Dropbear是一个相对较小的SSH服务器和客户端。是另一款ssh协议的开源实现;
主要功能:
类似于OpenSSH,实现完整的SSH客户端和服务器版本2协议。但它不支持SSH版本1,以节省空间和资源,并避免在SSH版本1的固有的安全漏洞。支持scp。
安装环境:
1、CentOS 7.2:
[root@CentOS7 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core)
2、安装开发环境,提供编译环境:
[root@CentOS7 ~]# yum groupinstall "Development Tools" "Server Plateform Development" -y
3、安装zlib依赖包文件,不然后续编译会报错:
[root@CentOS7 ~]# yum -y install zlib-devel
编译安装及配置:
1、下载dropbear:
[root@CentOS7 src]# wget http://matt.ucc.asn.au/dropbear/dropbear-2016.74.tar.bz2 --2016-11-08 16:56:44-- http://matt.ucc.asn.au/dropbear/dropbear-2016.74.tar.bz2 正在解析主机 matt.ucc.asn.au (matt.ucc.asn.au)... 130.95.13.18, 2405:3c00:5200:100::18 正在连接 matt.ucc.asn.au (matt.ucc.asn.au)|130.95.13.18|:80... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:1622234 (1.5M) [application/x-bzip2] 正在保存至: “dropbear-2016.74.tar.bz2” 100%[======================================>] 1,622,234 539KB/s 用时 2.9s 2016-11-08 16:56:50 (539 KB/s) - 已保存 “dropbear-2016.74.tar.bz2” [1622234/1622234])
2、解压dropbear-2016.74.tar.bz2
[root@CentOS7 src]# tar xf dropbear-2016.74.tar.bz2
3、编译/安装dropbear:
1)运行configure脚本:
[root@CentOS7 dropbear-2016.74]# ./configure prefix=/usr/local/dropbear --sysconfdir=/etc/dropbear --disable-pam 显示如下信息表示./configure运行成功,提示编辑options.sh文件选择功能,在此文件中可以设置监听的端口号: configure: Now edit options.h to choose features.
2)运行make命令,完成项目构件:
[root@CentOS7 dropbear-2016.74]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
3)运行make install命令,完成安装:
[root@CentOS7 dropbear-2016.74]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install Dropbearkey是用来生成公钥的; Dropbearconvert是用来与openssh转换的; Dbclient可以用来连接远程的服务器; 用法:#./dbclient username@192.168.99.214 Scp可以向远程的服务器写文件和取文件; 用法:#./scp /home/bin/a.log username@192.168.99.214:/home/working
4、配置系统环境变量:
[root@CentOS7 ~]# vim /etc/profile.d/dropbear.sh [root@CentOS7 ~]# cat /etc/profile.d/dropbear.sh export PATH=/usr/local/dropbear/bin:/usr/local/dropbear/sbin/:$PATH [root@CentOS7 ~]# . /etc/profile.d/dropbear.sh
5、配置dropbear服务器端:
# dropbear -h -r keyfile Specify hostkeys (repeatable) defaults: dss /etc/dropbear/dropbear_dss_host_key rsa /etc/dropbear/dropbear_rsa_host_key ecdsa /etc/dropbear/dropbear_ecdsa_host_key -R Create hostkeys as required -F Don‘t fork into background -E Log to stderr rather than syslog
(1)sshd服务器都需要公钥,生成公钥:
# mkdir /etc/dropbear # cd /etc/dropbear # dropbearkey -t dss -f dropbear_dss_host_key //生成dss密钥文件 # dropbearkey -t rsa -s 2048 -f dropbear_rsa_host_key //生成rsa密钥文件
(2)启动dropbear:
启动dropbear命令进程时注意监听的端口号:
方法1:使用-p选项指定监听的端口:
[root@CentOS7 ~]# dropbear -p 2022
方法2:在编译dropbear之前,修改options.sh文件中:
define DROPBEAR_DEFPORT "22" 改为 define DROPBEAR_DEFPORT "2022" 或执行:# sed -i ‘s/22/2022/g‘ options.h
启动dropbear:
[root@CentOS7 ~]# dropbear -p 2022
查看端口是否监听成功:
[root@CentOS7 ~]# ss -tnlp | grep :2022
LISTEN 0 128 *:2022 *:* users:(("dropbear",pid=27687,fd=4))
LISTEN 0 128 :::2022 :::* users:(("dropbear",pid=27687,fd=5))6、设置firwalld开放2022端口:
[root@CentOS7 ~]# firewall-cmd --add-port=2022/tcp --permanent success [root@CentOS7 ~]# firewall-cmd --reload success [root@CentOS7 ~]# firewall-cmd --list-all public (default, active) interfaces: enp0s3 enp0s8 sources: services: dhcpv6-client http ssh ports: 53/tcp 53/udp 2022/tcp masquerade: no forward-ports: icmp-blocks: rich rules:
7、使用ssh client端测试:
# ssh -p 2022 root@172.16.100.11
8、设置为服务:
以下脚本内容来自:http://blog.chinaunix.net/xmlrpc.php?r=blog/article&uid=29584738&id=4234090
# vim /etc/rc.d/init.d/dropbear
#!/bin/bash
#
# description: dropbear ssh daemon
# chkconfig: 2345 66 33
#
dsskey=/etc/dropbear/dropbear_dss_host_key
rsakey=/etc/dropbear/dropbear_rsa_host_key
lockfile=/var/lock/subsys/dropbear
pidfile=/var/run/dropbear.pid
dropbear=/usr/local/sbin/dropbear
dropbearkey=/usr/local/bin/dropbearkey
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/dropbear ] && . /etc/sysconfig/dropbear
keysize=${keysize:-1024}
port=${port:-22}
gendsskey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the dss key: "
$dropbearkey -t dss -f $dsskey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
}
genrsakey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the rsa key: "
$dropbearkey -t rsa -s $keysize -f $rsakey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
}
start() {
[ -e $dsskey ] || gendsskey
[ -e $rsakey ] || genrsakey
if [ -e $lockfile ]; then
echo -n "dropbear daemon is already running: "
success
echo
exit 0
fi
echo -n "Starting dropbear: "
daemon --pidfile="$pidfile" $dropbear -p $port -d $dsskey -r $rsakey
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockfile
return 0
else
rm -f $lockfile $pidfile
return 1
fi
}
stop() {
if [ ! -e $lockfile ]; then
echo -n "dropbear service is stopped: "
success
echo
exit 1
fi
echo -n "Stopping dropbear daemon: "
killproc dropbear
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
rm -f $lockfile $pidfile
return 0
else
return 1
fi
}
status() {
if [ -e $lockfile ]; then
echo "dropbear is running..."
else
echo "dropbear is stopped..."
fi
}
usage() {
echo "Usage: dropbear {start|stop|restart|status|gendsskey|genrsakey}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
stop
start
;;
status)
status
;;
gendsskey)
gendsskey
;;
genrsakey)
genrsakey
;;
*)
usage
;;
esacps:编译时报错:
configure: error: *** zlib missing - install first or check config.log ***
猜测因为安装的版本过新,需升级zlib:
http://www.aixchina.net/Article/39407
安装编译完最新的zlib之后,发现还是不行,搜索之,又发现一篇好文,解决了:
http://blog.csdn.net/shunzi19860518/article/details/479682
本文出自 “11255017” 博客,请务必保留此出处http://11265017.blog.51cto.com/11255017/1878666
原文地址:http://11265017.blog.51cto.com/11255017/1878666
