dropbear
dropbear可以代替我們系統中的openssh服務
dropbear編譯安裝和文件完整性檢查
因爲系統自帶的ssh是來自於openssh
有些地方不會使用openssh,或者我們需要自己製作一個小型ssh系統
對於這方面需求dropbear是個不錯的選擇
下載:
wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2019.78.tar.bz2
解壓縮:
tar xvf dropbear-2019.78.tar.bz2
安裝必要組件:
# gcc
查看README:
cat README
...
To run the server, you need to generate server keys, this is one-off:
./dropbearkey -t rsa -f dropbear_rsa_host_key
./dropbearkey -t dss -f dropbear_dss_host_key
./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
...
# 編譯完了記得生成key
查看INSTALL:
cat INSTALL
...
- Configure for your system:
./configure (optionally with --disable-zlib or --disable-syslog,
or --help for other options)
- Compile:
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
- Optionally install, or copy the binaries another way
make install (/usr/local/bin is usual default):
or
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install # 之後要用到
# 安裝方法
查看安裝路徑用./configure --help 來實現:
./configure --help
...
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local] # 默認是安裝在/usr/local下,我們要將其安裝在/app/dropbeaar
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc] # 指定配置文件安裝路徑
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
指定安裝路徑、配置文件路徑:
[root@localhost dropbear-2019.78]#./configure --prefix=/app/dropbear --sysconfdir=/etc/dropbear
# 安裝路徑爲/app/dropbear;配置文件路徑爲/etc/dropbear
查看是否安裝成功:
[root@localhost dropbear-2019.78]#echo $?
0
# 成功
執行make編譯(之前在INSATLL處有make安裝方法) gcc會將它編譯:
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
# 再次 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install 將配置文件複製到我們指定的目錄
[root@localhost dropbear-2019.78]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
install -d /app/dropbear/sbin
install dropbear /app/dropbear/sbin
install -d /app/dropbear/share/man/man8
install -m 644 ./dropbear.8 /app/dropbear/share/man/man8/dropbear.8
install -d /app/dropbear/bin
install dbclient /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e dbclient.1; then install -m 644 dbclient.1 /app/dropbear/share/man/man1/dbclient.1; fi
install -d /app/dropbear/bin
install dropbearkey /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e dropbearkey.1; then install -m 644 dropbearkey.1 /app/dropbear/share/man/man1/dropbearkey.1; fi
install -d /app/dropbear/bin
install dropbearconvert /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e dropbearconvert.1; then install -m 644 dropbearconvert.1 /app/dropbear/share/man/man1/dropbearconvert.1; fi
install -d /app/dropbear/bin
install scp /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e scp.1; then install -m 644 scp.1 /app/dropbear/share/man/man1/scp.1; fi
查看是否成功:
[root@localhost dropbear-2019.78]#tree /app/dropbear/
/app/dropbear/
├── bin # 客戶端程序
│ ├── dbclient
│ ├── dropbearconvert
│ ├── dropbearkey
│ └── scp
├── sbin # 服務器程序
│ └── dropbear
└── share
└── man
├── man1
│ ├── dbclient.1
│ ├── dropbearconvert.1
│ └── dropbearkey.1
└── man8
└── dropbear.8
6 directories, 9 files
添加一下PATH變量,再生成KEY:
[root@localhost dropbear-2019.78]#vim /etc/profile.d/dropbear.sh
PATH=/app/dropbear/bin:/app/dropbear/sbin:$PATH
# 執行一遍
[root@localhost dropbear-2019.78]#. /etc/profile.d/dropbear.sh
# 檢查是否添加成功
[root@localhost dropbear-2019.78]#echo $PATH
/app/dropbear/bin:/app/dropbear/sbin:/apps/httpd24/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
# 成功
KEY執行後放在配置文件中:
# 配置文件位置在/etc/dropbear
# 此時還沒用自動創建該文件,我們手動創建一下
# 更改下目錄位置
./dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
./dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
./dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
# 查看
[root@localhost dropbear-2019.78]#ls /etc/dropbear/
dropbear_dss_host_key dropbear_ecdsa_host_key dropbear_rsa_host_key
# 成功
更改dropbear監聽端口(因爲默認是端口是22,而22是ssh監聽的端口會衝突,所有我們另設端口):
[root@localhost dropbear]#dropbear -p 9527
# 檢查是否監聽成功
[root@localhost dropbear]#ss -nlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:9527 [::]:*
[root@localhost dropbear]#ss -nltp
LISTEN 0 128 [::]:9527 [::]:* users:(("dropbear",pid=25109,fd=4))
[root@localhost dropbear]#ssh 192.168.33.128 -p 9527
The authenticity of host '[192.168.33.128]:9527 ([192.168.33.128]:9527)' can't be established.
