一、远程登录协议

    1.telnet:远程登录,tcp/23端口的应用层协议

        C/S架构

        S:telnet服务器

        C:telnet客户端

    2.SSH:Secure Shell,tcp/22端口的应用层协议

        通信过程及认证过程是加密的,主机需要认证

            Server端发送Secret key给Client端的Public Key对照;

        用户认证过程加密

        数据传输过程加密

    3.SSH协议 v1 v2

        v1已经可以被man-in-middle(中间人)攻击了 

    4.SSH认证过程:

        基于口令认证

        基于密钥认证

二、Linux中的SSH:OpenSSH

    1.C/S架构

        a)服务器端:sshd,配置文件/etc/ssh/sshd_config

        b)客户端:ssh,配置文件/etc/ssh/ssh_config

            ssh-keygen 密钥生成器

            ssh-copy-id 将公钥传输至远程服务器

            scp 跨主机安全复制工具,复制过程是加密的

    2.ssh登录服务端命令:

        a)主机认证密钥(接收时选择yes|no),主机认证密钥保存在/USERHOME/.ssh/known_hosts

        b)ssh(默认为客户端当前用户登录)远程登录方式:

            ssh USERNAME@HOST

            ssh -l USERNAME HOST

            ssh USERNAME@HOST 'COMMAND'

        c)scp:

            scp SRC DEST

            -r

            -a

            scp USERNAME@HOST:/path/to/somefile /path/to/local

            scp /path/to/local USERNAME@HOST:/path/to/somewhere

        d)ssh-keygen 

            -t rsa

            ~/.ssh/id_rsa(私钥文件位置)

            ~/.ssh/id_rsa.pub(公钥文件位置)

            -f /path/to/KEY_FILE

            -P '':指定加密私钥的密码,''指定空密码

        e)公钥要追加保存在远程主机某用户的家目录下的.ssh/authorized_keys文件或.ssh/authorized_keys2文件才能远程主机.

三、ssh登录服务端无需密码实例

方法一:

    1、客户端生成密钥:

[root@localhost ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): 

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

e4:41:63:3c:e5:75:b5:a7:99:9e:ab:cd:99:9e:dc:a7 root@localhost.localdomain

    2、复制公钥到远程主机:

[root@localhost ~]# scp .ssh/id_rsa.pub root@192.8.8.50:/root

The authenticity of host '192.8.8.50 (192.8.8.50)' can't be established.

RSA key fingerprint is 3f:e6:b9:8e:e3:4d:c8:c2:e4:90:50:0f:5b:23:c1:2a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.8.8.50' (RSA) to the list of known hosts.

root@192.8.8.50's password: 

id_rsa.pub                                                           100%  408     0.4KB/s   00:00 

    3、登录远程主机创建.ssh目录:

[root@localhost ~]# ssh root@192.8.8.50

root@192.8.8.50's password: 

Last login: Thu Jun 19 23:03:02 2014 from 192.8.8.18

[root@localhost01 ~]# mkdir .ssh

[root@localhost01 ~]# chmod 700 .ssh

    4、复制公钥文件到远程登录端:

[root@localhost01 ~]# cat id_rsa.pub >> .ssh/authorized_keys

    5、退出远程登录端,在客户端测试,不需要在输入密码:

[root@localhost01 ~]# exit

[root@localhost ~]# ssh root@192.8.8.50 

方法二:

[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.8.8.50

15

root@192.8.8.50's password: 

Now try logging into the machine, with "ssh 'root@192.8.8.50'", and check in:


  .ssh/authorized_keys


to make sure we haven't added extra keys that you weren't expecting.

[root@localhost ~]# ssh root@192.8.8.50

四、ssh服务端登录客户端端无需密码实例

    1、生成服务端成私钥:

[root@localhost01 ~]# ssh-keygen -t rsa -f  .ssh/id_rsa -P ''

Generating public/private rsa key pair.

Your identification has been saved in .ssh/id_rsa.

Your public key has been saved in .ssh/id_rsa.pub.

The key fingerprint is:

72:83:ec:93:c8:3e:6a:10:36:04:7a:40:4e:38:99:6f root@localhost01

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|*=               |

|Oo               |

|o+.              |

|.+E  . .         |

|.o.   + S        |

|.  . o + .       |

| .  o +          |

|  ...  .         |

| .....           |

+-----------------+

    2、复制公钥到登录端:

[root@localhost01 ~]# ssh-copy-id root@192.8.8.18

    3、服务端ssh测试:

[root@localhost01 ~]# ssh root@192.8.8.18

Last login: Mon Jun  2 14:11:26 2014 from 192.8.8.10

[root@localhost ~]#

五、嵌入式系统专用的SSH服务器端和客户端工具(dropbear)

[可接BASH脚本编程之系统裁剪51或者Linux自定义内核及busybox完成系统定制52]

    1.服务器端命令:

        dropbear:dropbear会在用户登录检查其默认shell是否是当前系统的安全shell(/etc/shell)

        dropbearkey

    2.客户端:dbclient

    3.dropbear主机密钥默认位置:/etc/dropbear

        RSA:dropbear_rsa_host_key

            长度可变,只要是8的整数倍,默认为1024

DSS:dropbear_dss_host_key

            长度固定,默认为1024

    4.dropbear默认使用nsswitch实现名称解析

        /etc/nsswitch.conf

/lib/libnss_files*

/usr/lib/libnss3.so

/usr/lib/libnss_files*

自定义Linux实现SSH远程登录:

    1.下载\Sources\Busybox下的dropbear-2013.56.tar.bz2;

    2.tar xf dropbear-2013.56.tar.bz2

    3.编译dropbear(安装编译环境:Development Libraries;Development Tools)

        cd dropbear-2013.56

        ./configure

        make 

        make install

    4.运行脚本binary.sh移植dropbear,dropbearkey,dbclient命令:

    5.编辑安全shell文件

        cd /mnt/sysroot

        vim etc/shells

/bin/sh

/bin/bash

/bin/ash

/bin/hush

    6.添加挂载伪文件系统:

        vim etc/fstab第三行添加:

devpts/dev/ptsdevptsmode=6200

    7.创建能执行伪文件系统的目录:

mkdir dev/pts

    8.生成dropbear主机密钥:

mkdir etc/dropbear

dropbearkey -t rsa -f /mnt/sysroot/etc/dropbear/dropbear_rsa_host_key -s 2048

dropbearkey -t dss -f /mnt/sysroot/etc/dropbear/dropbear_dss_host_key

ls etc/dropbear/

    9.复制longin中间层文件:

        ls -l /mnt/sysroot/usr/lib

mkdir /mnt/sysroot/usr/lib 

cp -d /lib/libnss_files* /mnt/sysroot/lib/ 

cp -d /usr/lib/libnss3.so /usr/lib/libnss_files.so /mnt/sysroot/usr/lib

    10.编辑login的配置文件:

cp /etc/nsswitch.conf /mnt/sysroot/etc/ 

vim /mnt/sysroot/etc/nsswitch.conf(.,$d删除其他行,保留四行)

passwd:files

shadow:files

group:files

hosts:filesdns

    11.启动新主机登录,测试:

        使用绝对路径运行dropbear命令:

            /usr/local/sbin/dropbear -E -F(前端运行)

    /usr/local/sbin/dropbear(后端运行)

    12.远程登录新主机;

        export PATH=$PATH:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin 

    13.新主机上登录另外一台主机:

        /usr/local/bin/dbclient -l root IPADD .