OpenSSH ARM移植

一、移植环境

1、    ubuntu 12.04主机

2、    基于TI AM3354的tq335xb开发板

3、 编译工具arm-linux-gcc：

$arm-linux-gcc -v

Usingbuilt-in specs.

Target:arm-embedsky-linux-gnueabi

Configuredwith: /opt/EmbedSky/build-croostools/.build/src/gcc-4.4.6/configure--build=i686-build_pc-linux-gnu --host=i686-build_pc-linux-gnu--target=arm-embedsky-linux-gnueabi --prefix=/opt/EmbedSky/4.4.6--with-sysroot=/opt/EmbedSky/4.4.6/arm-embedsky-linux-gnueabi/embedsky--enable-languages=c,c++ --disable-multilib --with-arch=armv7-a--with-cpu=cortex-a8 --with-tune=cortex-a8 --with-fpu=neon --with-float=softfp--with-pkgversion='for TQ210 EmbedSky Tech'--with-bugurl=http://www.embedsky.net --disable-sjlj-exceptions--enable-__cxa_atexit --disable-libmudflap --disable-libgomp --disable-libssp--with-gmp=/opt/EmbedSky/build-croostools/.build/arm-embedsky-linux-gnueabi/build/static--with-mpfr=/opt/EmbedSky/build-croostools/.build/arm-embedsky-linux-gnueabi/build/static--with-mpc=/opt/EmbedSky/build-croostools/.build/arm-embedsky-linux-gnueabi/build/static--with-ppl=no --with-cloog=no --with-host-libstdcxx='-static-libgcc-Wl,-Bstatic,-lstdc++,-Bdynamic -lm' --enable-threads=posix --enable-target-optspace--without-long-double-128--with-local-prefix=/opt/EmbedSky/4.4.6/arm-embedsky-linux-gnueabi/embedsky--disable-nls --enable-c99 --enable-long-long

Threadmodel: posix

gcc version 4.4.6 (for TQ210 EmbedSky Tech)

 

二、下载源码包

地址如下：

openssh(openssh-7.2p1.tar.gz)  http://www.openssh.com/portable.html

openssl(openssl-1.0.1s.tar.gz)  http://www.openssl.org/source

zlib(zlib-1.2.8.tar.gz)     http://www.zlib.net/

三、准备工作

1、建立安装目录与解压源码

cd /home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/

mkdir ssh

cd ssh

mkdir compressed install source

cp /mnt/hgfs/gx/openss*/mnt/hgfs/gx/zlib-1.2.8.tar.gz compressed/

cdcompressed/

tar zxvfopenssh-7.2p1.tar.gz  -C  ../source

tar zxvfzlib-1.2.8.tar.gz  -C  ../source

tar zxvfopenssl-1.0.1s.tar.gz  -C  ../source

cd ..

2、建立与交叉编译工具一样的zlib，原因是开发板已存在此库libz-1.2.3

$cd /home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install

$mkdirinclude lib

 

$cd /home/lyf/sdb2/working/suntrun_company/opt/ti3354/tool/opt/EmbedSky/4.4.6/arm-embedsky-linux-gnueabi/embedsky/usr/lib

 

$cp libz.so*/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/lib/

 

$cd../include 

 

$cp zlib.hzconf.h/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/include/

3、建立nfs挂载目录/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/ti3358_mount_file

 

四、编译源码

1、编译zlib-1.2.8

cd source/

cdzlib-1.2.8/

./configure--prefix=/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.8

 

#vi Makefile

CC=arm-linux-gcc

LDSHARED=arm-linux-gcc-shared -Wl,-soname,libz.so.1,--version-script,zlib.map

AR=arm-liunx-ar

CPP=arm-liunux-gcc-E

 

make

make install

 

 

2、编译openssl-1.0.1s

cd../openssl-1.0.1s

#./Configure--prefix=/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s –fPIC   os/compiler:arm-linux-gcc

#make

#makeinstall

 

3、          编译openssh

#cd/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/source/openssh-7.2p1

 

#./configure--host=arm-embedsky-linux-gnueabi --with-libs--with-zlib=/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3 --with-ssl-dir=/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s--disable-etc-default-login CC=arm-linux-gcc AR=arm-linux-ar 

