openssh4.6移植到arm platform
hearer
|
1#
hearer 发表于 2008-08-08 21:08
openssh4.6移植到arm platform
源码包为:
openssh-4.6p1.tar.gz openssl-0.9.8h.tar.gz zlib-1.2.3.tar.gz 在主机中新建一个ssh目录,存放源文件 mkdir –p /root/ Gemini_v2_6_3-n/ssh tar zxvf openssh-4.6p1.tar.gz /root/ Gemini_v2_6_3-n/ssh tar zxvf zlib-1.2.3.tar.gz /root/ Gemini_v2_6_3-n/ssh tar zxvf openssl-0.9.8h.tar.gz /root/ Gemini_v2_6_3-n/ssh cd Gemini_v2_6_3-n 进入Gemini_v2_6_3-n后,使其为根目录 #chroot . 在ssh目录中新建一个install文件夹,作为安装目录。 mkdir –p /ssh/install 移植openssh4.6的步骤: 1.编译 (1)编译zlib cd /ssh/zlib-1.2.3 ./configure --prefix=/ssh/install/zlib-1.2.3 修改Makefile: CC=gcc 改为: CROSS=/usr/local/920t/bin/arm_920t_le- CC=$(CROSS)gcc LDSHARED=gcc 改为: LDSHARED=$(CROSS)gcc CPP=gcc -E 改为: CPP=$(CROSS)gcc -E AR=ar rc 改为: AR=$(CROSS)ar rc 开始编译: make; make install (2)编译openssl cd openssl-0.9.8h ./Configure –prefix=/ssh/install/openssl-0.9.8h os/complier:/usr/local/920t_le/bin/arm_920t_le-gcc make Make install (3) 编译openssh: cd openssh-4.6p1/ ./configure--host=arm-none-linux--with-libs--with-zlib=/ssh/install/zlib-1.2.--with-ssl-dir=/ssh/install/openssl-0.9.8h--disable-etc-default-login CC=/usr/local/920t_le/bin/arm_920t_le-gcc AR=//usr/local/920t_le/bin/arm_920t_le-ar OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /etc/ssh Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: cat PAM support: no OSF SIA support: no KerberosV support: no SELinux support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no libedit support: no Solaris process contract support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -fstack-protector-all -std=gnu99 Preprocessor flags: Linker flags: -fstack-protector-all Libraries: -lresolv -lcrypto -lutil -lz -lnsl -lcrypt make 不要make install (1) 将 openssh-4.6p1目录下的 sshd copy到nas中的public目录 再链接到 nas的/usr/sbin目录下 (2) copy scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan 到nas 的 /usr/local/bin 目录中 copy sftp-server ssh-keysign 到/usr/local/libexec中 (3) 在nas下: mkdir -p /usr/local/etc/ 然后将openssh下的sshd_config,ssh_config 拷贝到该目录下 mkdir -p /var/empty/sshd chmod 755 /var/empty (4)在主机上: ssh-keygen -t rsa1 -f ssh_host_key -N "" ssh-keygen -t rsa -f ssh_host_rsa_key -N "" ssh-keygen -t dsa -f ssh_host_dsa_key -N "" 将生成的ssh_host_* 6个文件copy到nas的/usr/local/etc/目录下 (5) 添加用户 将主机上/etc/目录下的passwd, 中的sshd用户追加到nas的/etc目录中的passwd中(具体代码为: sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin )同时将passwd的最后/bin/bash 改为/bin/sh 再将主机中/etc目录下的group文件中的用户也同样追加到nas的/etc目录下的group(sshd:x:74:)文件。 4.测试 在nas中启动sshd服务: /usr/sbin/sshd 用putty 或者再主机中ssh 192.168.1.59 ssh自己 stornas> ssh -v 192.168.1.59 OpenSSH_4.6p1, OpenSSL 0.9.8 05 Jul 2005 debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Connecting to 192.168.1.59 [192.168.1.59] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6 debug1: match: OpenSSH_4.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.1.59' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password root@192.168.1.59's password: debug1: Authentications that can continue: publickey,password Permission denied, please try again. root@192.168.1.59's password: ssh别人 stornas> ssh -v 192.168.1.53 OpenSSH_4.6p1, OpenSSL 0.9.8 05 Jul 2005 debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Connecting to 192.168.1.53 [192.168.1.53] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0 debug1: match: OpenSSH_5.0 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.1.53' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password root@192.168.1.53's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Thu Aug 7 11:31:15 2008 from 192.168.1.53 [root@localhost ~]# 5. 在NAS中测试:如果中间出现问题的话, 一、可以将/root/.ssh文件删除再重新启动服务。 二、检查/usr/local/etc/sshd_config文件,看是否配置有问题。 (可能还有其他因素哦。) 附:openssh-5.0p1的移植跟上面的步骤一样,需要的环境支持也是一样。 |