dropbear
dropbear可以代替我们系统中的openssh服务
dropbear编译安装和文件完整性检查
因为系统自带的ssh是来自于openssh
有些地方不会使用openssh,或者我们需要自己制作一个小型ssh系统
对于这方面需求dropbear是个不错的选择
下载:
wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2019.78.tar.bz2
解压缩:
tar xvf dropbear-2019.78.tar.bz2
安装必要组件:
# gcc
查看README:
cat README
...
To run the server, you need to generate server keys, this is one-off:
./dropbearkey -t rsa -f dropbear_rsa_host_key
./dropbearkey -t dss -f dropbear_dss_host_key
./dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
...
# 编译完了记得生成key
查看INSTALL:
cat INSTALL
...
- Configure for your system:
./configure (optionally with --disable-zlib or --disable-syslog,
or --help for other options)
- Compile:
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
- Optionally install, or copy the binaries another way
make install (/usr/local/bin is usual default):
or
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install # 之后要用到
# 安装方法
查看安装路径用./configure --help 来实现:
./configure --help
...
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local] # 默认是安装在/usr/local下,我们要将其安装在/app/dropbeaar
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc] # 指定配置文件安装路径
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
指定安装路径、配置文件路径:
[root@localhost dropbear-2019.78]#./configure --prefix=/app/dropbear --sysconfdir=/etc/dropbear
# 安装路径为/app/dropbear;配置文件路径为/etc/dropbear
查看是否安装成功:
[root@localhost dropbear-2019.78]#echo $?
0
# 成功
执行make编译(之前在INSATLL处有make安装方法) gcc会将它编译:
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
# 再次 make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install 将配置文件复制到我们指定的目录
[root@localhost dropbear-2019.78]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
install -d /app/dropbear/sbin
install dropbear /app/dropbear/sbin
install -d /app/dropbear/share/man/man8
install -m 644 ./dropbear.8 /app/dropbear/share/man/man8/dropbear.8
install -d /app/dropbear/bin
install dbclient /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e dbclient.1; then install -m 644 dbclient.1 /app/dropbear/share/man/man1/dbclient.1; fi
install -d /app/dropbear/bin
install dropbearkey /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e dropbearkey.1; then install -m 644 dropbearkey.1 /app/dropbear/share/man/man1/dropbearkey.1; fi
install -d /app/dropbear/bin
install dropbearconvert /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e dropbearconvert.1; then install -m 644 dropbearconvert.1 /app/dropbear/share/man/man1/dropbearconvert.1; fi
install -d /app/dropbear/bin
install scp /app/dropbear/bin
install -d /app/dropbear/share/man/man1
if test -e scp.1; then install -m 644 scp.1 /app/dropbear/share/man/man1/scp.1; fi
查看是否成功:
[root@localhost dropbear-2019.78]#tree /app/dropbear/
/app/dropbear/
├── bin # 客户端程序
│ ├── dbclient
│ ├── dropbearconvert
│ ├── dropbearkey
│ └── scp
├── sbin # 服务器程序
│ └── dropbear
└── share
└── man
├── man1
│ ├── dbclient.1
│ ├── dropbearconvert.1
│ └── dropbearkey.1
└── man8
└── dropbear.8
6 directories, 9 files
添加一下PATH变量,再生成KEY:
[root@localhost dropbear-2019.78]#vim /etc/profile.d/dropbear.sh
PATH=/app/dropbear/bin:/app/dropbear/sbin:$PATH
# 执行一遍
[root@localhost dropbear-2019.78]#. /etc/profile.d/dropbear.sh
# 检查是否添加成功
[root@localhost dropbear-2019.78]#echo $PATH
/app/dropbear/bin:/app/dropbear/sbin:/apps/httpd24/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
# 成功
KEY执行后放在配置文件中:
# 配置文件位置在/etc/dropbear
# 此时还没用自动创建该文件,我们手动创建一下
# 更改下目录位置
./dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
./dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
./dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
# 查看
[root@localhost dropbear-2019.78]#ls /etc/dropbear/
dropbear_dss_host_key dropbear_ecdsa_host_key dropbear_rsa_host_key
# 成功
更改dropbear监听端口(因为默认是端口是22,而22是ssh监听的端口会冲突,所有我们另设端口):
[root@localhost dropbear]#dropbear -p 9527
# 检查是否监听成功
[root@localhost dropbear]#ss -nlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:9527 [::]:*
[root@localhost dropbear]#ss -nltp
LISTEN 0 128 [::]:9527 [::]:* users:(("dropbear",pid=25109,fd=4))
[root@localhost dropbear]#ssh 192.168.33.128 -p 9527
The authenticity of host '[192.168.33.128]:9527 ([192.168.33.128]:9527)' can't be established.