#make

                     注：不用make install

五、启动开发板

1、确保目标板上有以下目录,若没有，则新建：

/usr/local/bin/ 

/usr/local/sbin/ 

/usr/local/etc/ 

/usr/local/libexec/ 

/var/run/ 

/var/empty/

2、从Ubuntu主机上将以下文件拷贝到目标板Linux系统中

Ubuntu主机 /home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/source/openssh-7.2p1目录下的

scp  sftp  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan 拷贝到目标板/usr/local/bin

modulissh_config sshd_config拷贝到目标板/usr/local/etc

sftp-server  ssh-keysign 拷贝到目标板 /usr/local/libexec

sshd 拷贝到目标板 /usr/local/sbin/

3、生成Key文件

在Ubuntu主机 /home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/source/openssh-7.2p1目录下运行：

ssh-keygen-t rsa -f ssh_host_rsa_key -N ""

ssh-keygen-t dsa -f ssh_host_dsa_key -N ""

ssh-keygen-t ecdsa -f ssh_host_ecdsa_key -N ""

ssh-keygen-t dsa -f ssh_host_ed25519_key -N ""

将生成的 ssh_host_*_key这4个文件copy到目标板的 /usr/local/etc/目录下

4、修改目标板passwd文件

在/etc/passwd 中添加下面这一行

sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin

 

注：文件的拷贝先拷贝到主机的nfs目录，再从开发板拷贝到相应的目录

 

六、测试

1、主机测试：主机登录成功后的现象：

      lyf@ubun:~/sdb2/working/suntrun_company/opt/arm-avdecc/ti3358_mount_file$ssh [email protected]

       [email protected]'s password: 

       [root@EmbedSky /]# ls

       bin         etc        init        linuxrc     mnt        proc        sbin       sys         udisk       var        working

       dev         home       lib         lost+found  opt        root        sddisk     tmp         usr         web

       [root@EmbedSky /]#

 

2、putty测试：

putty登录登录成功后的现象：

 

七、开机自启sshd：

在/etc/init.d/rcS最后添加一行/etc/local/sbin/sshd

至此，openssh已经成功移植到了tq335xb开发板上了。

 

八、移植问题汇总

1、配置openssh时无法导入openssl库的信息

现象：

Infile included from openssl-compat.c:34:

openssl-compat.h:33:3: error:#error OpenSSL 0.9.8f or greater is required

make[1]:*** [openssl-compat.o] Error 1

原因:./configure配置--with-ssl-dir无效

解决方法：

修改 Makefile、openbsd-compat/Makefile、openbsd-compat/regress/Makefile中所有的-I/usr/local/ssl/include为/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/include，-L/usr/local/ssl/lib 为

/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib

 

2、编译openssh出错

问题现象：

arm-linux-gcc-o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.osshconnect2.o mux.o -L. -Lopenbsd-compat/-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie-lssh -lopenbsd-compat  -lcrypto -lrt -ldl -lutil -lz  -lcrypt-lresolv 

/home/lyf/sdb2/working/suntrun_company/opt/ti3354/tool/opt/EmbedSky/4.4.6/bin/../lib/gcc/arm-embedsky-linux-gnueabi/4.4.6/../../../../arm-embedsky-linux-gnueabi/bin/ld:/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib/libcrypto.a(cversion.o):relocation R_ARM_MOVW_ABS_NC against `a local symbol' can not be used whenmaking a shared object; recompile with -fPIC

/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib/libcrypto.a:could not read symbols: Bad value

collect2:ld returned 1 exit status

make:*** [ssh] Error 1

lyf@ubun:~/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/source/openssh-7.2p1$

 

解决：增加-fPIC编译选项

./Configure--prefix=/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s -fPIC os/compiler:arm-linux-gcc

make

makeinstall

重新编译openssh通过，如下

...

