1、实现sshd免密登录
1.确认是否安装以下包
[root@centos7 .ssh]#rpm -q openssh openssh-clients openssh-server
openssh-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
2.在客户端生成密钥对
[root@centos7 .ssh]#ssh-keygen -t rsa -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:w2E3qE4pHrcw+ZdtzmEenEWXEJX4gHe3ewsPS3TMsRQ root@centos7.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| .o+.E.|
| .. +.o+.|
| + o..+*.+|
| . = o o o.* |
| * = S o . .|
| . X . = o + ..|
| . + o O . = o|
| . * o . o |
| + |
+----[SHA256]-----+
[root@centos7 .ssh]#ll -t
total 12
-rw------- 1 root root 1679 Jul 14 20:26 id_rsa
-rw-r--r-- 1 root root 406 Jul 14 20:26 id_rsa.pub
-rw-r--r-- 1 root root 396 Jul 7 21:07 known_hosts
3.把公钥文件传输至远程服务器对应用户的家目录
[root@centos7 .ssh]#ssh-copy-id 192.168.38.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.38.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.38.100'"
and check to make sure that only the key(s) you wanted were added.
4.sshd免密登录成功
[root@centos7 .ssh]#ssh 192.168.38.100
Last login: Sun Jul 14 11:17:57 2019 from 192.168.38.101
welcome to nyc!
[root@centos6 ~]#
2、编译安装dropbear实现SSH登录
1.官网下载包 https://matt.ucc.asn.au/dropbear/ 确保安装了yum groupinstall "Development tools"
yum install zlib-devel
[root@centos7 data]#wget https://matt.ucc.asn.au/dropbear/dropbear-2019.78.tar.bz2
--2019-07-14 20:43:33-- https://matt.ucc.asn.au/dropbear/dropbear-2019.78.tar.bz2
Resolving matt.ucc.asn.au (matt.ucc.asn.au)... 130.95.13.18, 2405:3c00:5200:100::18
Connecting to matt.ucc.asn.au (matt.ucc.asn.au)|130.95.13.18|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2708659 (2.6M) [application/x-bzip2]
Saving to: ‘dropbear-2019.78.tar.bz2’
100%[====================================================>] 2,708,659 978KB/s in 2.7s
2019-07-14 20:43:38 (978 KB/s) - ‘dropbear-2019.78.tar.bz2’ saved [2708659/2708659]
2.解压后进入目录浏览文件
[root@centos7 data]#tar xvf dropbear-2019.78.tar.bz2
[root@centos7 data]#cd dropbear-2019.78/
[root@centos7 dropbear-2019.78]#ls -a
. crypto_desc.c fuzz.h progressmeter.c
.. crypto_desc.h fuzz-harness.c progressmeter.h
agentfwd.h curve25519-donna.c fuzz-hostkeys.c queue.c
algo.h dbclient.1 fuzz-wrapfd.c queue.h
atomicio.c dbhelpers.c fuzz-wrapfd.h README
atomicio.h dbhelpers.h gendss.c release.sh
auth.h dbmalloc.c gendss.h rsa.c
bignum.c dbmalloc.h genrsa.c rsa.h
bignum.h dbmulti.c genrsa.h runopts.h
buffer.c dbrandom.c gensignkey.c scp.c
buffer.h dbrandom.h gensignkey.h scpmisc.c
CHANGES dbutil.c .gitignore scpmisc.h
channel.h dbutil.h .hg_archival.txt service.h
chansession.h debian .hgignore session.h
circbuffer.c debug.h .hgsigs signkey.c
circbuffer.h default_options.h ifndef_wrapper.sh signkey.h
cli-agentfwd.c dh_groups.c includes.h SMALL
cli-auth.c dh_groups.h INSTALL ssh.h
cli-authinteract.c dropbear.8 install-sh sshpty.c
cli-authpasswd.c dropbearconvert.1 kex.h sshpty.h
cli-authpubkey.c dropbearconvert.c keyimport.c svr-agentfwd.c
cli-channel.c dropbearkey.1 keyimport.h svr-auth.c
cli-chansession.c dropbearkey.c libtomcrypt svr-authpam.c
cli-kex.c dss.c libtommath svr-authpasswd.c
cli-main.c dss.h LICENSE svr-authpubkey.c
cli-runopts.c ecc.c list.c svr-authpubkeyoptions.c
cli-session.c ecc.h listener.c svr-chansession.c
cli-tcpfwd.c ecdsa.c listener.h svr-kex.c
common-algo.c ecdsa.h list.h svr-main.c
common-channel.c fake-rfc2553.c loginrec.c svr-runopts.c
common-chansession.c fake-rfc2553.h loginrec.h svr-service.c
common-kex.c filelist.txt ltc_prng.c svr-session.c
common-runopts.c fuzz-common.c ltc_prng.h svr-tcpfwd.c
common-session.c fuzzer-kexdh.c Makefile.in svr-x11fwd.c
compat.c fuzzer-kexecdh.c MULTI sysoptions.h
compat.h FUZZER-NOTES.md netio.c tcp-accept.c
config.guess fuzzer-preauth.c netio.h tcpfwd.h
config.h.in fuzzer-preauth_nomaths.c options.h termcodes.c
config.sub fuzzer-pubkey.c packet.c termcodes.h
configure fuzzers_test.sh packet.h .travis.yml
configure.ac fuzzer-verify.c process-packet.c x11fwd.h
3.查看README
[root@centos7 dropbear-2019.78]#cat README
This is Dropbear, a smallish SSH server and client.
https://matt.ucc.asn.au/dropbear/dropbear.html
INSTALL has compilation instructions.
MULTI has instructions on making a multi-purpose binary (ie a single binary
which performs multiple tasks, to save disk space)
SMALL has some tips on creating small binaries.
Please contact me if you have any questions/bugs found/features/ideas/comments etc :)
There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear
Matt Johnston
matt@ucc.asn.au
In the absence of detailed documentation, some notes follow:
============================================================================
Server public key auth:
You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
the key entries in that file. They should be of the form:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
You must make sure that ~/.ssh, and the key file, are only writable by the
user. Be