何为Dropbear SSH
Dropbear是一个相对较小的SSH服务器和客户端。它运行在各种基于POSIX的平台上。Dropbear是一种开源软件,以MIT风格的许可证分发。Dropbear对于“嵌入”型Linux(或其他Unix)系统(如无线路由器)特别有用。
为什么提起Dropbear SSH
作为SSH协议的另一种开源实现,Dropbear SSH或许并没有OpenSSH那么高的热度(因为后者在绝大多数现代Linux发型版中出厂自带)。但是,这并不意味着标准被唯一化和"垄断"化了。正如我们所知的那样,OpenSSH软件包中包含大量的SSH协议相关工具,使得其功能极为强大,但是,是否我们每一个人,又或者每一个功能都用得到? 或许,有时候,我们只是希望有一个单独的或依赖性尽可能少,或代码短小精悍的开源实现。比如,喜欢DIY操作系统,尤其是自己动手定制Linux的极客们,很多时候,我们希望将自己的系统尽可能负载最小化,但又五脏俱全,这时候,就该Dropbear SSH登场了。
一起尝尝鲜吧
好的,由于各种你或者认同又或者不认同的原因,我会向你推荐Dropbear SSH,至少,它值得你尝试。接下来我们就一起来体验一把ssh协议的另一种开源实现。
1. 首先我们需要先到Dropbear SSH项目官网下载其源码包。>>传送门 如果你是在Linux下,直接输入下面的命令即可
[root@Centos7 src]# yum -y install wget
[root@Centos7 src]# wget https://matt.ucc.asn.au/dropbear/releases/dropbear
-2017.75.tar.bz2
2. 解压源码包
[root@Centos7 src]# tar jxf dropbear-2017.75.tar.bz2.1
[root@Centos7 src]# cd dropbear-2017.75
3. 编译源码
[root@Centos7 dropbear-2017.75]# yum -y groupinstall "development tools"
[root@Centos7 dropbear-2017.75]# yum -y install zlib zlib-devel
[root@Centos7 dropbear-2017.75]# mkdir /etc/dropbear
[root@Centos7 dropbear-2017.75]# ./configure --prefix=/usr/local/dropbear --sysconfdir=/etc/dropbear
[root@Centos7 dropbear-2017.75]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
[root@Centos7 dropbear-2017.75]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
4. 查看安装目录,以确认是否安装成功。成功安装后的树形结构图如下:
[root@Centos7 dropbear-2017.75]# tree /usr/local/dropbear/
/usr/local/dropbear/
├── bin
│ ├── dbclient
│ ├── dropbearconvert
│ ├── dropbearkey
│ └── scp
├── sbin
│ └── dropbear
└── share
└── man
├── man1
│ ├── dbclient.1
│ ├── dropbearconvert.1
│ └── dropbearkey.1
└── man8
└── dropbear.8
6 directories, 9 files
5. 由于Dropbear的运行需要HostKey的支持,所以我们需要先生成Key
[root@Centos7 dropbear-2017.75]# cd /usr/local/dropbear/ #进入程序安装路径
[root@Centos7 dropbear]# ./bin/dropbearkey --help #获取帮助
Unknown argument --help
Usage: bin/dropbearkey -t <type> -f <filename> [-s bits] => 这里提供了生成key的方法
-t type Type of key to generate. One of: #可选的算法
rsa
dss
ecdsa
-f filename Use filename for the secret key. #路径说明
~/.ssh/id_dropbear is recommended for client keys.
-s bits Key size in bits, should be a multiple of 8 (optional) #可选的密钥长度
DSS has a fixed size of 1024 bits
ECDSA has sizes 256 384 521
-y Just print the publickey and fingerprint for the
private key in <filename>.
