dropear 配置 sftp-server

Menu

Skip to content

•Android
•Featured
•Gaming
•Linux Distro
•Linux Man Pages
•Linux Explore How to ◦How to start shell script writing
◦SFTP (Secure File Transfer Protocol) With Dropbear
◦L2TP How to ◾L2TP VPN using rp-l2tpd
◾L2TP VPN using xl2tpd

◦LDAP How to
◦PAM with Radius Authentication

•Linux Explore Tips & Tricks ◦Message on Linux terminal
◦Remote packet capture using WireShark & tcpdump
◦Tcpdump how to
◦Yum a package management tool
◦Configure Remote Desktop from Command Line
◦Configure syslog to print the Security violation alarm on user terminal
◦Umount a busy partition

 

 

SFTP (Secure File Transfer Protocol) With Dropbear
 

 

Introduction

SFTP (SSH File Transfer Protocol, sometimes called Secure File Transfer Protocol) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version 2 of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.

SFTP is a secure form of the ftp command. Whenever a user opens up a regular ftp session or most other TCP/IP connections, the entire transmission made between the host and the user is sent in plain text. Anyone who has the ability to snoop on the network packets can read the data, including the password information. If an unauthorized user can login, they have the opportunity to compromise the system.

When using ssh’s sftp instead of the ftp, the entire login session, including transmission of password, is encrypted. It is therefore much more difficult for an outsider to observe and collect passwords from a system using ssh/sftp sessions.

Following packets screenshots are showing the difference between the FTP & SFTP packets:

9-8-2009 11-56-59 AM

FTP Packet transmission

The highlighted area, in the above screenshot of FTP packet capture, is showing the user name & password in simple text form.

9-15-2009 9-50-49 PM

SFTP Packet Transmission

SFTP packet transmission is not showing any user name & password information in packet capture.

Downloading Package

In Linux, OpenSSH application can be used for SFTP server or client. This application also contain the SSH server & client but due to its high memory requirement, we are not going to use it for SSH server & client. Dropbear is a good alternative (lightweight) application for SSH server & client implementation. The dropbear doesn’t have the SFTP support but SFTP of openssh can be used with dropbear also.

To download the openssh application, click here. For the latest version of dropbear, click here.

Configure Dropbear SSH server

SSH server can’t work independently, it require SSH server (like dropbear) to run. Dropbear require libz & libcrypto to run, so please first install them (if not install already). To install the dropbear SSH server, follow the steps given below.

-bash-3.2# tar –xvf dropbear-0.52.tar.bz2

-bash-3.2# cd dropbear-0.52

-bash-3.2# ./configure

-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp”

-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp” install

It will install the dropbear SSH server. Now you can create the softlink of dbclient as ssh. It is not mandatory, you can also use dbclient instead of ssh command.

-bash-3.2# ln –s /usr/local/bin/dbclient /usr/bin/ssh

To start the dropbear SSH server, first create the dss & rsa keys (for the encryption of SSH packets) in /etc/dropbear directory. SSH server does work without encryption, so it is mandatory to create the keys.

-bash-3.2# dropbearkey –t dss –f /etc/dropbear/dropbear_dss_host_key

-bash-3.2# dropbearkey –t rsa –f /etc/dropbear/dropbear_rsa_host_key

Now dropbear can be started simply by following command.

-bash-3.2# dropbear

If above will done properly you can connect your system via SSH.

Configure OpenSSH SFTP-server

We need only SFTP-server application from OpenSSH package. To get the sftp-server, compile the openssh by following method.

-bash-3.2# tar –xvf openssh-5.2p1.tar.gz

-bash-3.2# cd openssh-5.2p1

-bash-3.2# ./configure

-bash-3.2# make sftp-server

It will compile only sftp-server from openssh package. You can find sftp-server binary in your current directory (openssh package directory). Copy the sftp-server binary file to /usr/libexec directory.

-bash-3.2# cp sftp-server /usr/libexec/sftp-server

Sftp-server may require libz.so.1 or libz.so.2 (softlink of libz library file) and libcrypto.so.5 or libcrpto.so.6 (soflink of libcrypto library). You can check this by executing the sftp-server binary in your system, it will show error if any required library or softlink is missing.

-bash-3.2# /usr/libexec/sftp-server

/usr/libexec/sftp-server: error while loading shared libraries: libcrypto.so.5: cannot open shared object file: No such file or directory

Above error can be recovered simply by creating a softlink of libcrpto library as libcrypto.so.5.

-bash-3.2# ln –s /lib/libcrypto.so.0.9.8b /usr/lib/libcrypto.so.5

Now you can able to connect your system using SFTP.

SFTP client applications

WinSCP – Free windows client with SFTP, SCP and FTP capability

PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP)

FileZilla Client (also referred to as FileZilla) is a free, open source, cross-platform FTP as well as SFTP client.

SFTP is a command-line program that implements the client part of SFTP, supplied with OpenSSH package.