Mr.Zhangssh使用的是RSA的非对称加密,非对称加密是指加密和解密用的密钥不一样,分为公钥和私钥,公钥可以公开是放在服务器端的,私钥是需要妥善保管的
一,OpenSSH密钥
在Linux可以用ssh-keygen创建密钥对,可以创建2种格式rsa,dsa,选择rsa就可以了
ssh-keygen -t rsa -b 2048 -C "ssh_test" 私钥 如下格式: -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn ........................................ -----END OPENSSH PRIVATE KEY----- 公钥*.pub如下格式: ssh-rsa AAAAB3Nza...... ssh_test
将公钥pub追加到服务器: echo *.pub >>~/.ssh/authorized_keys
正常情况下服务器的.ssh文件夹下只有authorized_keys和know_hosts2个文件
私钥private放到本地跟人文件夹.ssh 这个随便
丢失了公钥,可以根据私钥产生公钥:ssh-keygen -y -f privatekey
二,Dropbear密钥
dropbear 密钥和电脑普通密钥格式不太一样,必须使用dropbearkey命令生成私钥,然后生成公钥:dropbearkey -y -f <私钥>| grep “^ssh-rsa ” > <公钥>
注意dropbear的密钥是二进制的,密钥产生: dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key //这个路径要跟dropbear启动命令相符 由密钥获取公钥: dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key |grep '^ssh'>dropbear.pub //这个公钥需要追加到/root/.ssh/authorized_keys cat dropbear.pub >/root/.ssh/authorized_keys 由于dropbear的密钥和普通ssh密钥不能格式不一致需要将dropbear格式转成openssh dropbearconvert dropbear openssh /etc/dropbear/dropbear_rsa_host_key dropbearOpensshPrivateKey //这个就是Xshell支持的私钥格式了 //在Ubuntu中,拷贝密钥 cp dropbearOpensshPrivateKey ~/.ssh/ sudo chmod 600 ~/.ssh/dropbearOpensshPrivateKey //特别注意Linux对私钥的权限要求不能太开放,也就是说如果私钥权限是777 Linux会认为这个私钥不能用
特别注意在嵌入式设备里要注意 /root/.ssh/authorized_keys的所有者必须为root
三,记录一次Dropbear移植
移植的对象是一个嵌入式系统,他的文件系统只有/customer是可以断电保存的,这就有一个问题,dropbear是默认读取/etc/dropbear的密钥的.如果/etc/dropbear不存在即使”-R”选项存在他无法创建密钥,操作步骤:
①将装有dropbear所有文件的文件夹考入到Upan,Upan目录是这样子:
lee@MRZ:/samba/dropbear$ tree ./ ./ ├── 1205addssh.sh //在嵌入式运行这个脚本可以自动部署环境 ├── 说明.txt ├── dropbear //dropbear服务程序 ├── dropbearOpensshPrivateKey //dropbear 密钥openssh格式 ├── dropbear.pub //dopbear公钥 要cat dropbear.pub >/root/.ssh/authorized_keys ├── dropbear_rsa_host_key //dropbear运行 -r 指定的rsa密钥 ├── known_hosts ├── libutil.so.1 //dropbear依赖的库文件 └── rsync
②将Upan挂载到嵌入式系统,运行1205addssh.sh
lee@MRZ:/samba/dropbear$ tree ./
#!/bin/sh
mkdir -p /customer/dropbear //用来存放drop所需要的所有文件,每次开机的时候拷贝到相应的目录
cp ./libutil.so.1 /customer/qt5lib/
cp dropbear dropbear_rsa_host_key dropbear.pub known_hosts rsync /customer/dropbear
mkdir -p /root/.ssh
cat </customer/dropbear/startdropbear.sh //创建启动dropbear脚本
#!/bin/sh
ifconfig eth0 192.168.10.112 netmask 255.255.255.0 //ip配置
ifconfig eth0 down
ifconfig eth0 up
mkdir -p /root/.ssh
mkdir -p /etc/dropbear
cp /customer/dropbear/rsync /bin/ //QtCreator 在ssh链接需要rsync程序或者ftp服务
cp /customer/dropbear/dropbear.pub /root/.ssh/authorized_keys //公钥 但是一直没有调通
cp /customer/dropbear/known_hosts /root/.ssh/ //这个没啥用感觉
echo "root:qowscY2UPzRlc:0:0:Linux User,,,:/home/root:/bin/sh" >/etc/passwd //因为不能设置key登录,所以设置root密码为1
chmod 655 /root/.ssh/authorized_keys
chmod 655 /root/.ssh/known_hosts
cp /customer/dropbear/*_key /etc/dropbear //件rsa密钥放到 dropbear的默认目录
/customer/dropbear/dropbear -RE //启动Dropbear,-R 按需创建密钥,-E将错误日志打印到stderr
EOF
chmod +x /customer/dropbear/startdropbear.sh
cat </customer/demo.sh
if [ -f "/tmp/demorun" ];then
exit 0
fi
echo 111 >/tmp/demorun
insmod /config/modules/4.9.84/cifs.ko
insmod /config/modules/4.9.84/grace.ko
insmod /config/modules/4.9.84/sunrpc.ko
insmod /config/modules/4.9.84/lockd.ko
insmod /config/modules/4.9.84/vfat.ko
