04-dropbear

最新推荐文章于 2023-05-31 15:18:46 发布

华小熊

最新推荐文章于 2023-05-31 15:18:46 发布

阅读量1k

点赞数

分类专栏： LinuxAdministration

本文链接：https://blog.csdn.net/u010796631/article/details/50557450

版权

LinuxAdministration 专栏收录该内容

51 篇文章 0 订阅

订阅专栏

04-dropbear

dropbear

dropbear是ssh协议的另一个实现，轻量化的实现方案，多用于嵌入式环境中

dropbear实践

1 安装dropbear

[root@husa log]# yum install dropbear
正在解决依赖关系
--> 正在检查事务
---> 软件包 dropbear.x86_64.0.2015.67-1.el7 将被 安装
--> 正在处理依赖关系 libtommath.so.0()(64bit)，它被软件包 dropbear-2015.67-1.el7.x86_64 需要
--> 正在处理依赖关系 libtomcrypt.so.0()(64bit)，它被软件包 dropbear-2015.67-1.el7.x86_64 需要
--> 正在检查事务
---> 软件包 libtomcrypt.x86_64.0.1.17-22.el7 将被 安装
---> 软件包 libtommath.x86_64.0.0.42.0-3.el7 将被 安装
--> 解决依赖关系完成

2 查看dropbear生成了哪些文件

[root@husa log]# rpm -ql dropbear
/etc/dropbear
/usr/bin/dbclient
/usr/bin/dropbearconvert
/usr/bin/dropbearkey
/usr/lib/systemd/system/dropbear-keygen.service
/usr/lib/systemd/system/dropbear.service
/usr/sbin/dropbear
/usr/share/doc/dropbear-2015.67
/usr/share/doc/dropbear-2015.67/CHANGES
/usr/share/doc/dropbear-2015.67/LICENSE
/usr/share/doc/dropbear-2015.67/README
/usr/share/doc/dropbear-2015.67/TODO
/usr/share/man/man1/dbclient.1.gz
/usr/share/man/man1/dropbearconvert.1.gz
/usr/share/man/man1/dropbearkey.1.gz
/usr/share/man/man8/dropbear.8.gz

3 使用dropbear帮助

[root@husa log]# dropbear -h
Dropbear server v2015.67 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile   Display the contents of bannerfile before user login
                (default: none)
-r keyfile  Specify hostkeys (repeatable)
                defaults: 
                dss /etc/dropbear/dropbear_dss_host_key
                rsa /etc/dropbear/dropbear_rsa_host_key
                ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R              Create hostkeys as required
-F              Don't fork into background
-E              Log to stderr rather than syslog
-m              Don't display the motd on login
-w              Disallow root logins
-s              Disable password logins
-g              Disable password logins for root
-B              Allow blank password logins
-j              Disable local port forwarding
-k              Disable remote port forwarding
-a              Allow connections to forwarded ports from any host
-p [address:]port
                Listen on specified tcp port (and optionally address),
                up to 10 can be specified
                (default port is 22 if none specified)
-P PidFile      Create pid file PidFile
                (default /var/run/dropbear.pid)
-i              Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version

从帮助可以看出默认密钥文件在/etc/dropbear/目录下，如何生成这些密钥文件？

4 生成dropbear密钥

4.1 /usr/bin/dropbearkey命令生成

       dropbearkey  -  create  private  keys  for  the use with dropbear(8) or
       dbclient(1)

SYNOPSIS
       dropbearkey -t type -f file [-s bits]

DESCRIPTION
       dropbearkey generates a RSA DSS, or ECDSA format SSH private  key,  and
       saves  it  to  a  file  for the use with the Dropbear client or server.
       Note that some SSH implementations  use  the  term  "DSA"  rather  than
       "DSS", they mean the same thing.

4.2 dropbear-keygen.service服务生成

[root@husa system]# systemctl start dropbear-keygen.service

5 配置dropbear自动启用且在22022端口打开

在dropbear-keygen.service中指定一个端口就行了

5.1 查看dropbear-keygen.service文件发现/etc/sysconfig/dropbear中需要配置OPTIONS

[root@husa system]# vim dropbear.service 
[Unit]
Description=Dropbear SSH Server Daemon
Documentation=man:dropbear(8)
Wants=dropbear-keygen.service
After=network.target

[Service]
EnvironmentFile=-/etc/sysconfig/dropbear
ExecStart=/usr/sbin/dropbear -E -F $OPTIONS

5.2 /etc/sysconfig/dropbear中配置OPTIONS

[root@husa system]# vim /etc/sysconfig/dropbear

    OPTIONS = "-p 22022"

6 启动dropbear服务

[root@husa system]# systemctl start dropbear.service

7 在另一台主机上登陆

[root@husa ssh]# ssh -p 22022 root@192.168.200.143
The authenticity of host '[192.168.200.143]:22022 ([192.168.200.143]:22022)' can't be established.
RSA key fingerprint is 98:0e:0c:5e:f2:9e:20:71:7c:ab:3e:13:e2:c5:f8:37.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.200.143]:22022' (RSA) to the list of known hosts.
root@192.168.200.143's password: 
Permission denied, please try again.
root@192.168.200.143's password: 
[root@husa ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:eb:ce:aa  txqueuelen 1000  (Ethernet)
        RX packets 394555  bytes 26450216 (25.2 MiB)
        RX errors 0  dropped 203  overruns 0  frame 0
        TX packets 47  bytes 3838 (3.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.200.143  netmask 255.255.255.0  broadcast 192.168.200.255
        inet6 fe80::20c:29ff:feeb:ceb4  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:eb:ce:b4  txqueuelen 1000  (Ethernet)
        RX packets 6820  bytes 1112294 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2758  bytes 920236 (898.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 20  bytes 2000 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 2000 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

华小熊

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
04-dropbear

04-dropbeardropbeardropbear是ssh协议的另一个实现，轻量化的实现方案，多用于嵌入式环境中dropbear实践1 安装dropbear[root@husa log]# yum install dropbear正在解决依赖关系--> 正在检查事务---> 软件包 dropbear.x86_64.0.2015.67-1.el7 将被安装--> 正在处理依赖关系 lib
复制链接

扫一扫