记openssh移植

环境: Ubuntu 14.04 x86_64

external/zlib external/openssl external/openssh-7.5p1

zlib-1.2.3 openssl-1.0.2h openssh-7.5p1

在编译openssl时候不要加参数 **no-dsa**

1. 编译

cd openssh-7.5p1

./configure --host=arm-linux [--with-libs] --with-zlib=../zlib --with-ssl-dir=../openssl CC=arm-linux-gcc AR=arm-linux-ar --prefix=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system

A: 编译出来的Makefile可以自行修改, 但是

!!! 在makefile中LIBS千万不要加上 -lssl,否则提示:
        In file included from openssl-compat.h:26:0,
                     from openssl-compat.c:32:
        /home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/external/openssh-7.5p1/../openssl/include/openssl/dsa.h:71:4: error: #error DSA is disabled.
         #  error DSA is disabled.
            ^
        make[1]: *** [openssl-compat.o] 错误 1
        make[1]:正在离开目录 `/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/external/openssh-7.5p1/openbsd-compat'
        make: *** [openbsd-compat/libopenbsd-compat.a] 错误 2

B: Makefile中STRIP = arm-linux-strip , STRIP_OPT=不要携带参数-s,(可以在configure中把这个选项去掉)否则:

/usr/bin/install -c -m 0755 -s ssh /home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/bin/ssh
        strip: Unable to recognise the format of the input file `/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/bin/ssh'
        /usr/bin/install: 拆解过程非正常中止
        make: *** [install-files] 错误 1

C: 打包后的树状图:

     需要使用的包: libcrypt-1.0.14.so libcrypt.so.1 libutil-1.0.14.so libutil.so.1

D: 创建用户user/password

       common/root/etc/group

       common/root/etc/passwd

       common/root/etc/shadow

       启动脚本: source /etc/init.d/run_adbd.sh

           

+#! /bin/sh + +export LD_LIBRARY_PATH=库的路径 +export PATH=环境编译路径 +#mkdir -p /var/empty +chown 0:0 /var/empty +chmod 000 /var/empty + +mkdir -p /data/etc/ssh +chmod 0644 /data/etc/ssh +echo yes | /usr/local/bin/ssh-keygen  -t rsa -f /data/etc/ssh/ssh_host_rsa_key -N "" +echo yes | /usr/local/bin/ssh-keygen  -t dsa -f /data/etc/ssh/ssh_host_dsa_key -N "" +# 切勿修改-N后面的参数 +# start sshd service +/usr/local/sbin/sshd -f /etc/ssh/sshd_config &

E: common/root/etc/ssh/sshd_config

Port 22 HostKey /data/etc/ssh/ssh_host_rsa_key HostKey /data/etc/ssh/ssh_host_dsa_key # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 2m #PermitRootLogin prohibit-password PermitRootLogin yes StrictModes yes #MaxAuthTries 6 PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile      .ssh/authorized_keys # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # override default of no subsystems #Subsystem      sftp    /usr/libexec/sftp-server Subsystem       sftp    /usr/local/sbin/sftp-server

F: 登录测试

        ssh user@ip

       >>>password

写在最开始:
请确保external/openssl已经编译!!!
./configure --host=arm-linux --with-zlib=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system --with-ssl-dir=../openssl CC=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-gcc AR=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system

**********Just use it*******************
./configure --host=arm-linux --with-zlib=../zlib --with-ssl-dir=../openssl CC=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-gcc AR=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system

CROSS_COMPILE= /home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-
CC= $(CROSS_COMPILE)gcc
LD= $(CROSS_COMPILE)gcc
ARFLAGS= 
AR= $(CROSS_COMPILE)ar $(ARFLAGS) r
RANLIB= $(CROSS_COMPILE)ranlib
LIBS=-lcrypto -ldl -lutil -lz  -lcrypt -lssl
STRIP = arm-linux-strip
RANLIB = arm-linux-ranlib
-D_GNU_SOURCE
LDFLAGS='-L/usr/local/ssl/lib -L/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/../../external/zlib  -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie

ldconfig

neo@neo:~/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/external/openssh-7.5p1$ grep -nr "OPENSSL_NO_DSA"  --exclude="*.c" ..
../openssl/util/mk1mf.pl:273:$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
../openssl/crypto/dsa/dsa.h:70:# ifdef OPENSSL_NO_DSA
../openssl/crypto/ts/ts.h:82:# ifndef OPENSSL_NO_DSA
../openssl/crypto/engine/engine.h:79:#  ifndef OPENSSL_NO_DSA
../openssl/crypto/opensslconf.h:23:#ifndef OPENSSL_NO_DSA
../openssl/crypto/opensslconf.h:24:# define OPENSSL_NO_DSA
../openssl/crypto/opensslconf.h:125:# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA)
../openssl/crypto/pem/pem.h:466:# ifndef OPENSSL_NO_DSA
../openssl/crypto/x509/x509.h:98:#  ifndef OPENSSL_NO_DSA
../openssl/crypto/x509/x509.h:684:#  ifndef OPENSSL_NO_DSA
../openssl/crypto/x509/x509.h:723:#  ifndef OPENSSL_NO_DSA
../openssl/crypto/x509/x509.h:796:# ifndef OPENSSL_NO_DSA
../openssl/crypto/evp/evp.h:140:# ifndef OPENSSL_NO_DSA
../openssl/crypto/evp/evp.h:236:#  ifndef OPENSSL_NO_DSA
../openssl/crypto/evp/evp.h:495:# ifndef OPENSSL_NO_DSA
../openssl/crypto/evp/evp.h:964:# ifndef OPENSSL_NO_DSA
../openssl/apps/progs.pl:43:		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
../openssl/apps/progs.h:90:#ifndef OPENSSL_NO_DSA
../openssl/apps/progs.h:93:#ifndef OPENSSL_NO_DSA
../openssl/apps/progs.h:106:#ifndef OPENSSL_NO_DSA
../openssl/ssl/ssl_locl.h:161:# ifndef OPENSSL_NO_DSA
../libcurl/CHANGES:3852:- openssl: exclude DSA code when OPENSSL_NO_DSA is defined