这里我们生成基于rsa
算法的密钥,并将其保存在/etc/dropbear
下
[root@Centos7 dropbear]# ./bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOaw9XJ1M/76pXXLRpE6L6mqGWodqjMw9EC/NqAT6VaFxp0WG32IellNEgd8RHF7NaJqC1lziU3dEflRN93RuWqynrXCOS8ZshCQfFwQ0Q4Cc/PrlOLbK27UO
np0M7Iyd6xqhI/cbGuZZuYRKZ/8iTsty82QqHR6CsKFjkeb90uh0xR9QjuqXknU9bUDbqoa38CD7K6cgZgbu/4DJRjFdMQW26v8fxG2irGw9gp9zNCLPJKlw/2ps6tEyoCGeoLi0rn4MlS2XwaJWnZX/EC73U+E
H81DhUw1oLqz+GNGgLpMnh0A5ilTwEnIVkyxvLHzhAOaU1F7IgJ90BCluQ8cH/ root@Centos7
Fingerprint: md5 af:1f:e9:d5:df:37:ea:2b:36:eb:33:e3:33:4e:7d:fc
[root@Centos7 dropbear]#
6. OK,万事俱备,让我们一试究竟。
[root@Centos7 dropbear]# /usr/local/dropbear/sbin/dropbear --help
Invalid option --
Dropbear server v2017.75 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: /usr/local/dropbear/sbin/dropbear [options]
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-r keyfile Specify hostkeys (repeatable)
defaults:
dss /etc/dropbear/dropbear_dss_host_key
rsa /etc/dropbear/dropbear_rsa_host_key
ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-R Create hostkeys as required
-F Don't fork into background
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive> (0 is never, default 0, in seconds)
-I <idle_timeout> (0 is never, default 0, in seconds)
-V Version
OpenSSH
始终占用着Port 22,所以我们指定别的端口来测试。[root@Centos7 dropbear]# ./sbin/dropbear -E -p 2222 #-E:在前台显示登录信息
[13845] Sep 13 23:52:30 Failed loading /etc/dropbear/dropbear_dss_host_key
[13845] Sep 13 23:52:30 Failed loading /etc/dropbear/dropbear_ecdsa_host_key
[13846] Sep 13 23:52:30 Running in background
[root@Centos7 dropbear]# ps aux | grep dropbear
root 13846 0.0 0.0 15056 408 ? Ss 23:52 0:00 ./sbin/dropbear -E -p 2222
我们通过客户端(IP:172.18.254.127)访问该主机(当前主机IP:172.18.1.100)
[root@Client ~]# ssh root@172.18.1.100 -p 2222 # -p选项用于指定端口
让我们看看此时的Dropbear服务端主机(还记得前面我们使用的-E选项吗?)
[root@Centos7 dropbear]# [13913] Sep 13 23:56:29 Child connection from 172.18.254.127:49726
[13913] Sep 13 23:56:34 Password auth succeeded for 'root' from 172.18.254.127:49726
[root@Centos7 ~]# w
23:59:15 up 7:27, 3 users, load average: 0.01, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.1.1 22:07 39:55 3.24s 3.10s ssh root@172.18.254.127
root pts/1 192.168.1.1 23:25 2:59 0.87s 0.87s -bash
root pts/2 172.18.254.127 23:56 3.00s 0.07s 0.02s w => 客户端地址
[root@Centos7 dropbear]# ./bin/dbclient 172.18.254.127 -p 22 #当然,因为我们的Client是默认的22端口,所以这里 -p 22 可以忽略不写
root@172.18.254.127's password:
Last login: Wed Sep 13 15:58:41 2017 from 172.18.251.47
成功登录Client
[root@Client ~]# w
16:08:01 up 3:36, 4 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 05Sep17 1:31m 0.12s 0.12s -bash
root pts/0 172.18.1.100 16:07 1.00s 0.08s 0.06s w
7. 卸载 不知道,体验了一把Dropbear后的你是什么感觉?不过,不管怎样,还是会负责的告诉你,怎么完全移除安装。 我们需要做的事情如下:
具体的做法如下:
[root@Centos7 ~]# rm -rf /etc/dropbear
[root@Centos7 ~]# rm -rf /usr/local/dropbear
[root@Centos7 ~]# rm -rf /usr/src/dropbear-2017.75
[root@Centos7 ~]# rm -rf /usr/src/dropbear-2017.75.tar.bz2
8. 至此,我们已经体验了一遍Dropbear风采,不管你喜欢或是不喜欢,都感谢你的勇于尝试。愿我们都能更好地Coding ヾ(๑╹◡╹)ノ"