SSH协议的实现: telnet, dropbear,openssh
telnet使用
1、相关程序 telnet.i686 客户端 telnet-server.i686 服务端 2、安装服务端 # yum -y -q install telnet-server 3、启动telnet服务 # chkconfig telnet on # service xinetd start 4、查看是否监听 # ss -tunlp | fgrep 23 5、创建普通用户 # useradd centos # echo "123" | passwd --stdin centos 6、在Windows主机上访问(xshell中) [c:\~]$ telnet NAME telnet - connects to a host using the TELNET protocol. SYNOPSYS telnet [user@]host [port] [c:\~]$ telnet centos@172.16.100.3 //登陆CentOS用户 Connecting to 172.16.100.3:23... Connection established. To escape to local shell, press ‘Ctrl+Alt+]‘. CentOS release 6.9 (Final) Kernel 2.6.32-696.el6.i686 on an i686 localhost.localdomain login: centos Password: [centos@localhost ~]$ echo $HOME /home/centos 7、查看在登陆过程抓包的内容 ...
dropbear使用
1、安装开发包组 # yum -y groupinstall "Development Tools" "Server Platform Development" 2、获取源码 dropbear-2017.75.tar.bz2 3、展开 # tar xf dropbear-2017.75.tar.bz2 4、查看文件 # less INSTALL ./configure (optionally with --disable-zlib or --disable-syslog, or --help for other options) Now compile: make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" And install (/usr/local/bin is usual default): make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install 5、编译 # ./configure configure: error: *** zlib missing - install first or check config.log *** # yum install zlib-devel # make PROGRAMS="dropbear dbclient dropbearkey scp" # make PROGRAMS="dropbear dbclient dropbearkey scp" install 6、生成主机密钥 # install -d /etc/dropbear # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 2048 # dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key -s 1024 7、启动服务 # dropbear -F -E -p 0.0.0.0:8888 tcp LISTEN 0 128 *:8888 *:* users:(("dropbear",4365,3)) 8、测试连接 [c:\~]$ ssh root@172.16.100.3 8888 Connecting to 172.16.100.3:8888... Connection established. To escape to local shell, press ‘Ctrl+Alt+]‘. LISTEN 0 128 *:8888 *:* ESTAB 0 64 172.16.100.3:8888 172.16.0.1:55483
1、启动: # dropbear -p 0.0.0.0:8888 2、连接 # dbclient -p 8888 user@hostname
服务脚本dropbear [root@localhost ~]# vim dropbear #!/bin/bash # Version # Author # chkconfig: - 33 77 # description: my toys port=9999 sysconfdir="/etc/dropbear" Rsa_key="/etc/dropbear/dropbear_rsa_host_key" Dss_key="/etc/dropbear/dropbear_dss_host_key" ##++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [ -r /etc/dropbear.conf ] && . /etc/dropbear.conf prog=$(echo $0 | sed ‘s,/$,,‘ | sed -r ‘s@(.*/)([^/])@\2@‘) lockfile=/var/lock/subsys/$prog [ $UID -ne 0 ] && exit 1 dropbearKey() { [ -d $sysconfdir ] || install -d $sysconfdir [ -e $Rsa_key ] || dropbearkey -t rsa -f $Rsa_key -s 2048 &> /dev/null [ -e $Dss_key ] || dropbearkey -t dss -f $Dss_key -s 1024 &> /dev/null [ $? -eq 0 ] && echo "dropbearkey generate finished...." } start() { if [ -e $lockfile ]; then echo "$prog is already running" else dropbearKey $prog -p :$port touch $lockfile echo "Start $prog finished..." fi } stop() { if [ -e $lockfile ]; then rm -rf $lockfile rm -rf $sysconfdir killall -15 $prog || pkill -9 $prog echo "Stop $prog ok..." else echo "$prog is stopped yet" fi } status() { if [ -e $lockfile ]; then echo "$prog is running..." else echo "$prog is stopped..." fi } restart() { stop start } reload() { if [ -e $lockfile ]; then kill -2 $pid else echo "$prog is stopped yet" fi } case $1 in start) start ;; stop) stop ;; status) status ;; restart) restart ;; reload) reload ;; *) echo "Usage: $prog {start|stop|restart|status|reload}" esac 放入 # chmod +x dropbear # cp -p dropbear /etc/rc.d/init.d/ # chkconfig --add dropbear # chkconfig --list dropbear # chkconfig --levels 3 dropbear on
OpenSSH密钥认证流程
ssh协议
OpenSSH相关的工具
# rpm -qi openssh-clients An open source SSH client applications # rpm -qi openssh-server An open source SSH server daemon [root@localhost ~]# rpm -ql openssh-clients /etc/ssh/ssh_config /usr/bin/scp //基于ssh协议的复制工具 /usr/bin/sftp //基于ssh协议的ftp工具 /usr/bin/ssh //基于ssh协议的Linux客户端命令 /usr/bin/ssh-copy-id /usr/bin/ssh-keyscan [root@localhost ~]# rpm -ql openssh-server /etc/ssh/sshd_config /usr/sbin/.sshd.hmac /usr/sbin/sshd Windows客户端: xshell(XFTP), putty(XFTP), securecrt, sshsecureshellclient
openssh-clients相关配置
配置文件
/etc/ssh/ssh_config Host * //Host PATTERN即表示连接Host的范围 Port 22 //默认连接端口 ForwardX11 no //默认X11协议关闭,要使用远端的图形程序必须要开启,ssh -X即可
ssh命令 以ssh连接远程主机
scp命令 跨主机的复制,sshd服务启动才可使用
sftp命令 安全的ftp工作,sshd服务启动才可使用
Openssh-server相关的配置
配置文件 /etc/ssh/sshd_config
登陆认证
必须确定
必须修改
安全相关的选项
限制可登陆用户
基于密钥认证登陆openssh-server
生成一对密钥,公钥放在服务器端的对应用户账号的对应家目录下的.ssh目录中authorized_keys文件中
# openssl genrsa -out scretkey 768 # openssl rsa -in scretkey -out pubkey -pubout # cat pubkey >> ~/.ssh/authorized_keys 不能登陆....
# ssh-keygen -f ~/.ssh/id_rsa -P ‘‘ -t rsa -b 768 # # cat .ssh/id_rsa.pub >> .ssh/authorized_keys 登陆成功....
本文出自 “Reading” 博客,请务必保留此出处http://sonlich.blog.51cto.com/12825953/1967397
原文地址:http://sonlich.blog.51cto.com/12825953/1967397