dropbear
前段时间在群里看见有人问,除了ssh还能这么连接服务器,我有两个答案netcat,telnet,但是其实这些基本都是不会在实际生产环境使用,因为都是不安全的方法,经过一番查询,接触到了dropbear,一种轻量级的ssh实现方式,广泛应用于嵌入式开发中。
安装dropbear
dropbear安装方法有两种,epel源中有收入,为了全面了解这种实现方法我采用编译的方法。
dropbear官网:https://matt.ucc.asn.au/dropbear/dropbear.html
1 | ~]# tar xf dropbear-2016.74.tar.bz2 |
2 | ~]# cd dropbear-2016.74 |
3 | ~]# ./configure --prefix=/usr/local/dropbear |
4 | ~]# make |
5 | ~]# make scp #根据需要是否编译scp,默认不编译 |
6 | ~]# make install |
7 | ~]# cp scp /usr/local/dropbear/bin/ |
总共生成了5个工具:
- dropbear:服务端
- dbclient:客户端
- dropbearconvert:openssh与dropbear的密钥转换
- dropbearkey:生成密钥
- scp:远程拷贝
配置:
1 | (1)生成server key |
2 | mkdir /etc/dropbear |
3 | cd /etc/dropbear |
4 | /usr/local/dropbear/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key |
5 | /usr/local/dropbear/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key |
6 | /usr/local/dropbear/bin/dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key |
7 | (2)启动调试 |
8 | /usr/local/dropbear/sbin/dropbear -F -E -p 2233 |
9 | [20801] Mar 23 00:27:07 Not backgrounding |
10 | ... |
11 | (3)连接测试 ssh和dbclient都可以 |
12 | ~]#dbclient 10.211.55.35 -p2233 |
13 | |
14 | Host '10.211.55.35' is not in the trusted hosts file. |
15 | (ecdsa-sha2-nistp521 fingerprint md5 09:38:62:0e:0a:06:cd:c4:c1:46:64:72:fa:44:ba:89) |
16 | Do you want to continue connecting? (y/n) yes |
17 | root@10.211.55.35's password: |
18 | (4) 服务端日志信息 |
19 | ~]# ./dropbear -F -E -p 2233 |
20 | [20801] Mar 23 00:27:07 Not backgrounding |
21 | [20802] Mar 23 00:28:24 Child connection from 10.211.55.24:40649 |
22 | [20802] Mar 23 00:28:34 Password auth succeeded for 'root' from 10.211.55.24:40649 |
23 | (5) 帮助信息 |
24 | ~]# ./dropbear -h |
25 | Dropbear server v2016.74 https://matt.ucc.asn.au/dropbear/dropbear.html |
26 | Usage: ./dropbear [options] |
27 | -b bannerfile Display the contents of bannerfile before user login #banner信息 |
28 | (default: none) |
29 | -r keyfile Specify hostkeys (repeatable) #指定server key,默认位置这也是为什么我们创建的位置 |
30 | defaults: |
31 | dss /etc/dropbear/dropbear_dss_host_key |
32 | rsa /etc/dropbear/dropbear_rsa_host_key |
33 | ecdsa /etc/dropbear/dropbear_ecdsa_host_key |
34 | -R Create hostkeys as required |
35 | -F Don't fork into background #在前段运行,测试的时候使用 |
36 | -E Log to stderr rather than syslog #将日志前段展示 |
37 | -m Don't display the motd on login |
38 | -w Disallow root logins |
39 | -s Disable password logins |
40 | -g Disable password logins for root |
41 | -B Allow blank password logins |
42 | -j Disable local port forwarding |
43 | -k Disable remote port forwarding |
44 | -a Allow connections to forwarded ports from any host |
45 | -p [address:]port |
46 | Listen on specified tcp port (and optionally address), |
47 | up to 10 can be specified |
48 | (default port is 22 if none specified) |
49 | -P PidFile Create pid file PidFile |
50 | (default /var/run/dropbear.pid) |
51 | -i Start for inetd |
52 | -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) |
53 | -K <keepalive> (0 is never, default 0, in seconds) |
54 | -I <idle_timeout> (0 is never, default 0, in seconds) |
55 | -V Version |
56 | (6)放到后台执行 |
57 | ~]# ./dropbear -p 2233 |