Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Brief introduction-the use of OpenSSH-dropbear under CentOS6.5

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Dropbear is a relatively small SSH server and client.

Technology:

Dropbear implements secure Shell (SSH) protocol version 2. The encryption algorithm is implemented within the Dropbear allocation using a third-party encryption library. It comes from some local OpenSSH to deal with BSD-style pseudo-terminals.

Features:

Dropbear implements the complete SSH client and server version 2 protocol. It does not support backward compatibility with SSH version 1 to save space and resources, and to avoid the security vulnerabilities inherent in SSH version 1. It also implemented SCP's. SFTP support depends on a binary file, which can be provided through the OpenSSH or similar plan.

Here is a simple installation and configuration of dropbear:

1. Compile and install:

1)。 Extract the prepared dropbear-2013.58:

# tar xf dropbear-2013.58.tar.bz2

2)。 Compile / install and generate the required tool dropbear:

# cd dropbear-2013.58#. / configure-- prefix=/usr/local/dropbear/# make PROGRAMS= "dropbear dbclient dropbearkey scp" # make PROGRAMS= "dropbear dbclient dropbearkey scp" install

two。 Configure the service script:

1)。 Edit the / etc/rc.d/init.d/dropbear file:

# vim / et _ c _ etc/rc.d/init.d/functions _ r _ r / etc/rc.d/init.d/functions [- r / etc/sysconfig/dropbear] & &. / etc/sysconfig/dropbearkeysize=$ {keysize:-1024} port=$ {port:-22} gendsskey () {[- d / etc/dropbear] | | mkdir / etc/dropbear echo-n "Starting generate the dsskey:" $dropbearkey-t dss-f $dsskey & > / dev/null RETVAL=$?if [$RETVAL-eq 0] Then success echo return 0else failure echo return 1fi} genrsakey () {[- d / etc/dropbear] | | mkdir / etc/dropbear echo-n "Starting generate the rsakey:" $dropbearkey-t rsa-s $keysize-f $rsakey & > / dev/null RETVAL=$?if [$RETVAL-eq 0] Then success echo return 0else failure echo return 1fi} start () {[- e $dsskey] | gendsskey [- e $rsakey] | | genrsakey if [- e $lockfile]; then echo-n "dropbear daemon is already running:" success echo exit 0fi echo-n "Starting dropbear:" daemon-- pidfile= "$pidfile" $dropbear-p $port-d $dsskey-r $rsakey RETVAL=$? Echoif [$RETVAL-eq 0]; then touch $lockfile return 0else rm-f $lockfile $pidfile return 1fi} stop () {if [!-e $lockfile]; then echo-n "dropbear service is stopped:" success echo exit 1fi echo-n "Stopping dropbear daemon:" killproc dropbear RETVAL=$? Echo If [$RETVAL-eq 0] Then rm-f $lockfile $pidfile return 0 else return 1fi} status () {if [- e $lockfile]; then echo "dropbear is running..." Else echo "dropbear is stopped..." Fi} usage () {echo "Usage: dropbear {start | stop | restart | status | gendsskey | genrsakey}"} case $1 instart) start;; stop) stop;; restart) stop start;; status) status;; gendsskey) gendsskey;; genrsakey) genrsakey;; *) usage;; esac

3. Script file configuration (also a file for a custom port):

# vim / etc/sysconfig/dropbearkeysize=2048port=22022

4. Assign the appropriate attributes:

1)。 Grant executable permissions:

# chmod + x / etc/rc.d/init.d/dropbear

2)。 Add dropbear as a system service to facilitate startup using service.

# chkconfig-- add dropbear# chkconfig-- list | grep dropbear

3)。 Start the service:

# service dropbear start

4)。 View the port:

# ss-tunl

5. Use terminals such as Xshell to test:

Use the self-defined port to test the port.

A smile is the most beautiful language!!!

Write a blog based on my understanding, if there are any mistakes, welcome to point out.

-> little girl

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 237

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report