3.3. 2018-01-05-练习ssh

3.3.1. 练习1-ssh

1、复制centos7下目录的/etc/sysconfig 到centos6的/app目录下去。复制centos6对应目录到centos7 。复制保留权限且静默。

scp -aq /etc/sysconfig 172.18.46.6:/app/
scp -aq /etc/sysconfig 172.18.46.7:/app/

2、熟练掌握pssh命令使用

pssh详细参考

pssh详细参考2

[root@centos74 ~]$ pssh --help
Usage: pssh [OPTIONS] command [...]

Options:
--version             show program's version number and exit
--help                show this help message and exit
-h HOST_FILE, --hosts=HOST_FILE
                        hosts file (each line "[user@]host[:port]")
-H HOST_STRING, --host=HOST_STRING
                        additional host entries ("[user@]host[:port]")
-l USER, --user=USER  username (OPTIONAL)
-p PAR, --par=PAR     max number of parallel threads (OPTIONAL)
-o OUTDIR, --outdir=OUTDIR
                        output directory for stdout files (OPTIONAL)
-e ERRDIR, --errdir=ERRDIR
                        output directory for stderr files (OPTIONAL)
-t TIMEOUT, --timeout=TIMEOUT
                        timeout (secs) (0 = no timeout) per host (OPTIONAL)
-O OPTION, --option=OPTION
                        SSH option (OPTIONAL)
-v, --verbose         turn on warning and diagnostic messages (OPTIONAL)
-A, --askpass         Ask for a password (OPTIONAL)
-x ARGS, --extra-args=ARGS
                        Extra command-line arguments, with processing for
                        spaces, quotes, and backslashes
-X ARG, --extra-arg=ARG
                        Extra command-line argument
-i, --inline          inline aggregated output and error for each server
--inline-stdout       inline standard output for each server
-I, --send-input      read from standard input and send as input to ssh
-P, --print           print output as we get it

Example: pssh -h hosts.txt -l irb2 -o /tmp/foo uptime

3、ssh端口转发

3.1 在外部操作

[root@centos74 ~]$ ssh -L 9527:192.168.1.111:23 192.168.1.110 -Nf
The authenticity of host '192.168.1.110 (192.168.1.110)' can't be established.
ECDSA key fingerprint is SHA256:DZfkxQNLDfBgnRSvByer8Xfl+UpJWGiLbkgWZoPEiso.
ECDSA key fingerprint is MD5:be:6e:9b:d4:97:3f:46:ab:54:98:d7:36:ff:40:57:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.110' (ECDSA) to the list of known hosts.
root@192.168.1.110's password:
[root@centos74 ~]$ telnet 127.0.0.1 9527
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

Kernel 3.10.0-693.11.1.el7.x86_64 on an x86_64
station login: zhao
Password:
Last login: Fri Jan  5 09:19:20 from ::ffff:192.168.1.7
[zhao@station ~]$ exit
logout
Connection closed by foreign host.

3.2 在内部操作

[root@station ~]# ssh -R 9527:192.168.1.111:25 192.168.1.7 -Nf
The authenticity of host '192.168.1.7 (192.168.1.7)' can't be established.
ECDSA key fingerprint is SHA256:f/BWWhLUjmhdSZob0AZ7EaMrntJ0XDvj92t9hGl0woo.
ECDSA key fingerprint is MD5:1d:04:a6:1f:cb:6d:35:00:aa:2a:30:4e:68:80:ec:fe.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.7' (ECDSA) to the list of known hosts.
root@192.168.1.7's password:

3.3 翻墙

[root@centos74 ~]$ ssh -D 1080 192.168.1.110 -Nf
root@192.168.1.110's password:
[root@centos74 ~]$ curl --socks5  127.0.0.1:1080 http://192.168.1.111/index.html
<h1>test</h1>

3.3.2. 练习2-dropbear

1、编译安装dropbear

wget http://matt.ucc.asn.au/dropbear/releases/dropbear-2017.75.tar.bz2
tar xf dropbear-2017.75.tar.bz2
cd dropbear-2017.75/
./configure  --prefix=/usr/local/dropbear --disable-zlib
vim INSTALL
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
vim INSTALL
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
cd /usr/local/dropbear
tree
mkdir /etc/dropbear
dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key

dropbear -p 9527  -FE

3.3.3. 练习3-aide

1、监控系统重要文件。

[root@centos74 aide]$ yum install aide
[root@centos74 aide]$ vim /etc/aide.conf
这行后面的都删除, 我这里值关注boot目录的变换情况
/boot/   CONTENT_EX
[root@centos74 boot]$ touch t1 >>/boot/t1.txt
[root@centos74 boot]$ mkdir t2
[root@centos74 boot]$ cd /var/lib/aide/
[root@centos74 aide]$ mv aide.db.new.gz aide.db.gz
[root@centos74 aide]$ aide --check
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2018-01-08 18:45:46

Summary:
Total number of files:      321
Added files:                        2
Removed files:              0
Changed files:              0


---------------------------------------------------
Added files:
---------------------------------------------------

added: /boot/t1.txt
added: /boot/t2