arm-linux-gcc-o ssh-agent ssh-agent.o ssh-pkcs11-client.o -L. -Lopenbsd-compat/-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie-lssh -lopenbsd-compat -lcrypto -lrt -ldl -lutil -lz  -lcrypt -lresolv

arm-linux-gcc-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security-Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv-fno-builtin-memset -fstack-protector-all -fPIE  -I. -I.-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/include-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/include -DSSHDIR=\"/usr/local/etc\"-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"-D_PATH_SSH_PIDDIR=\"/var/run\"-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c scp.c -oscp.o

scp.c:In function 'lostconn':

scp.c:1356:warning: ignoring return value of 'write', declared with attributewarn_unused_result

arm-linux-gcc-o scp scp.o progressmeter.o bufaux.o -L. -Lopenbsd-compat/-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie-lssh -lopenbsd-compat -lcrypto -lrt -ldl -lutil -lz  -lcrypt -lresolv

arm-linux-gcc-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security-Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv-fno-builtin-memset -fstack-protector-all -fPIE  -I. -I.-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/include-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/include -DSSHDIR=\"/usr/local/etc\"-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"-DHAVE_CONFIG_H -c sftp.c -o sftp.o

sftp.c:In function 'cmd_interrupt':

sftp.c:239:warning: ignoring return value of 'write', declared with attributewarn_unused_result

arm-linux-gcc-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security-Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv-fno-builtin-memset -fstack-protector-all -fPIE  -I. -I.-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/include-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/include -DSSHDIR=\"/usr/local/etc\"-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"-D_PATH_SSH_PIDDIR=\"/var/run\"-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -csftp-server-main.c -o sftp-server-main.o

arm-linux-gcc-o sftp-server sftp-server.o sftp-common.o sftp-server-main.o -L.-Lopenbsd-compat/-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie-lssh -lopenbsd-compat -lcrypto -lrt -ldl -lutil -lz  -lcrypt -lresolv

arm-linux-gcc-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security-Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv-fno-builtin-memset -fstack-protector-all -fPIE  -I. -I.-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/include-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/include -DSSHDIR=\"/usr/local/etc\"-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"-D_PATH_SSH_PIDDIR=\"/var/run\"-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -csftp-client.c -o sftp-client.o

arm-linux-gcc-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security-Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv-fno-builtin-memset -fstack-protector-all -fPIE  -I. -I.-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/include-I/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/include -DSSHDIR=\"/usr/local/etc\"-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"-D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"-DHAVE_CONFIG_H -c sftp-glob.c -o sftp-glob.o

arm-linux-gcc-o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L.-Lopenbsd-compat/-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/openssl-1.0.1s/lib-L/home/lyf/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/install/zlib-1.2.3/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-all -pie-lssh -lopenbsd-compat -lcrypto -lrt -ldl -lutil -lz  -lcrypt-lresolv 

lyf@ubun:~/sdb2/working/suntrun_company/opt/arm-avdecc/lib/ssh/source/openssh-7.2p1$

 

3、在目标板上运行无法启动sshd：

现象：

[root@EmbedSkyetc]# /usr/local/sbin/sshd

Couldnot load host key: /usr/local/etc/ssh_host_ed25519_key<<<问题

解决：

在生成key的时候再生成ssh-keygen-t dsa -f ssh_host_ed25519_key -N ""并拷贝到开发板的目录/usr/local/etc/后chmod 600/usr/local/etc/ssh_host_ed25519_key

 

4、主机或putty无法登录

       现象：

              主机上：

$ [email protected]

[email protected]'spassword: 

Permissiondenied, please try again.

[email protected]'spassword: 

Permissiondenied, please try again.

[email protected]'spassword: 

Permissiondenied (publickey,password,keyboard-interactive).<<<密码正确后登录出现的问题；

 

原因：

Thisis because your user doesn't have the their own keys shared in the'~/.ssh/authorized_keys' file.If you read through your config, you'll see thatyou've got "PasswordAuthentication no".This means, no matter what,you won't be asked for a password.a warrior never quits

 

       问题的解决：修改/usr/local/etc/sshd_config文件内容如下：

       1、将PasswordAuthentication yes前的注释#去掉；

       2、将#PermitRootLogin prohibit-password改为PermitRootLoginyes。

     修改后重启/usr/local/sbin/sshd即可。