ECDSA key fingerprint is SHA256:fPJ/3EruwjWxFv6VYdB85t7+Q9CX3bL8qqaCU4xJPyk.
ECDSA key fingerprint is MD5:87:d2:6d:75:e4:4f:9f:ef:1c:73:a6:49:85:be:1f:6d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.33.128]:9527' (ECDSA) to the list of known hosts.
[email protected]'s password:
scp命令失败解决方案:
[root@localhost ~]#scp /etc/fstab 192.168.33.129:/data
/usr/bin/dbclient: No such file or directory
lost connection
# 查看信息可以知道,scp命令默认是去/usr/bin/下找dbclient
# 解决方案可以制作个软链接,指向/app/dropbear/bin/dbclient
[root@localhost ~]#ln -s /app/dropbear/bin/dbclient /usr/bin/dbclient
# 检查
[root@localhost bin]#ll /usr/bin/dbclient
lrwxrwxrwx 1 root root 26 May 22 15:59 /usr/bin/dbclient -> /app/dropbear/bin/dbclient
# 重新传
[root@localhost bin]#scp /etc/fstab 192.168.33.129:/data
[email protected]'s password:
# 成功
dropbear的删除步骤:
[root@localhost bin]#pwd
/app/dropbear/bin
[root@localhost bin]#rm -rf /app/dropbear/
[root@localhost bin]#ll /usr/bin/dbclient
lrwxrwxrwx 1 root root 26 May 22 15:59 /usr/bin/dbclient -> /app/dropbear/bin/dbclient
[root@localhost bin]#rm -f /usr/bin/dbclient
[root@localhost bin]#cd /etc/dropbear/
[root@localhost dropbear]#ls
dropbear_dss_host_key dropbear_ecdsa_host_key dropbear_rsa_host_key
[root@localhost dropbear]#rm -rf /etc/dropbear/
[root@localhost dropbear]#rm -rf /etc/profile.d/dropbear.sh
[root@localhost dropbear]#cd /data/
[root@localhost data]#ls
app.csr dropbear-2019.78 dropbear-2019.78.tar.bz2 httpd-2.4.39 httpd-2.4.39.tar.gz my_pub_key
[root@localhost data]#rm -rf dropbear*
删除后scp后的缓存路径错误:
[root@localhost data]#scp /etc/passwd 192.168.33.129:/data
-bash: /app/dropbear/bin/scp: No such file or directory
# scp 命令记住的路径仍然是原来的dropbear下
[root@localhost data]#which scp
/usr/bin/scp
# 但其指向信息无误
# 原因是出在内存中,内存中记录的路径存在
[root@localhost data]#hash
hits command
5 /usr/bin/rm
1 /usr/bin/ln
3 /app/dropbear/bin/scp
7 /usr/bin/ls
# 删除缓存中该路径,执行的外部命令就在缓存中,从连接中退出hash文件会自动删除,但我们也可以自己手动改
[root@localhost data]#hash -d scp
[root@localhost data]#hash
hits command
5 /usr/bin/rm
1 /usr/bin/ln
7 /usr/bin/ls
# 测试
[root@localhost data]#scp /etc/passwd 192.168.33.129:/data
[email protected]'s password:
# 成功