insmod /config/modules/4.9.84/libphy.ko
insmod /config/modules/4.9.84/sstar_100_phy.ko
insmod /config/modules/4.9.84/fixed_phy.ko
insmod /config/modules/4.9.84/of_mdio.ko
# kernel_mod_list
major=`cat /proc/devices | busybox awk "\\\==\""mi"\" {print \\\}"\n`
minor=`ls -l /dev/mi_* | grep "^c" | wc -l`
let minor--
mkdir /lib/firmware
cp /customer/bluetooth/firmware/* /lib/firmware/
insmod /customer/modules/kdrv_emac.ko
insmod /customer/modules/8723du.ko
insmod /customer/modules/llc.ko
insmod /customer/modules/stp.ko
insmod /customer/modules/bridge.ko
insmod /customer/modules/bluetooth.ko
insmod /customer/modules/rfcomm.ko
insmod /customer/modules/rtk_btusb.ko
mkdir /var/tmp
ifconfig lo 127.0.0.1
ifconfig lo up
#ifconfig eth0 192.168.1.136
#ifconfig eth0 up
# tslib environment
export TSLIB_ROOT=/customer/tslib
export TSLIB_CONSOLEDEVICE=none
export TSLIB_TSDEVICE=/dev/input/event0
#export TSLIB_CALIBFILE=/etc/pointercal
export TSLIB_CALIBFILE=/customer/pointercal
export TSLIB_CONFFILE=/etc/ts.conf
export TSLIB_PLUGINDIR=$TSLIB_ROOT/ts
export TSLIB_FBDEVICE=/dev/fb0
export QWS_MOUSE_PROTO="tslib:/dev/input/event0 MouseMan:/dev/input/mouse1"
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/customer/qt5lib:$TSLIB_ROOT:/lib:/customer/sqlite3lib
#QT
export QT_QPA_FB_TSLIB=1
export QT_QPA_PLATFORM=linuxfb:fb=/dev/fb0:mmsize=150*95
export QT_QPA_GENERIC_PLUGINS=evdevmouse:/dev/input/event2
export QT_QPA_PLATFORM_PLUGIN_PATH=/customer/qt5lib/plugins
export QT_QPA_FONTDIR=/customer/front
chmod 777 /customer/bin/*
chmod 777 /customer/MH1205/*
if [ -e "/dev/sda1" ]; then
mkdir -p /vendor/usbdisk
mount -rw -o iocharset=utf8 /dev/sda1 /vendor/usbdisk
if [ $? -ne 0 ] ; then
rmdir /vendor/usbdisk
echo "demo mount usb disk /dev/sda1 failed!" > /dev/console
else
echo "demo mount usb disk sucessfully!" > /dev/console
fi
else
if [ -e "/dev/sda" ] ; then
mkdir -p /vendor/usbdisk
mount -rw -o iocharset=utf8 /dev/sda /vendor/usbdisk
if [ $? -ne 0 ] ; then
rmdir /vendor/usbdisk
echo "demo mount usb disk /dev/sda failed!" > /dev/console
else
echo "demo mount usb disk sucessfully!" > /dev/console
fi
else
echo "demo no usb insert" > /dev/console
fi
fi
if [ -e "/dev/mmcblk0p1" ] ; then
mkdir -p /vendor/sdcard
mount -rw -o iocharset=utf8 /dev/mmcblk0p1 /vendor/sdcard
if [ $? -ne 0 ] ; then
rmdir /vendor/sdcard
echo "demo mount sd disk /dev/mmcblk0p1 failed!" > /dev/console
else
echo "demo mount sd disk sucessfully!" > /dev/console
fi
else
if [ -e "/dev/mmcblk0" ] ; then
mkdir -p /vendor/sdcard
mount -rw -o iocharset=utf8 /dev/mmcblk0 /vendor/sdcard
if [ $? -ne 0 ] ; then
rmdir /vendor/sdcard
echo "demo mount sd disk /dev/mmcblk0 failed!" > /dev/console
else
echo "demo mount sd disk sucessfully!" > /dev/console
fi
else
echo "demo no sd insert" > /dev/console
fi
fi
killall disp_init_app
killall app_boot
killall MH1205
/customer/bin/disp_init_app &
if [ -e "/vendor/usbdisk/upgrade/tft_calibrate" ] ; then
sleep 1
echo 100 >/sys/class/pwm/pwmchip0/pwm0/duty_cycle
ts_calibrate
sync
else
echo "no tft_calibrate " > /dev/console
fi
#/customer/MH1201/MH1201 -platform linuxfb:fb=/dev/fb0:mmsize=120x200:rotation=270 &
/customer/dropbear/startdropbear.sh
EOF
chmod +x /customer/demo.sh
