TinySSH部署和使用教程

Linux自带OpenSSH因安全需要升级，为保证在升级过程中可以连接到服务器，采用精简版本的SSH服务端TinySSH是个极佳的方式。
1、编译安装

yum install -y gcc
git clone https://github.com/janmojzis/tinyssh.git
cd tinyssh
make && make install
mkdir /etc/tinyssh && tinysshd-makekey /etc/tinyssh/sshkeydir

2、编写systemd文件

cat > /etc/systemd/system/tinysshd@.service << EOF
[Unit]
Description=Tiny SSH server
After=network.target auditd.service

[Service]
ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
EnvironmentFile=-/etc/default/tinysshd
ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
KillMode=process
SuccessExitStatus=111
StandardInput=socket
StandardError=journal

[Install]
WantedBy=multi-user.target
EOF

cat > /etc/systemd/system/tinysshd.socket << EOF
[Unit]
Description=TinySSH server socket
ConditionPathExists=!/etc/tinyssh/disable_tinysshd

[Socket]
ListenStream=10022
Accept=yes

[Install]
WantedBy=sockets.target
EOF

3、启动服务

systemctl daemon-reload
systemctl enable tinysshd.socket
systemctl restart tinysshd.socket
systemctl status tinysshd.socket

4、生成密钥对

ssh-keygen -t ed25519

5、将公钥放在认证文件中私钥保存在本地使用私钥登录

cat /root/.ssh/id_ed25519.pub >> /root/.ssh/authorized_keys
sz /root/.ssh/id_ed25519

6、卸载

rm -rf /usr/sbin/tinysshd
rm -rf /usr/sbin/tinysshd-makekey
rm -rf /usr/sbin/tinysshd-printkey

rm -rf /usr/share/man/man8/tinysshd.8
rm -rf /usr/share/man/man8/tinysshd-makekey.8
rm -rf /usr/share/man/man8/tinysshd-printkey.8
rm -rf /usr/share/man/man8/tinysshnoneauthd.8

rm -rf /etc/tinyssh
rm -rf /etc/systemd/system/tinysshd.socket
rm -rf /etc/systemd/system/tinysshd@.service
rm -rf /root/.ssh/id_ed25519.pub
rm -rf /root/.ssh/id_ed25519
sed -i '/ssh-ed25519/d' /root/.ssh/authorized_keys