Dropbear 安装配置与启动ssh服务详解

一、介绍

dropbear作为一款基于ssh协议的轻量级sshd服务器，相比OpenSSH，其更简洁，更小巧，运行起来内存占用比也更小。在应用进程上，OpenSSH会开启两个sshd进程服务，而dropbear只开启一个进程，相较于OpenSSH，其对于硬件要求也更低，也更节约系统资源。
dropbear实现完整的SSH客户端和服务器版本2协议，不支持SSH版本1协议的向后兼容性，以节省空间和资源，并避免在SSH版本1的固有的安全漏洞。

dropbear主要有以下程序：

• 服务程序：dropbear（类似于Openssh的sshd）
• 客户程序：dbclinet（累世于Openssh的ssh）
• 密钥生成程序：dropbearkey

---

二、dropbear的编译安装：

安装准备：

1. 安装开发包组
[root@CentOS7 ~]#yum groupinstall Development tools -y
2. 下载dropbear-2017.75.tar.bz2

下载源码编译.png

3. 将其dropbear进行解压缩，并查看安装自述文件

[root@CentOS7 /app]#tar xf dropbear-2017.75.tar.bz2

[root@CentOS7 /app/dropbear-2017.75]#less INSTALL README 
Basic Dropbear build instructions:

- Edit options.h to set which features you want.
- Edit debug.h if you want any debug options (not usually required).

(If using a non-tarball copy, "autoconf; autoheader")

./configure      (optionally with --disable-zlib or --disable-syslog,
                  or --help for other options)

Now compile:

make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"

And install (/usr/local/bin is usual default):

make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install

(you can leave items out of the PROGRAMS list to avoid compiling them. If you
recompile after changing the PROGRAMS list, you *MUST* "make clean" before
recompiling - bad things will happen otherwise)

See MULTI for instructions on making all-in-one binaries.

If you want to compile statically, add "STATIC=1" to the make command-line.

Binaries can be stripped with "make strip"

============================================================================

If you're compiling for a 386-class CPU, you will probably need to add
CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.

============================================================================
INSTALL (file 1 of 2)...skipping...
Basic Dropbear build instructions:

- Edit options.h to set which features you want.
- Edit debug.h if you want any debug options (not usually required).

(If using a non-tarball copy, "autoconf; autoheader")

./configure      (optionally with --disable-zlib or --disable-syslog,
                  or --help for other options)

Now compile:

make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"

And install (/usr/local/bin is usual default):

make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install

4、对即将安装的软件进行配置，检查当前的环境是否满足要安装软件的依赖关系，对缺少依赖关系进行yum安装

[root@CentOS7 /app/dropbear-2017.75]#./configure
configure: error: *** zlib missing - install first or check config.log *** #显示其缺少zlib-devel
[root@CentOS7 /app/dropbear-2017.75]#yum install zlib-devel -y

5. 编译安装

make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install

6. 创建目录/etc/dropbear/，生成key文件

[root@CentOS7 /usr/local/bin]#mkdir /etc/dropbear/
[root@CentOS7 /usr/local/bin]#dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

7. 启动dropbear，默认后台运行

[root@CentOS7 /usr/local/bin]#dropbear -E -p 2222 #-p指定端口
[17279] Sep 12 22:40:34 Failed loading /etc/dropbear/dropbear_dss_host_key
[17279] Sep 12 22:40:34 Failed loading /etc/dropbear/dropbear_ecdsa_host_key
[17280] Sep 12 22:40:34 Running in background```

[root@CentOS7 /usr/local/bin]#ss -ntl
State      Recv-Q Send-Q                             Local Address:Port                                            Peer Address:Port              
LISTEN     0      128                                            *:2222                                                       *:*                  
LISTEN     0      128                                            *:22                                                         *:*                  
LISTEN     0      10                                     127.0.0.1:25                                                         *:*                  
LISTEN     0      128                                           :::2222                                                      :::*                  
LISTEN     0      128                                           :::22                                                        :::*                  
LISTEN     0      128                                           :::23                                                        :::*

客户端：

[root@CentOS6 ~]#ssh 172.18.254.65 -p 2222
The authenticity of host '[172.18.254.65]:2222 ([172.18.254.65]:2222)' can't be established.
RSA key fingerprint is aa:06:2e:6d:0c:61:b6:e1:52:67:4e:19:4d:8e:fa:80.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.18.254.65]:2222' (RSA) to the list of known hosts.
root@172.18.254.65's password: 
[root@CentOS7 ~]#    ##连接成功

服务端连接状态：

[root@CentOS7 /usr/local/bin]#[17294] Sep 12 22:44:45 Child connection from 172.18.254.55:37836
[17294] Sep 12 22:44:47 Password auth succeeded for 'root' from 172.18.254.55:37836

-F指定前台运行：

[root@CentOS7 ~]#dropbear -FE -p 2222 
[17324] Sep 12 22:48:32 Failed loading /etc/dropbear/dropbear_dss_host_key
[17324] Sep 12 22:48:32 Failed loading /etc/dropbear/dropbear_ecdsa_host_key
[17324] Sep 12 22:48:32 Failed listening on '2222': Error listening: Address already in use
[17324] Sep 12 22:48:32 Early exit: No listening ports available.