install-dropbear
文章目录
TL;dr
Dropbear is a relatively small SSH server and client.
docker run -it --rm debian:10 bash
sed -i "s|deb.debian.org|mirrors.huaweicloud.com|g" /etc/apt/sources.list && \
sed -i "s|security.debian.org|mirrors.huaweicloud.com|g" /etc/apt/sources.list && \
apt-get clean && \
apt-get update
apt install -qy autoconf gcc make tcl gettext difference libexpat1-dev libcurl4-openssl-dev libssl-dev zlib1g-dev
# 如果报错
tar (child): bzip2: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
# 安装
apt install bzip2
#wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2019.78.tar.bz2
curl -L -o dropbear.tar.bz2 https://matt.ucc.asn.au/dropbear/releases/dropbear-2020.80.tar.bz2
tar -jxvf dropbear.tar.bz2
cd dropbear-2020.80
./configure
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
configure: No $CFLAGS set... using "-Os -W -Wall" for GCC
configure: Checking if compiler 'gcc' supports -Wno-pointer-sign
configure: Setting -Wno-pointer-sign
configure: Checking if compiler 'gcc' supports -fno-strict-overflow
configure: Setting -fno-strict-overflow
configure: Checking for available hardened build flags:
configure: Setting -fPIE
configure: Setting -Wl,-pie
configure: Setting -Wl,-z,now -Wl,-z,relro
configure: Setting -fstack-protector-strong
configure: Setting -D_FORTIFY_SOURCE=2
configure: Setting -mfunction-return=thunk
configure: Setting -mindirect-branch=thunk
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking for install... install
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether __UCLIBC__ is declared... no
checking for crypt... no
checking for crypt in -lcrypt... yes
checking for deflate in -lz... yes
configure: Enabling zlib
configure: Disabling PAM
configure: Using openpty if available
checking for library containing openpty... -lutil
configure: Enabling syslog
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
configure: Using shadow passwords if available
configure: Disabling fuzzing
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking netinet/tcp.h usability... yes
checking netinet/tcp.h presence... yes
checking for netinet/tcp.h... yes
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking pty.h usability... yes
checking pty.h presence... yes
checking for pty.h... yes
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking libgen.h usability... yes
checking libgen.h presence... yes
checking for libgen.h... yes
checking for inttypes.h... (cached) yes
checking stropts.h usability... yes
checking stropts.h presence... yes
checking for stropts.h... yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking utmpx.h usability... yes
checking utmpx.h presence... yes
checking for utmpx.h... yes
checking lastlog.h usability... yes
checking lastlog.h presence... yes
checking for lastlog.h... yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking util.h usability... no
checking util.h presence... no
checking for util.h... no
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking security/pam_appl.h usability... no
checking security/pam_appl.h presence... no
checking for security/pam_appl.h... no
checking pam/pam_appl.h usability... no
checking pam/pam_appl.h presence... no
checking for pam/pam_appl.h... no
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking sys/uio.h usability... yes
checking sys/uio.h presence... yes
checking for sys/uio.h... yes
checking linux/pkt_sched.h usability... yes
checking linux/pkt_sched.h presence... yes
checking for linux/pkt_sched.h... yes
checking sys/random.h usability... yes
checking sys/random.h presence... yes
checking for sys/random.h... yes
checking for an ANSI C-conforming const... yes
checking for uid_t in sys/types.h... yes
checking for mode_t... yes
checking for pid_t... yes
checking for size_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking for uint8_t... yes
checking for u_int8_t... yes
checking for uint16_t... yes
checking for u_int16_t... yes
checking for uint32_t... yes
checking for u_int32_t... yes
checking for struct sockaddr_storage... no
checking for socklen_t... yes
checking for struct sockaddr_storage... yes
checking for struct sockaddr_in6... yes
checking for struct in6_addr... yes
checking for struct addrinfo... yes
checking for gai_strerror... yes
checking for struct utmp.ut_host... yes
checking for struct utmp.ut_pid... yes
checking for struct utmp.ut_type... yes
checking for struct utmp.ut_tv... yes
checking for struct utmp.ut_id... yes
checking for struct utmp.ut_addr... yes
checking for struct utmp.ut_addr_v6... yes
checking for struct utmp.ut_exit... yes
checking for struct utmp.ut_time... yes
checking for struct utmpx.ut_host... yes
checking for struct utmpx.ut_syslen... no
checking for struct utmpx.ut_type... yes
checking for struct utmpx.ut_id... yes
checking for struct utmpx.ut_addr... no
checking for struct utmpx.ut_addr_v6... yes
checking for struct utmpx.ut_time... no
checking for struct utmpx.ut_tv... yes
checking for struct sockaddr_storage.ss_family... yes
checking for endutent... yes
checking for getutent... yes
checking for getutid... yes
checking for getutline... yes
checking for pututline... yes
checking for setutent... yes
checking for utmpname... yes
checking for endutxent... yes
checking for getutxent... yes
checking for getutxid... yes
checking for getutxline... yes
checking for pututxline... yes
checking for setutxent... yes
checking for utmpxname... yes
checking for logout... yes
checking for updwtmp... yes
checking for logwtmp... yes
checking for clock_gettime... yes
checking mach/mach_time.h usability... no
checking mach/mach_time.h presence... no
checking for mach/mach_time.h... no
checking for mach_absolute_time... no
checking for explicit_bzero... yes
checking for memset_s... no
checking for getrandom... yes
checking for mp_to_ubin in -ltommath... no
checking for poly1305_init in -ltomcrypt... no
checking for library containing login... none required
checking for logout... (cached) yes
checking for updwtmp... (cached) yes
checking for logwtmp... (cached) yes
checking if your system defines LASTLOG_FILE... no
checking if your system defines _PATH_LASTLOG... yes
checking if your system defines UTMP_FILE... yes
checking if your system defines WTMP_FILE... yes
checking if your system defines UTMPX_FILE... no
checking if your system defines WTMPX_FILE... no
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking types of arguments for select... int,fd_set *,struct timeval *
checking for getpass... yes
checking for getspnam... yes
checking for getusershell... yes
checking for putenv... yes
checking for clearenv... yes
checking for strlcpy... no
checking for strlcat... no
checking for daemon... yes
checking for basename... yes
checking for _getpty... no
checking for getaddrinfo... yes
checking for freeaddrinfo... yes
checking for getnameinfo... yes
checking for fork... yes
checking for writev... yes
checking for getgrouplist... yes
checking for library containing basename... none required
configure: creating ./config.status
config.status: creating Makefile
config.status: creating libtomcrypt/Makefile
config.status: creating libtommath/Makefile
config.status: creating config.h
configure:
configure: Using bundled libtomcrypt and libtommath
configure:
configure: Now edit localoptions.h to choose features.
