Linux系统裁剪笔记之五dropbear嵌入式系统专用ssh远程登录服务
1.什么裁剪?
本篇文章的主要目的是让笔者和读者更深的认识Linux系统的运作方式,大致内容就是把Linux拆开自己一个个组件来组装,然后完成一个微型的Linux系统.下面,让我们来实现吧..写的不好的地方请指教.
2.原理
大家都知道,操作系统的启动流程是(主要是Linux):POST—>BIOS—>MBR—kernel-->initrd-->sbin/init,
POST,BIOS都不是我们管的,所以这里我们从MBR开始,Linux的系统引导先主要是用的grub这个软件,grub引导系统了,然后启动内核,内核调用initrd来实现最基本的操作系统.
3.实验目的(给精简linux增加ssh服务应用)
前期准备:已经安装制作了一个精简的linux系统
在宿主虚拟机添加IDE硬盘,并分2个分区,并挂载:
mount /dev/hda1 /mnt/boot
mount /dev/hda2 /mnt/sysroot
dropbear:嵌入式系统专用的ssh服务器端和客户端工具
服务器端:dropbear dropbearkey
客户端:dbclient
dropbear默认使用nsswitch实现名称解析
/etc/nsswitch.conf
/lib/libnss_files*
/usr/lib/libnss3.so
/usr/lib/libnss_files*
dropbear会在用户登录检查其默认shell是否当前系统的安全shell
/etc/shells
主机密钥默认位置:
/etc/dropbear/
RSA:dropbear_rsa_host_key (RSA加密方式)
长度可变,只要是8的整数倍,默认为1024
DSS:dropbear_dss_host_key (DSS加密方式)
长度固定,默认为1024
dropbearkey 生成密钥命令
-t rsa|dss 指定密钥类型
-f /path/to/KEY_FILE 指定生成的密钥保存位置
-s SIZE 指定生成密钥的字节大小
实现ssh远程登录服务的步骤如下:
1、先下载dropbear-2013.56.tar.bz2
[[email protected] ~]# lftp [email protected] 登录ftp服务器
口令:
lftp [email protected]:/> get dropbear-2013.56.tar.bz2 下载dropber软件
1578454 bytes transferred
lftp [email protected]:/> exit
[[email protected] ~]# ls
anaconda-ks.cfg Desktop install.log sbin bin sys lib dev
install.log.syslog showdate.sh busybox-1.20.2 dropbear-2013.56.tar.bz2
[[email protected] ~]# tar xf dropbear-2013.56.tar.bz2 解压缩安装包
[[email protected] ~]# cd dropbear-2013.56 进入解压缩目录
[[email protected] dropbear-2013.56]#./configure 编译前生成makefile
[[email protected] dropbear-2013.56]#make 编译
[[email protected] dropbear-2013.56]# make install 编译安装
install -d -m 755 /usr/local/sbin
install -m 755 dropbear /usr/local/sbin
chown root /usr/local/sbin/dropbear
chgrp 0 /usr/local/sbin/dropbear
install -d -m 755 /usr/local/bin
install -m 755 dbclient /usr/local/bin
chown root /usr/local/bin/dbclient
chgrp 0 /usr/local/bin/dbclient
install -d -m 755 /usr/local/bin
install -m 755 dropbearkey /usr/local/bin
chown root /usr/local/bin/dropbearkey
chgrp 0 /usr/local/bin/dropbearkey
install -d -m 755 /usr/local/bin
install -m 755 dropbearconvert /usr/local/bin
chown root /usr/local/bin/dropbearconvert
chgrp 0 /usr/local/bin/dropbearconvert
[[email protected] dropbear-2013.56]# cd ~ 进入到家目录,该目录有复制binlib脚本
[[email protected] ~]# ./cpbin.sh 执行复制库命令脚本,复制dropbear所需的三个文档
dropbear dbclient dropbearkey
Your command:dropbear
copy /usr/local/sbin/dropbear is finished.
copy lib /lib64/libcrypt.so.1 finished.
copy lib /lib64/libutil.so.1 finished.
copy lib /usr/lib64/libz.so.1 finished.
copy /usr/local/sbin/dropbear finished.
Continue: dbclient
copy /usr/local/bin/dbclient is finished.
copy /usr/local/bin/dbclient finished.
Continue: dropbearkey
copy /usr/local/bin/dropbearkey is finished.
copy /usr/local/bin/dropbearkey finished.