1. 使用buildroot中下载的openssh-7.2p2
	make rockchip_rv1108_defconfig && make menuconfig 选中openssh && make 
	编译器:buildroot/output/host/usr/arm-rkcvr-linux-uclibcgnueabihf/bin
	将sshd(sshd_config) 放到target:
		./sshd -f sshd_config &
		见sshd-run-log
		找不到符号
	库先copy到common/system/lib下,之后打包到rootfs,再烧写到target上:
		/data # ls /usr/local/lib/
		ld-linux.so.3            libdl.so.2               libresolv.so.1
		ld-uClibc-1.0.14.so      libgcc_s.so              librt-1.0.14.so
		ld-uClibc.so.0           libgcc_s.so.1            librt.so.1
		ld-uClibc.so.1           libld.so.1               libstdc++.so
		libatomic.so             libm-1.0.14.so           libstdc++.so.6
		libatomic.so.1           libm.so.1                libstdc++.so.6.0.19
		libatomic.so.1.0.0       libm.so.6                libuClibc-1.0.14.so
		libc.so.1                libnsl-1.0.14.so         libubacktrace-1.0.14.so
		libc.so.6                libnsl.so.1              libubacktrace.so.1
		libcrypt-1.0.14.so       libpthread-1.0.14.so     libutil-1.0.14.so
		libcrypt.so.1            libpthread.so.0          libutil.so.1
		libdl-1.0.14.so          libpthread.so.1
		libdl.so.1               libresolv-1.0.14.so
		/data # echo $LD_LIBRARY_PATH
		/lib:/usr/local/lib:/app/lib:/tmp/bluez/lib:
	可能原因: 编译器不同, 将lib和sshd等打包到了rootfs中(设置了库的搜索路径)
		svn diff config/pack-rootfs.mk
		+	$(Q)mkdir $(OUT_SYSROOT_USR_DIR)/lib
		+	$(Q)cp -r $(RV_TOPDIR)/common/system/lib/* $(OUT_SYSROOT_USR_DIR)/lib/
	如果替换整个rootfs, 是没有必要的,我们不会去更换编译器,而且buildroot编译出来的rootfs和common/存在差异.
2. 使用下载的openssh-7.5p1
	编译器:默认
	编译过程:
	A:  rm -rf autom4te.cache/ [&& autoscan] && aclocal && autoconf && autoheader ./configure 修改Makefile

	./configure --host=arm-linux --with-zlib=../zlib --with-ssl-dir=../openssl CC=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-gcc AR=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system
	
	./configure --prefix=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system --host=arm-linux --with-libs --with-zlib=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/../../external/zlib --with-ssl-dir=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/../../external/openssl

	!!! 在makefile中LIBS千万不要加上 -lssl,否则提示:
		In file included from openssl-compat.h:26:0,
                	 from openssl-compat.c:32:
		/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/external/openssh-7.5p1/../openssl/include/openssl/dsa.h:71:4: error: #error DSA is disabled.
		 #  error DSA is disabled.
		    ^
		make[1]: *** [openssl-compat.o] 错误 1
		make[1]:正在离开目录 `/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/external/openssh-7.5p1/openbsd-compat'
		make: *** [openbsd-compat/libopenbsd-compat.a] 错误 2

	B: make
		PRIVSEP_PATH=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/root/var/empty/
		PRIVSEP_PATH=$(pwd)/../../out/root/var/empty/
		LDFLAGS加上 -L${exec_prefix}/lib
	C: 执行:
		Privilege separation user sshd does not exist
		在common/root/etc/passwd中加入sshd用户
	D: make install 去掉 host-key 
		/usr/bin/install -c -m 0755 -s ssh /home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/bin/ssh
		strip: Unable to recognise the format of the input file `/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system/bin/ssh'
		/usr/bin/install: 拆解过程非正常中止
		make: *** [install-files] 错误 1
		在Makefile里面install时使用-s命令，默认使用的是PC下的strip命令。
			a: STRIP_OPT= 
			b: STRIP= /home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-strip
			b: STRIP = arm-linux-strip [-s]??
	E: 测试
	/ # /usr/local/sbin/sshd -f /data/sshd_config &
	Could not load host key: /data/ssh/ssh_host_rsa_key
	Could not load host key: /data/ssh/ssh_host_dsa_key
	sshd: no hostkeys available -- exiting.

