5.4 KiB
5.4 KiB
Diet-pi
Dropbear
systemctl status dropbear.service
Fichier de configuration: /etc/default/dropbear
# The TCP port that Dropbear listens on
DROPBEAR_PORT=51322
systemctl status dropbear.service
● dropbear.service - Lightweight SSH server
Loaded: loaded (/lib/systemd/system/dropbear.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-02-10 09:07:47 GMT; 7s ago
Docs: man:dropbear(8)
Main PID: 3107 (dropbear)
Tasks: 5 (limit: 1069)
CPU: 68ms
CGroup: /system.slice/dropbear.service
├─3060 /usr/sbin/dropbear -EF -p 22 -W 65536 -2 8
├─3061 -bash
├─3107 /usr/sbin/dropbear -EF -p 51322 -W 65536
├─3109 systemctl status dropbear.service
└─3110 "(pager)"
# disallow root login
DROPBEAR_EXTRA_ARGS=“-w -g”
Editer et redémarrer Dropbear:
root@PiHole1:~# nano /etc/default/dropbear
root@PiHole1:~# systemctl restart dropbear.service
--help
Dropbear server v2022.83 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-r keyfile Specify hostkeys (repeatable)
defaults:
- dss /etc/dropbear/dropbear_dss_host_key
- rsa /etc/dropbear/dropbear_rsa_host_key
- ecdsa /etc/dropbear/dropbear_ecdsa_host_key
- ed25519 /etc/dropbear/dropbear_ed25519_host_key
-R Create hostkeys as required
-F Don't fork into background
-e Pass on server process environment to child process
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-G Restrict logins to members of specified group
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins
-t Enable two-factor authentication (both password and public key required)
-T Maximum authentication tries (default 10)
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-c command Force executed command
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 10MB)
-K <keepalive> (0 is never, default 0, in seconds)
-I <idle_timeout> (0 is never, default 0, in seconds)
-z disable QoS
-V Version
Passwordless:
cat ~/.ssh/id_rsa.pub | ssh -p65535 root@192.168.12.116 'cat>> ~/.ssh/authorized_keys'
Log
# journalctl --no-pager | grep 'cron'
| Command | Remark |
|---|---|
journalctl -u UNITNAME (--unit UNITNAME) |
Displays messages of the given unit |
journalctl _PID=<process_id> |
Displays messages of process with PID equals to <process_id> |
journalctl -r (--reverse) |
Displays list in reverse order, i.e. newest messages first |
journalctl -f (--follow) |
Displays the tail of the log message list and shows new entries live |
journalctl -b (--boot) |
Displays messages since the last boot (i.e. no older messages). See also option --list-boots |
journalctl -k (--dmesg) |
Displays kernel messages |
journalctl -p PRIORITY (–priority PRIORITY) |
Displays messages with the given priority. PRIORITY may be merg, alert, crit, err, warning, notice, info and debug. Also numbers as PRIORITY are possible |
journalctl -o verbose |
Displays additional meta data |
journalctl --disk-usage |
Displays the amount of disk space used by the logging messages |
| `journalctl --no-pager | grep ` |
Quand sont exécutés les scripts cron.hourly, cron.daily, cron.montly...
grep run-parts /etc/crontab
#*/0 * * * * root cd / && run-parts --report /etc/cron.minutely
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 1 * * * root test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.daily; }
47 1 * * 7 root test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.weekly; }
52 1 1 * * root test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.monthly; }
Exécuter les scripts cron.hourly, cron.daily, cron.montly...
run-parts --test /etc/cron.hourly/
Ajouter un script à cron.hourly
root@PiHole1:/etc/cron.hourly# l
total 16
-rw-r--r-- 1 root root 102 Mar 2 2023 .placeholder
-rwxr-xr-x 1 root root 1311 Aug 27 19:49 dietpi
-rwxr-xr-x 1 root root 191 Feb 22 2012 fake-hwclock
-rwxr-xr-x 1 root root 60 Sep 5 09:47 pihole
nano /etc/cron.hourly/pihole
#!/bin/bash
#Look for pihole update
/root/update_pihole.sh
*/2 * * * * # toutes les 2 minutes
* */2 * * * # toutes les 2 heures
0 1 * * 1,3,5 # At 01:00 on Monday, Wednesday, and Friday