溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

dropbear編譯安裝及服務(wù)腳本編寫(xiě)

發(fā)布時(shí)間:2020-07-31 16:31:28 來(lái)源:網(wǎng)絡(luò) 閱讀:2843 作者:chen523958392 欄目:網(wǎng)絡(luò)安全

編譯安裝

下載dropbear、并解壓

# wget http://matt.ucc.asn.au/dropbear/releases/dropbear-2015.67.tar.bz2 
# tar xvf dropbear-2015.67.tar.bz2
# cd dropbear-2015.67
# ./configure --prefix=/usr/local/dropbear --sysconfdir=/etc/dropbear

編譯安裝dropbear,要指定安裝dropbear的哪些程序

# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install

安裝完成后沒(méi)有/etc/dropbear,還要有/etc/dropbear/dropbear_dss_host_key和/etc/dropbear/dropbear_rsa_host_key文件        -t 指定類型 -f 指定安裝到那

# mkdir /etc/dropbear
# /usr/local/dropbear/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
# /usr/local/dropbear/bin/dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key

現(xiàn)在可以啟動(dòng)dropbear

# /usr/local/dropbear/sbin/dropbear -p 2222        #監(jiān)聽(tīng)在2222端口
# ps aux | grep dropbear        #服務(wù)已經(jīng)啟動(dòng)了
root     25377  0.0  0.0  15300   536 ?        Ss   17:50   0:00 /usr/local/dropbear/sbin/dropbear -p 2222
root     25379  0.0  0.0 103256   856 pts/2    S+   17:51   0:00 grep dropbear
# netstat -tnlp        #2222端口開(kāi)始監(jiān)聽(tīng)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:8307              0.0.0.0:*                   LISTEN      2861/vmware-hostd   
tcp        0      0 0.0.0.0:2222                0.0.0.0:*                   LISTEN      25377/dropbear             
tcp        0      0 :::22                       :::*                        LISTEN      2576/sshd                       
tcp        0      0 :::2222                     :::*                        LISTEN      25377/dropbear 
# ss -tanl
tate       Recv-Q Send-Q                           Local Address:Port                             Peer Address:Port 
LISTEN      0      100                                         :::2222                                       :::*     
LISTEN      0      100                                          *:2222                                        *:*

換一個(gè)端口

Xshell :\> ssh 192.168.1.9 2222        #可以連接

不想用ssh服務(wù),回到原端口

# chkconfig sshd off        #默認(rèn)開(kāi)機(jī)不啟動(dòng)
# service sshd stop

服務(wù)腳本的編寫(xiě)

想讓dropbear開(kāi)機(jī)啟動(dòng),換到2222端口

# vim /etc/rc.d/rc.local
/usr/local/dropbear/sbin/dropbear -p 2222    #能啟動(dòng),但是不能關(guān)閉,寫(xiě)個(gè)服務(wù)腳本
# vim /etc/sysconfig/dropbear   
port=2222

# vim /etc/rc.d/init.d/dropbear
#!/bin/bash
#
# chkconfig: 2345 75 50    默認(rèn)級(jí)別    啟動(dòng)級(jí)別    關(guān)閉級(jí)別
# description: lightweight ssh3 implementation
#
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions

[ -f /etc/sysconfig/dropbear ] && . /etc/sysconfig/dropbear

dsskey=/etc/dropbear/dropbear_dss_host_key
rsakey=/etc/dropbear/dropbear_rsa_host_key

pidfile=/var/run/dropbear.pid
lockfile=/var/lock/subsys/dropbear

dropbearkey=/usr/local/dropbear/bin/dropbearkey
dropbear=/usr/local/dropbear/sbin/dropbear

port=${port:=22}

gendsskey() {
    if [ ! -f $dsskey ]; then
        $dropbearkey -t dss -f $dsskey &> /dev/null
        [ $? -eq 0 ] && return 0 || return 1
    RETVAL=$?
    if [ $RETVAL -eq 0 ]; then
        echo -n "Generate dss key finished."
        passed
        echo
        return 0
    else
        echo -n "Genrate dss key failed"
        failure
        echo
        exit 6
    fi
    else
        return 0
    fi
}
genrsakey() {
    if [ ! -f $rsakey ]; then
        $dropbearkey -t rsa -f $rsakey -s 2048 &> /dev/null
    #   [ $? -eq 0 ] && return 0 || return 1        #這行不需要了
    RETVAL=$?
    if [ $RETVAL -eq 0 ]; then
        echo -n "Generate rsa key finished."
        passed
        echo
        return 0
    else
        echo -n "Genrate rsa key failed"
        failure
        echo
        exit 6
    fi
    else
        return 0
    fi
}
start() {
    gendsskey
    genrsakey 
    
    if [ -f $lockfile ]; then
        echo -n "dropbear is already running."
        failure
        echo
        exit 7
    fi
    
    echo -n "Start dropbear"
    daemon --pidfile $pidfile $dropbear -p $port
    RETVAL=$?
    echo 
    
    if [ $RETVAL -eq 0 ];then
        touch $lockfile
        return 0
    else
        rm -f $lockfile $pidfile
        return 1
    fi
}
stop() {
    if [ ! -f $lockfile ]; then
        echo -n "dropbear is not running."
        failure
        echo
        exit 8
    fi
    
    echo -n "Stop dropbear:"
    killproc dropbear
    RETVAL=$?
    echo
    
    [ $RETVAL -eq 0 ] && rm -f $lockfile && return 0 || return 1
}

case $1 in 
start)
    start ;;
stop)
    stop;;
restart)
    stop 
    start ;;
*) 
    exit 3 ;;
esac
# service dropbear start
Start dropbear                                             [確定]
# service dropbear restart
Stop dropbear:                                             [確定]
Start dropbear                                             [確定]
# service dropbear stop
Stop dropbear:                                             [確定]


向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI