海运的博客

ssh生成/转换私钥格式及openssl使用ssh证书rsa非对称加解密文件

发布时间:August 5, 2023 // 分类: // No Comments

ssh生成私钥格式可选择PKCS8/PEM/SSH2,使用ssh-keygen生成PEM格式私钥:

ssh-keygen -t rsa -P "passwd" -b 4096 -C Haiyun -m PEM -f ~/.ssh/id_rsa

转换私钥格式为PKCS8或SSH2:

ssh-keygen -P "passwd" -N "passwd" -e -p -m PKCS8 -f ~/.ssh/id_rsa
ssh-keygen -P "passwd" -N "passwd" -e -p -m SSH2 -f ~/.ssh/id_rsa

从ssh私钥生成openssl可识别的公钥:

ssh-keygen -e -m PKCS8 -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub.pkcs8
openssl rsa -in ~/.ssh/id_rsa -pubout -outform PEM > ~/.ssh/id_rsa.pub.pkcs8

openssl使用公私钥加解密:

openssl rsautl -encrypt -pubin -inkey ~/.ssh/id_rsa.pub.pkcs8 -ssl -in test.txt -out test.enc
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in test.enc -out test.dec

php ssh/expect登录服务器执行命令

发布时间:April 21, 2018 // 分类:PHP // No Comments

<?php
$conn = ssh2_connect('1.1.1.1', 22);
if (!$conn) {
  die("conn fail\n");
}
if (ssh2_auth_password($conn, 'root', 'password')) {
  echo "auth sus\n";
} else {
  die("auth fail\n");
}
$stream = ssh2_exec($conn, "df  --output=avail /|tail -n 1");  
stream_set_blocking($stream, true);  
$res = trim(stream_get_contents($stream));
var_dump($res);

php使用ssh交互式执行命令:

<?php
$host = '192.168.1.1';
$port = 2222;
$pass = 'xxxx';
if (!($conn = ssh2_connect($host, $port, array('hostkey'=>'ssh-rsa')))) {
  die("conn fail\n");
}
//注意路径不要使用~/.ssh/id_rsa.pub,会遇到段错误和其它莫名其妙的问题
if (ssh2_auth_pubkey_file($conn, 'root', '/root/.ssh/id_rsa.pub', '/root/.ssh/id_rsa')) {
  echo "auth sus\n";
} else {
  die("auth fail\n");
}
function expect($stream, $match) {
  $time = time();
  $res = '';
  while(!feof($stream)){
    //if (($buffer = fgets($stream, 4096)) !== false) {
    if (($buffer = fread($stream, 4096)) !== false) {
      $res .= $buffer;
    }
    if (stristr($res, $match)) {
      return 'sus';
    }
    $now = time();
    if (($now - $time) >= 10) {
      return 'timeout';
    }
    usleep(100);
  }
  return 'disconnect';
}

$shell=ssh2_shell($conn, 'xterm');
fwrite($shell, "/usr/bin/cryptroot-unlock\n");
$res = expect($shell, 'Please unlock disk');
if ($res == 'sus') {
  fwrite($shell, "{$pass}\n");
  $res = expect($shell, 'set up successfully');
  if ($res == 'sus') {
  }
  var_dump($res);
}

php也可安装expect扩展调用ssh命令交互式执行命令:

apt install php-dev tcl-dev tcl-expect-dev
wget https://pecl.php.net/get/expect-0.4.0.tgz
tar zxvf expect-0.4.0.tgz 
cd expect-0.4.0/
 phpize
./configure
make && make install
echo 'extension=expect.so' > /etc/php/7.4/cli/conf.d/20-expect.ini
php -m|grep expect

make时如果出现错误php_expect.h:34:10: fatal error: expect_tcl.h: 没有那个文件或目录:

sed -i 's/^INCLUDES =/INCLUDES = -I\/usr\/include\/tcl8.6/' Makefile

php使用expect连接ssh执行命令:

<?php
ini_set("expect.timeout", 2);
ini_set("expect.loguser", "off");

$stream = expect_popen("ssh -o StrictHostKeyChecking=no -p 22 root@www.haiyun.me");
$cases = array(
  array("password:", "password"),
  array("Last login", "shell"),
  array("yes/no)?",  "yes/no")
);

while (true) {
  switch (expect_expectl($stream, $cases)) {
  case "password":
    fwrite($stream, "password\n");
    break;
  case "yes/no":
    fwrite($stream, "yes\n");
    break;
  case "shell":
    fwrite($stream, "uptime\n");
    break;
  case EXP_TIMEOUT:
  case EXP_EOF:
    break 2; 
  default:
    die("Error has occurred!");
  }
}
fclose ($stream);

此内容被密码保护

发布时间:October 27, 2013 // 分类:网络工具 // No Comments

请输入密码访问

通过SSH建立以太网隧道(Ethernet Tunnel)

发布时间:June 11, 2013 // 分类:Linux服务 // No Comments

安装tunctl用于新建TAP/TUN设备,TAP为以太网设备,TUN为网络层设备。

yum install tunctl
#debian下为uml-utilities

Client配置:

tunctl -t tap1
ifconfig tap4 192.168.1.1 netmask 255.255.255.0 up

Server配置:

tunctl -t tap2
ifconfig tap2 192.168.1.2 netmask 255.255.255.0 up
echo "PermitTunnel yes" >> /etc/ssh/sshd_config

Client发起SSH Tunnel连接:

ssh -N -f -o Tunnel=ethernet -w 1:2 remote-host
#-w local tap id:remote tap id

使用SSH Key验证登录ROS

发布时间:May 26, 2013 // 分类:ROS // No Comments

首先生成SSH key:

ssh-keygen -t dsa

复制SSH Key到ROS:

scp ~/.ssh/id_dsa.pub admin@192.168.1.21:

登录到ROS导入SSH Key:

user ssh-keys import public-key-file=id_dsa.pub user=admin 

然后就可免验证登录ROS了:

ssh admin@192.168.1.21
分类
最新文章
最近回复
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...
  • jiangker: good, very helpful to me
  • fengfeng: N1 armbian 能有编译下内核吗。。我要开启can 不懂怎么操作
  • 1: 方法一ngtcp2要改下:./configure PKG_CONFIG_PATH=/usr/l...