Continue: q
[[email protected] ~]# sync
[[email protected] ~]# sync
[[email protected] ~]# cd /mnt/sysroot 进入到系统挂载的根目录
[[email protected] sysroot]# vim etc/shells 新建shell文档
/bin/sh
/bin/bash
/bin/ash
/bin/hush
[[email protected] sysroot]# vim etc/fstab 编辑fstab文档
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
devpts /dev/pts devpts mode=620 0 0 新增改行内容
/dev/hda1 /boot ext3 defaults 0 0
/dev/hda2 / ext3 defaults 1 1
[[email protected] sysroot]# mkdir dev/pts 新建pts目录
[[email protected] sysroot]# sync
[[email protected] sysroot]# sync
[[email protected] sysroot]# mkdir etc/dropbear
[[email protected] sysroot]# dropbearkey -t rsa -f /mnt/sysroot/etc/dropbear
/drobear_rsa_host_key -s 2048 指定密钥类型为rsa并生成密钥存储在指定目录中
Will output 2048 bit rsa secret key to ‘/mnt/sysroot/etc/dropbear/dropbear_rsa_host_key‘
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAwCkisXjhRaNz1oHo4XbFR6LHGHx7rtk8CVGJ263h5UBWUtmoo/fVZK/x8ZvzJQiDJn3sQjxH9DT41wpFnu79Z1h2Fmfq0YSmRVc0jxlYGfJWScIbspkFF89kGa0z+PuqD1lEbbrzCQ8lfzqNS7CYA3OOZKlLxfGQbev7KGMqvaHOkorEHP7D27nIug1Ftm5DWqax3lIOfL5r5fdMMMVjVQvRM8ZXV7RiXZKnHeMJhkLcB4dbkZy1mktEjTd43tDUSf+Knz/oz0sEt1eNxSCoqf20Q62syJIWJhE3ZTTBdvrKhhoiEOP8UScgH88AogkQgONL7srCxZ0dCCFOIDZc+6q4Rc= [email protected]
Fingerprint: md5 03:df:ce:13:9c:72:98:4c:56:10:77:21:2d:de:1f:6b
[[email protected] sysroot]# dropbearkey -t dss -f /mnt/sysroot/etc/dropbear
/drobear_dss_host_key 指定密钥类型为dss并生成密钥存储在指定目录中
Will output 1024 bit dss secret key to ‘/mnt/sysroot/etc/dropbear/dropbear_dss_host_key‘
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAMgEVlFM0PqJxvTC4pqYue+3K+i08oaEQ/1LWHlg+ZizypeNj55dnMsIo2vjcYsDaBiXLj9iFH8mAfAiI7NEi9pl61y2LlLRvFuY2C1b2tb5i4fzWJ0f4bAbOUl7ETmjXtq2OHBauyrho+kAomvmoeub30oog0LSYoB91KhM5bQ/AAAAFQCPOzSbxoRJkfMdIPQiNlZ59oClVwAAAIBqHmhRS1C7CnkU3v0RAZzyyPqdaar6e6FV1fG8D/kS3wxedFH61PFPlNut7Y3qa3HTcuewal+yZChouKpVhSxMsRbdc+6qyiMxeO7nNKZbIzYa4+XvZTCBY71H8no0J4B+4t205w0ymMCnvFOH51yEdbQ9rCIdiIG5imufZHNwQgAAAIBH4AlrTagsMMzW5Lb0caXsXj0kodhckCKECWVVc7aP+x9ypKAyp1SSVkbzAvv8aSSlW4/V9OMxEq74hTT04Lp8Bh7Mng7YoFA1TMuaAP3MtBfcpOLy39mIFpniiQuk0loWfRwkhmjzxA+Z+J6GqoUjWr09st3ftQF0tgYAa6F+IA== [email protected]
Fingerprint: md5 9f:b0:e3:8f:71:c4:ca:89:90:97:7f:a5:f1:48:dc:bf
[[email protected] sysroot]# ls etc/dropbear/
dropbear_dss_host_key dropbear_rsa_host_key 两种类型的密钥已生成
[[email protected] sysroot]# mkdir usr/lib
[[email protected] sysroot]# ls usr/
bin lib lib64 local sbin
[[email protected] sysroot]# pwd
/mnt/sysroot
[[email protected] sysroot]# cd ~
[[email protected] ~]# cp -d /lib/libnss_files* /mnt/sysroot/lib/ 复制密钥所需的库文件
[[email protected] ~]# cp -d /usr/lib/libnss3.so /usr/lib/libnss_files.so /mnt/sysroot/usr/lib/ 复制密钥所需库文件,路径要对应
[[email protected] ~]# ls /mnt/sysroot/lib
libnss_files-2.5.so libnss_files.so.2 modules
[[email protected] ~]# ls -l /mnt/sysroot/usr/lib
总计 1176
-rwxr-xr-x 1 root root 1188804 12-21 06:44 libnss3.so
lrwxrwxrwx 1 root root 27 12-21 06:44 libnss_files.so -> ../../lib/libnss_files.so.2
[[email protected] ~]# cp /etc/nsswitch.conf /mnt/sysroot/etc/ 复制配置文件
[[email protected] ~]# vim /mnt/sysroot/etc/nsswitch.conf 编辑配置文件,只需保留以下四行即可
passwd: files
shadow: files
group: files
hosts: files dns
[[email protected] ~]# sync 把数据同步写入至硬盘