dropbear]# dropbear -F -p 518
再去顯示一下端口信息:指定的518端口打開了
[root@localhost /app/dropbear/bin]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 *:25 *:* LISTEN 0 128 *:518 *:* LISTEN 0 128 :::111 :::* LISTEN 0 32 :::21 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 :::23 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 :::25 :::* LISTEN 0 128 :::518 :::* [root@localhost /app/dropbear/bin]#
OK,那我們開始連接:
3、
1)、現在用另外一臺主機A(客戶端)去連接我們剛安裝dropbear服務的機器B(服務器端)(A:192.168.242.202;B:192.168.242.248)
[root@Centos6 ~]# ssh 192.168.242.248 -p 518 The authenticity of host '[192.168.242.248]:518 ([192.168.242.248]:518)' can't be established. RSA key fingerprint is 88:1e:1e:6f:47:a0:da:49:7a:33:a3:39:8e:cb:26:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[192.168.242.248]:518' (RSA) to the list of known hosts. [email protected]'s password: [root@localhost ~]#
[root@localhost ~]# ss -ntp #可以看到是dropbear連接的518端口
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.242.248:22 192.168.242.1:51725 users:(("sshd",pid=4681,fd=3))
ESTAB 0 0 192.168.242.248:518 192.168.242.202:54096 users:(("dropbear",pid=15128,fd=6))
[root@localhost ~]#但注意,因爲我們選擇的是前臺運行,所以,在B機器上我們Ctrl+c後就會斷開連接。
2)、也可以用B機器作爲客戶端,A機器作爲服務端
[root@localhost ~]# dbclient 192.168.242.202 [email protected]'s password: Last login: Sat Sep 30 09:50:26 2017 from 192.168.242.248 [root@Centos6 ~]#
OK,到這裏,編譯、安裝、測試dropbear完成,可能不是特別詳細,可能還有些方面沒有考慮到,若有不足,請多多指教。*-*