ECDSA key fingerprint is SHA256:fPJ/3EruwjWxFv6VYdB85t7+Q9CX3bL8qqaCU4xJPyk.
ECDSA key fingerprint is MD5:87:d2:6d:75:e4:4f:9f:ef:1c:73:a6:49:85:be:1f:6d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.33.128]:9527' (ECDSA) to the list of known hosts.
[email protected]'s password:
scp命令失敗解決方案:
[root@localhost ~]#scp /etc/fstab 192.168.33.129:/data
/usr/bin/dbclient: No such file or directory
lost connection
# 查看信息可以知道,scp命令默認是去/usr/bin/下找dbclient
# 解決方案可以製作個軟鏈接,指向/app/dropbear/bin/dbclient
[root@localhost ~]#ln -s /app/dropbear/bin/dbclient /usr/bin/dbclient
# 檢查
[root@localhost bin]#ll /usr/bin/dbclient
lrwxrwxrwx 1 root root 26 May 22 15:59 /usr/bin/dbclient -> /app/dropbear/bin/dbclient
# 重新傳
[root@localhost bin]#scp /etc/fstab 192.168.33.129:/data
[email protected]'s password:
# 成功
dropbear的刪除步驟:
[root@localhost bin]#pwd
/app/dropbear/bin
[root@localhost bin]#rm -rf /app/dropbear/
[root@localhost bin]#ll /usr/bin/dbclient
lrwxrwxrwx 1 root root 26 May 22 15:59 /usr/bin/dbclient -> /app/dropbear/bin/dbclient
[root@localhost bin]#rm -f /usr/bin/dbclient
[root@localhost bin]#cd /etc/dropbear/
[root@localhost dropbear]#ls
dropbear_dss_host_key dropbear_ecdsa_host_key dropbear_rsa_host_key
[root@localhost dropbear]#rm -rf /etc/dropbear/
[root@localhost dropbear]#rm -rf /etc/profile.d/dropbear.sh
[root@localhost dropbear]#cd /data/
[root@localhost data]#ls
app.csr dropbear-2019.78 dropbear-2019.78.tar.bz2 httpd-2.4.39 httpd-2.4.39.tar.gz my_pub_key
[root@localhost data]#rm -rf dropbear*
刪除後scp後的緩存路徑錯誤:
[root@localhost data]#scp /etc/passwd 192.168.33.129:/data
-bash: /app/dropbear/bin/scp: No such file or directory
# scp 命令記住的路徑仍然是原來的dropbear下
[root@localhost data]#which scp
/usr/bin/scp
# 但其指向信息無誤
# 原因是出在內存中,內存中記錄的路徑存在
[root@localhost data]#hash
hits command
5 /usr/bin/rm
1 /usr/bin/ln
3 /app/dropbear/bin/scp
7 /usr/bin/ls
# 刪除緩存中該路徑,執行的外部命令就在緩存中,從連接中退出hash文件會自動刪除,但我們也可以自己手動改
[root@localhost data]#hash -d scp
[root@localhost data]#hash
hits command
5 /usr/bin/rm
1 /usr/bin/ln
7 /usr/bin/ls
# 測試
[root@localhost data]#scp /etc/passwd 192.168.33.129:/data
[email protected]'s password:
# 成功