make
#make scp
make install
install -d /usr/local/sbin
install dropbear /usr/local/sbin
install -d /usr/local/share/man/man8
install -m 644 ./dropbear.8 /usr/local/share/man/man8/dropbear.8
install -d /usr/local/bin
install dbclient /usr/local/bin
install -d /usr/local/share/man/man1
if test -e ./dbclient.1; then install -m 644 ./dbclient.1 /usr/local/share/man/man1/dbclient.1; fi
install -d /usr/local/bin
install dropbearkey /usr/local/bin
install -d /usr/local/share/man/man1
if test -e ./dropbearkey.1; then install -m 644 ./dropbearkey.1 /usr/local/share/man/man1/dropbearkey.1; fi
install -d /usr/local/bin
install dropbearconvert /usr/local/bin
install -d /usr/local/share/man/man1
if test -e ./dropbearconvert.1; then install -m 644 ./dropbearconvert.1 /usr/local/share/man/man1/dropbearconvert.1; fi
## 安装完成后目录
root@40c05fb00c80:/dropbear-2020.80# ls -l /usr/local/bin/
total 584
-rwxr-xr-x 1 root root 255480 Aug 17 13:00 dbclient
-rwxr-xr-x 1 root root 169528 Aug 17 13:00 dropbearconvert
-rwxr-xr-x 1 root root 164736 Aug 17 13:00 dropbearkey
root@40c05fb00c80:/dropbear-2020.80# ls -l /usr/local/sbin/
total 260
-rwxr-xr-x 1 root root 264208 Aug 17 13:00 dropbear
## 启动
dropbear -F -E -p 2222
[7898] Aug 17 13:02:37 Failed loading /etc/dropbear/dropbear_rsa_host_key
[7898] Aug 17 13:02:37 Failed loading /etc/dropbear/dropbear_dss_host_key
[7898] Aug 17 13:02:37 Failed loading /etc/dropbear/dropbear_ecdsa_host_key
[7898] Aug 17 13:02:37 Failed loading /etc/dropbear/dropbear_ed25519_host_key
[7898] Aug 17 13:02:37 Early exit: No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.
mkdir -p /etc/dropbear
dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key
dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key
root@40c05fb00c80:/dropbear-2020.80# ls -l /etc/dropbear/
total 12
-rw------- 1 root root  459 Aug 17 13:03 dropbear_dss_host_key
-rw------- 1 root root  141 Aug 17 13:03 dropbear_ecdsa_host_key
-rw------- 1 root root 1573 Aug 17 13:03 dropbear_rsa_host_key
dropbear -help
Dropbear server v2020.80 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile	Display the contents of bannerfile before user login
		(default: none)
-r keyfile      Specify hostkeys (repeatable)
		defaults:
		- dss /etc/dropbear/dropbear_dss_host_key
		- rsa /etc/dropbear/dropbear_rsa_host_key
		- ecdsa /etc/dropbear/dropbear_ecdsa_host_key
		- ed25519 /etc/dropbear/dropbear_ed25519_host_key
-R		Create hostkeys as required
-F		Don't fork into background
-E		Log to stderr rather than syslog
-m		Don't display the motd on login
-w		Disallow root logins
-G		Restrict logins to members of specified group
-s		Disable password logins
-g		Disable password logins for root
-B		Allow blank password logins
-T		Maximum authentication tries (default 10)
-j		Disable local port forwarding
-k		Disable remote port forwarding
-a		Allow connections to forwarded ports from any host
-c command	Force executed command
-p [address:]port
		Listen on specified tcp port (and optionally address),
		up to 10 can be specified
		(default port is 22 if none specified)
-P PidFile	Create pid file PidFile
		(default /var/run/dropbear.pid)
-i		Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version
ref
上次更新 2020-01-20
原始文档 查看本文 Markdown 版本 »