SSH协议的实现: telnet, dropbear,openssh
telnet使用
1、相关程序 telnet.i686 客户端 telnet-server.i686 服务端 2、安装服务端 # yum -y -q install telnet-server 3、启动telnet服务 # chkconfig telnet on # service xinetd start 4、查看是否监听 # ss -tunlp | fgrep 23 5、创建普通用户 # useradd centos # echo "123" | passwd --stdin centos 6、在Windows主机上访问(xshell中) [c:\~]$ telnet NAME telnet - connects to a host using the TELNET protocol. SYNOPSYS telnet [user@]host [port] [c:\~]$ telnet centos@172.16.100.3 //登陆CentOS用户 Connecting to 172.16.100.3:23... Connection established. To escape to local shell, press ‘Ctrl+Alt+]‘. CentOS release 6.9 (Final) Kernel 2.6.32-696.el6.i686 on an i686 localhost.localdomain login: centos Password: [centos@localhost ~]$ echo $HOME /home/centos 7、查看在登陆过程抓包的内容 ...
dropbear使用
1、安装开发包组
# yum -y groupinstall "Development Tools" "Server Platform Development"
2、获取源码
dropbear-2017.75.tar.bz2
3、展开
# tar xf dropbear-2017.75.tar.bz2
4、查看文件
# less INSTALL
./configure (optionally with --disable-zlib or --disable-syslog,
or --help for other options)
Now compile:
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
And install (/usr/local/bin is usual default):
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
5、编译
# ./configure
configure: error: *** zlib missing - install first or check config.log ***
# yum install zlib-devel
# make PROGRAMS="dropbear dbclient dropbearkey scp"
# make PROGRAMS="dropbear dbclient dropbearkey scp" install
6、生成主机密钥
# install -d /etc/dropbear
# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 2048
# dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key -s 1024
7、启动服务
# dropbear -F -E -p 0.0.0.0:8888
tcp LISTEN 0 128 *:8888 *:* users:(("dropbear",4365,3))
8、测试连接
[c:\~]$ ssh root@172.16.100.3 8888
Connecting to 172.16.100.3:8888...
Connection established.
To escape to local shell, press ‘Ctrl+Alt+]‘.
LISTEN 0 128 *:8888 *:*
ESTAB 0 64 172.16.100.3:8888 172.16.0.1:554831、启动: # dropbear -p 0.0.0.0:8888 2、连接 # dbclient -p 8888 user@hostname
服务脚本dropbear
[root@localhost ~]# vim dropbear
#!/bin/bash
# Version
# Author
# chkconfig: - 33 77
# description: my toys
port=9999
sysconfdir="/etc/dropbear"
Rsa_key="/etc/dropbear/dropbear_rsa_host_key"
Dss_key="/etc/dropbear/dropbear_dss_host_key"
##++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[ -r /etc/dropbear.conf ] && . /etc/dropbear.conf
prog=$(echo $0 | sed ‘s,/$,,‘ | sed -r ‘s@(.*/)([^/])@\2@‘)
lockfile=/var/lock/subsys/$prog
[ $UID -ne 0 ] && exit 1
dropbearKey() {
[ -d $sysconfdir ] || install -d $sysconfdir
[ -e $Rsa_key ] || dropbearkey -t rsa -f $Rsa_key -s 2048 &> /dev/null
[ -e $Dss_key ] || dropbearkey -t dss -f $Dss_key -s 1024 &> /dev/null
[ $? -eq 0 ] && echo "dropbearkey generate finished...."
}
start() {
if [ -e $lockfile ]; then
echo "$prog is already running"
else
dropbearKey
$prog -p :$port
touch $lockfile
echo "Start $prog finished..."
fi
}
stop() {
if [ -e $lockfile ]; then
rm -rf $lockfile
rm -rf $sysconfdir
killall -15 $prog || pkill -9 $prog
echo "Stop $prog ok..."
else
echo "$prog is stopped yet"
fi
}
status() {
if [ -e $lockfile ]; then
echo "$prog is running..."
else
echo "$prog is stopped..."
fi
}
restart() {
stop
start
}
reload() {
if [ -e $lockfile ]; then
kill -2 $pid
else
echo "$prog is stopped yet"
fi
}
case $1 in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
restart
;;
reload)
reload
;;
*)
echo "Usage: $prog {start|stop|restart|status|reload}"
esac
放入
# chmod +x dropbear
# cp -p dropbear /etc/rc.d/init.d/
# chkconfig --add dropbear
# chkconfig --list dropbear
# chkconfig --levels 3 dropbear onOpenSSH密钥认证流程
ssh协议
OpenSSH相关的工具
# rpm -qi openssh-clients An open source SSH client applications # rpm -qi openssh-server An open source SSH server daemon [root@localhost ~]# rpm -ql openssh-clients /etc/ssh/ssh_config /usr/bin/scp //基于ssh协议的复制工具 /usr/bin/sftp //基于ssh协议的ftp工具 /usr/bin/ssh //基于ssh协议的Linux客户端命令 /usr/bin/ssh-copy-id /usr/bin/ssh-keyscan [root@localhost ~]# rpm -ql openssh-server /etc/ssh/sshd_config /usr/sbin/.sshd.hmac /usr/sbin/sshd Windows客户端: xshell(XFTP), putty(XFTP), securecrt, sshsecureshellclient
openssh-clients相关配置
配置文件
/etc/ssh/ssh_config Host * //Host PATTERN即表示连接Host的范围 Port 22 //默认连接端口 ForwardX11 no //默认X11协议关闭,要使用远端的图形程序必须要开启,ssh -X即可
ssh命令 以ssh连接远程主机
scp命令 跨主机的复制,sshd服务启动才可使用
sftp命令 安全的ftp工作,sshd服务启动才可使用
Openssh-server相关的配置
配置文件 /etc/ssh/sshd_config
登陆认证
必须确定
必须修改
安全相关的选项
限制可登陆用户
基于密钥认证登陆openssh-server
生成一对密钥,公钥放在服务器端的对应用户账号的对应家目录下的.ssh目录中authorized_keys文件中
# openssl genrsa -out scretkey 768 # openssl rsa -in scretkey -out pubkey -pubout # cat pubkey >> ~/.ssh/authorized_keys 不能登陆....
# ssh-keygen -f ~/.ssh/id_rsa -P ‘‘ -t rsa -b 768 # # cat .ssh/id_rsa.pub >> .ssh/authorized_keys 登陆成功....
本文出自 “Reading” 博客,请务必保留此出处http://sonlich.blog.51cto.com/12825953/1967397
原文地址:http://sonlich.blog.51cto.com/12825953/1967397
