04-dropbear

dropbear

dropbear是ssh協議的另一個實現，輕量化的實現方案，多用於嵌入式環境中

dropbear實踐

1 安裝dropbear

[root@husa log]# yum install dropbear
正在解決依賴關係
--> 正在檢查事務
---> 軟件包 dropbear.x86_64.0.2015.67-1.el7 將被 安裝
--> 正在處理依賴關係 libtommath.so.0()(64bit)，它被軟件包 dropbear-2015.67-1.el7.x86_64 需要
--> 正在處理依賴關係 libtomcrypt.so.0()(64bit)，它被軟件包 dropbear-2015.67-1.el7.x86_64 需要
--> 正在檢查事務
---> 軟件包 libtomcrypt.x86_64.0.1.17-22.el7 將被 安裝
---> 軟件包 libtommath.x86_64.0.0.42.0-3.el7 將被 安裝
--> 解決依賴關係完成

2 查看dropbear生成了哪些文件

[root@husa log]# rpm -ql dropbear
/etc/dropbear
/usr/bin/dbclient
/usr/bin/dropbearconvert
/usr/bin/dropbearkey
/usr/lib/systemd/system/dropbear-keygen.service
/usr/lib/systemd/system/dropbear.service
/usr/sbin/dropbear
/usr/share/doc/dropbear-2015.67
/usr/share/doc/dropbear-2015.67/CHANGES
/usr/share/doc/dropbear-2015.67/LICENSE
/usr/share/doc/dropbear-2015.67/README
/usr/share/doc/dropbear-2015.67/TODO
/usr/share/man/man1/dbclient.1.gz
/usr/share/man/man1/dropbearconvert.1.gz
/usr/share/man/man1/dropbearkey.1.gz
/usr/share/man/man8/dropbear.8.gz

3 使用dropbear幫助

[root@husa log]# dropbear -h
Dropbear server v2015.67 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile   Display the contents of bannerfile before user login
                (default: none)
-r keyfile  Specify hostkeys (repeatable)
                defaults: 
                dss /etc/dropbear/dropbear_dss_host_key
                rsa /etc/dropbear/dropbear_rsa_host_key
                ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R              Create hostkeys as required
-F              Don't fork into background
-E              Log to stderr rather than syslog
-m              Don't display the motd on login
-w              Disallow root logins
-s              Disable password logins
-g              Disable password logins for root
-B              Allow blank password logins
-j              Disable local port forwarding
-k              Disable remote port forwarding
-a              Allow connections to forwarded ports from any host
-p [address:]port
                Listen on specified tcp port (and optionally address),
                up to 10 can be specified
                (default port is 22 if none specified)
-P PidFile      Create pid file PidFile
                (default /var/run/dropbear.pid)
-i              Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version

從幫助可以看出默認密鑰文件在/etc/dropbear/目錄下，如何生成這些密鑰文件？

4 生成dropbear密鑰

4.1 /usr/bin/dropbearkey命令生成

       dropbearkey  -  create  private  keys  for  the use with dropbear(8) or
       dbclient(1)

SYNOPSIS
       dropbearkey -t type -f file [-s bits]

DESCRIPTION
       dropbearkey generates a RSA DSS, or ECDSA format SSH private  key,  and
       saves  it  to  a  file  for the use with the Dropbear client or server.
       Note that some SSH implementations  use  the  term  "DSA"  rather  than
       "DSS", they mean the same thing.

4.2 dropbear-keygen.service服務生成

[root@husa system]# systemctl start dropbear-keygen.service

5 配置dropbear自動啓用且在22022端口打開

在dropbear-keygen.service中指定一個端口就行了

5.1 查看dropbear-keygen.service文件發現/etc/sysconfig/dropbear中需要配置OPTIONS

[root@husa system]# vim dropbear.service 
[Unit]
Description=Dropbear SSH Server Daemon
Documentation=man:dropbear(8)
Wants=dropbear-keygen.service
After=network.target

[Service]
EnvironmentFile=-/etc/sysconfig/dropbear
ExecStart=/usr/sbin/dropbear -E -F $OPTIONS

5.2 /etc/sysconfig/dropbear中配置OPTIONS

[root@husa system]# vim /etc/sysconfig/dropbear

    OPTIONS = "-p 22022"

6 啓動dropbear服務

[root@husa system]# systemctl start dropbear.service

7 在另一臺主機上登陸

[root@husa ssh]# ssh -p 22022 [email protected]
The authenticity of host '[192.168.200.143]:22022 ([192.168.200.143]:22022)' can't be established.
RSA key fingerprint is 98:0e:0c:5e:f2:9e:20:71:7c:ab:3e:13:e2:c5:f8:37.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.200.143]:22022' (RSA) to the list of known hosts.
root@192.168.200.143's password: 
Permission denied, please try again.
root@192.168.200.143's password: 
[root@husa ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:eb:ce:aa  txqueuelen 1000  (Ethernet)
        RX packets 394555  bytes 26450216 (25.2 MiB)
        RX errors 0  dropped 203  overruns 0  frame 0
        TX packets 47  bytes 3838 (3.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.200.143  netmask 255.255.255.0  broadcast 192.168.200.255
        inet6 fe80::20c:29ff:feeb:ceb4  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:eb:ce:b4  txqueuelen 1000  (Ethernet)
        RX packets 6820  bytes 1112294 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2758  bytes 920236 (898.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 20  bytes 2000 (1.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 2000 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

04-dropbear

04-dropbear

dropbear

dropbear實踐

lightdb hash index的性能和限制

02-topdown

03-Log 日誌常見配置

010-LAMP_MySQL_other

01-topdown

01-密碼學掃盲

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結