一、远程登录协议
1.telnet:远程登录,tcp/23端口的应用层协议
C/S架构
S:telnet服务器
C:telnet客户端
2.SSH:Secure Shell,tcp/22端口的应用层协议
通信过程及认证过程是加密的,主机需要认证
Server端发送Secret key给Client端的Public Key对照;
用户认证过程加密
数据传输过程加密
3.SSH协议 v1 v2
v1已经可以被man-in-middle(中间人)攻击了
4.SSH认证过程:
基于口令认证
基于密钥认证
二、Linux中的SSH:OpenSSH
1.C/S架构
a)服务器端:sshd,配置文件/etc/ssh/sshd_config
b)客户端:ssh,配置文件/etc/ssh/ssh_config
ssh-keygen 密钥生成器
ssh-copy-id 将公钥传输至远程服务器
scp 跨主机安全复制工具,复制过程是加密的
2.ssh登录服务端命令:
a)主机认证密钥(接收时选择yes|no),主机认证密钥保存在/USERHOME/.ssh/known_hosts
b)ssh(默认为客户端当前用户登录)远程登录方式:
ssh USERNAME@HOST
ssh -l USERNAME HOST
ssh USERNAME@HOST ‘COMMAND‘
c)scp:
scp SRC DEST
-r
-a
scp USERNAME@HOST:/path/to/somefile /path/to/local
scp /path/to/local USERNAME@HOST:/path/to/somewhere
d)ssh-keygen
-t rsa
~/.ssh/id_rsa(私钥文件位置)
~/.ssh/id_rsa.pub(公钥文件位置)
-f /path/to/KEY_FILE
-P ‘‘:指定加密私钥的密码,‘‘指定空密码
e)公钥要追加保存在远程主机某用户的家目录下的.ssh/authorized_keys文件或.ssh/authorized_keys2文件才能远程主机.
三、ssh登录服务端无需密码实例
方法一:
1、客户端生成密钥:
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e4:41:63:3c:e5:75:b5:a7:99:9e:ab:cd:99:9e:dc:a7 root@localhost.localdomain
2、复制公钥到远程主机:
[root@localhost ~]# scp .ssh/id_rsa.pub root@192.8.8.50:/root
The authenticity of host ‘192.8.8.50 (192.8.8.50)‘ can‘t be established.
RSA key fingerprint is 3f:e6:b9:8e:e3:4d:c8:c2:e4:90:50:0f:5b:23:c1:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.8.8.50‘ (RSA) to the list of known hosts.
root@192.8.8.50‘s password:
id_rsa.pub 100% 408 0.4KB/s 00:00
3、登录远程主机创建.ssh目录:
[root@localhost ~]# ssh root@192.8.8.50
root@192.8.8.50‘s password:
Last login: Thu Jun 19 23:03:02 2014 from 192.8.8.18
[root@localhost01 ~]# mkdir .ssh
[root@localhost01 ~]# chmod 700 .ssh
4、复制公钥文件到远程登录端:
[root@localhost01 ~]# cat id_rsa.pub >> .ssh/authorized_keys
5、退出远程登录端,在客户端测试,不需要在输入密码:
[root@localhost01 ~]# exit
[root@localhost ~]# ssh root@192.8.8.50
方法二:
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.8.8.50
15
root@192.8.8.50‘s password:
Now try logging into the machine, with "ssh ‘root@192.8.8.50‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
[root@localhost ~]# ssh root@192.8.8.50
四、ssh服务端登录客户端端无需密码实例
1、生成服务端成私钥:
[root@localhost01 ~]# ssh-keygen -t rsa -f .ssh/id_rsa -P ‘‘
Generating public/private rsa key pair.
Your identification has been saved in .ssh/id_rsa.
Your public key has been saved in .ssh/id_rsa.pub.
The key fingerprint is:
72:83:ec:93:c8:3e:6a:10:36:04:7a:40:4e:38:99:6f root@localhost01
The key‘s randomart image is:
+--[ RSA 2048]----+
|*= |
|Oo |
|o+. |
|.+E . . |
|.o. + S |
|. . o + . |
| . o + |
| ... . |
| ..... |
+-----------------+
2、复制公钥到登录端:
[root@localhost01 ~]# ssh-copy-id root@192.8.8.18
3、服务端ssh测试:
[root@localhost01 ~]# ssh root@192.8.8.18
Last login: Mon Jun 2 14:11:26 2014 from 192.8.8.10
[root@localhost ~]#
五、嵌入式系统专用的SSH服务器端和客户端工具(dropbear)
[可接BASH脚本编程之系统裁剪51或者Linux自定义内核及busybox完成系统定制52]
1.服务器端命令:
dropbear:dropbear会在用户登录检查其默认shell是否是当前系统的安全shell(/etc/shell)
dropbearkey
2.客户端:dbclient
3.dropbear主机密钥默认位置:/etc/dropbear
RSA:dropbear_rsa_host_key
长度可变,只要是8的整数倍,默认为1024
DSS:dropbear_dss_host_key
长度固定,默认为1024
4.dropbear默认使用nsswitch实现名称解析
/etc/nsswitch.conf
/lib/libnss_files*
/usr/lib/libnss3.so
/usr/lib/libnss_files*
自定义Linux实现SSH远程登录:
1.下载\Sources\Busybox下的dropbear-2013.56.tar.bz2;
2.tar xf dropbear-2013.56.tar.bz2
3.编译dropbear(安装编译环境:Development Libraries;Development Tools)
cd dropbear-2013.56
./configure
make
make install
4.运行脚本binary.sh移植dropbear,dropbearkey,dbclient命令:
5.编辑安全shell文件
cd /mnt/sysroot
vim etc/shells
/bin/sh
/bin/bash
/bin/ash
/bin/hush
6.添加挂载伪文件系统:
vim etc/fstab第三行添加:
devpts/dev/ptsdevptsmode=62000
7.创建能执行伪文件系统的目录:
mkdir dev/pts
8.生成dropbear主机密钥:
mkdir etc/dropbear
dropbearkey -t rsa -f /mnt/sysroot/etc/dropbear/dropbear_rsa_host_key -s 2048
dropbearkey -t dss -f /mnt/sysroot/etc/dropbear/dropbear_dss_host_key
ls etc/dropbear/
9.复制longin中间层文件:
ls -l /mnt/sysroot/usr/lib
mkdir /mnt/sysroot/usr/lib
cp -d /lib/libnss_files* /mnt/sysroot/lib/
cp -d /usr/lib/libnss3.so /usr/lib/libnss_files.so /mnt/sysroot/usr/lib
10.编辑login的配置文件:
cp /etc/nsswitch.conf /mnt/sysroot/etc/
vim /mnt/sysroot/etc/nsswitch.conf(.,$d删除其他行,保留四行)
passwd:files
shadow:files
group:files
hosts:filesdns
11.启动新主机登录,测试:
使用绝对路径运行dropbear命令:
/usr/local/sbin/dropbear -E -F(前端运行)
/usr/local/sbin/dropbear(后端运行)
12.远程登录新主机;
export PATH=$PATH:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
13.新主机上登录另外一台主机:
/usr/local/bin/dbclient -l root IPADD .
本文出自 “Nick Liu的博文” 博客,请务必保留此出处http://zkhylt.blog.51cto.com/3638719/1430316
Linux含有SSH服务小于10M的裁剪技巧56,布布扣,bubuko.com
原文地址:http://zkhylt.blog.51cto.com/3638719/1430316