	生成公钥:
	/app/bin # /usr/local/bin/ssh-keygen  -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N 'e2008jl'
	Generating public/private rsa key pair.
	Enter passphrase (empty for no passphrase): e2008jl
	Enter same passphrase again: e2008jl
	Your identification has been saved in /data/ssh/ssh_host_rsa_key.
	Your public key has been saved in /data/ssh/ssh_host_rsa_key.pub.
	The key fingerprint is:
	SHA256:LmPmAtJ9Fp6cfeIY1QV92iGgZ74rV137DfvyUA4Rtkw root@arm-linux
	The key's randomart image is:
	+---[RSA 2048]----+
	|          o+  E  |
	|         .  ++oo |
	|        ..o. =+. |
	|      . .+. . ...|
	| . . o *S .  ...o|
	|. o . O.o ... o= |
	| . . o=+.o..  .o+|
	|    .+.oo ..  o.o|
	|     ..  o.    +o|
	+----[SHA256]-----+

	/app/bin # /usr/local/bin/ssh-keygen  -t dsa -b 1024 -f /data/ssh/ssh_host_dsa_key -N 'e2008jl'
	Generating public/private dsa key pair.
	Enter passphrase (empty for no passphrase): e2008jl
	Enter same passphrase again: e2008jl
	Your identification has been saved in /data/ssh/ssh_host_dsa_key.
	Your public key has been saved in /data/ssh/ssh_host_dsa_key.pub.
	The key fingerprint is:
	SHA256:KmPudpcXDIziEA0qgDPBdGztMh89aexCu2Xjjzmnyus root@arm-linux
	The key's randomart image is:
	+---[DSA 1024]----+
	|*oo+.            |
	|=ooo..           |
	|oo... oo.        |
	|. .o.+.*o        |
	|   o=.= So       |
	|    .+ *  o      |
	|    + B .. .     |
	|   oo+.o=..      |
	|   o+Eo==o       |
	+----[SHA256]-----+

	关于特权分离
		mkdir -p  /var/empty #设置一个空目录
		chown 0:0 /var/empty #所有者和组，0代表"root"
		chmod 000 /var/empty #目录权限设置为"000"
		#groupadd sshd #建立sshd组
		#useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd #用于特权分离的非特权用户"sshd"
	生成密钥
		mkdir /etc/ssh
		chmod 0644 /etc/ssh
		/usr/local/bin/ssh-keygen  -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N 'e2008jl'
		/usr/local/bin/ssh-keygen  -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N 'e2008jl'
	
		chmod 600 /etc/ssh/ssh_host_*_key
		chmod 644 /etc/ssh/ssh_host_*_key.pub

		Saving key "/etc/ssh/ssh_host_dsa_key" failed: Read-only file system
		chmod: /etc/ssh/ssh_host_*_key: No such file or directory
		chmod: /etc/ssh/ssh_host_*_key.pub: No such file or directory

		[root@arm-linux]#Could not load host key: /data/etc/ssh/ssh_host_rsa_key
		Could not load host key: /data/etc/ssh/ssh_host_dsa_key
		sshd: no hostkeys available -- exiting.
		>>>但是公钥和密钥都有，不知道是何缘故？ 待查。。。
		/app/bin # ls  -l /data/etc/ssh/ 
		total 16
		-rw-------    1 root     root           771 Jan 21 09:09 ssh_host_dsa_key
		-rw-r--r--    1 root     root           604 Jan 21 09:09 ssh_host_dsa_key.pub
		-rw-------    1 root     root          1766 Jan 21 09:09 ssh_host_rsa_key
		-rw-r--r--    1 root     root           396 Jan 21 09:09 ssh_host_rsa_key.pub


# Don't use below cmd.
./configure --host=arm-linux --with-zlib=$(pwd)/../../out/system --with-ssl-dir=$(pwd)/../../out/system CC=$(pwd)/../../prebuilts/toolschain/usr/bin/arm-linux-gcc AR=$(pwd)/../../prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=$(pwd)/../../out/system --without-zlib-version-check

./configure --host=arm-linux --with-libs  --with-zlib=$(pwd)/../zib --with-ssl-dir=$(pwd)/../openssl CC=$(pwd)/../../prebuilts/toolschain/usr/bin/arm-linux-gcc AR=$(pwd)/../../prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=$(pwd)/../../out/system

./configure --host=arm-linux --with-libs --with-zlib=../zlib --with-ssl-dir=../openssl CC=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-gcc AR=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=/home/neo/fu/workdir/rv1108/rv1108-cvr_firmware_20170505/out/system

./configure --host=arm-linux --with-libs  --with-zlib=${pwd}/../zib --with-ssl-dir=${pwd}/../openssl CC=${pwd}/../../prebuilts/toolschain/usr/bin/arm-linux-gcc AR=${pwd}/../../prebuilts/toolschain/usr/bin/arm-linux-ar --prefix=${pwd}/../../out/system