準備工作
openssh源碼根目錄新建external_dependency_libs
目錄用以存放下載的zlib 和 openssl 源碼壓縮包
編譯並將交叉編譯的文件打包
#!/usr/bin/env bash
#filename: build_hisi.sh
PROJECT_DIR=$PWD
EXT_DEPEND_LIBS_PATH=$PROJECT_DIR/external_dependency_libs
ZLIB_NAME=zlib-1.2.11
OPENSSL_NAME=openssl-1.0.2u
#OPENSSH_NAME=
ZLIB_PACKAGE=$ZLIB_NAME.tar.gz
OPENSSL_PACKAGE=$OPENSSL_NAME.tar.gz
BUILD_DIR=build-hisiv400
ZLIB_INSTALL_PATH=$EXT_DEPEND_LIBS_PATH/$ZLIB_NAME/$BUILD_DIR/_install
#/home/luoyang/Source/zlib-1.2.11/build-hisiv600/_install
OPENSSL_INSTALL_PATH=$EXT_DEPEND_LIBS_PATH/$OPENSSL_NAME/$BUILD_DIR/_install
OPENSSH_INSTALL_PATH=$PROJECT_DIR/$BUILD_DIR/_install
OPENSSH_INSTALL_PREFIX=/mnt/sshd
CROSS_PLATFORM=arm-hisiv400-linux
export CC=$CROSS_PLATFORM-gcc
export LD=$CROSS_PLATFORM-ld
export AS=$CROSS_PLATFORM-as
export AR=$CROSS_PLATFORM-ar
# zlib building.....
tar -xzvf $EXT_DEPEND_LIBS_PATH/$ZLIB_PACKAGE -C $EXT_DEPEND_LIBS_PATH
mkdir $EXT_DEPEND_LIBS_PATH/$ZLIB_NAME/$BUILD_DIR
cd $EXT_DEPEND_LIBS_PATH/$ZLIB_NAME/$BUILD_DIR
../configure --prefix=$ZLIB_INSTALL_PATH
make && make install
echo "zlib built successed......"
cd $PROJECT_DIR
# openssl building......
tar -xzvf $EXT_DEPEND_LIBS_PATH/$OPENSSL_PACKAGE -C $EXT_DEPEND_LIBS_PATH
cd $EXT_DEPEND_LIBS_PATH/$OPENSSL_NAME
./Configure -DOPENSSL_NO_HEARTBEATS --openssldir=$OPENSSL_INSTALL_PATH shared os/compiler:$CROSS_PLATFORM-
make && make install
cd $OPENSSL_INSTALL_PATH/lib
$AR -x libcrypto.a
$CC -shared *.o -o libcrypto.so
rm *.o
$AR -x libssl.a
$CC -shared *.o -o libssl.so
rm *.o
cd $PROJECT_DIR
# openssh building....
autoconf
autoheader
mkdir $BUILD_DIR
cd $BUILD_DIR
export CFLAGS="$CFLAGS -I$OPENSSL_INSTALL_PATH/include/ -fPIC"
export LDFLAGS="-L$OPENSSL_INSTALL_PATH/lib"
LD=$CROSS_PLATFORM-gcc
../configure --with-ssl-dir=$OPENSSL_INSTALL_PATH --with-zlib=$ZLIB_INSTALL_PATH --host=$CROSS_PLATFORM --prefix=$OPENSSH_INSTALL_PREFIX
make -j4
# no install
# make install
if [ ! -d $OPENSSH_INSTALL_PATH/bin ];then
mkdir -p $OPENSSH_INSTALL_PATH/bin
fi
if [ ! -d $OPENSSH_INSTALL_PATH/etc ];then
mkdir -p $OPENSSH_INSTALL_PATH/etc
fi
if [ ! -d $OPENSSH_INSTALL_PATH/libexec ];then
mkdir -p $OPENSSH_INSTALL_PATH/libexec
fi
if [ ! -d $OPENSSH_INSTALL_PATH/sbin ];then
mkdir -p $OPENSSH_INSTALL_PATH/sbin
fi
if [ ! -d $OPENSSH_INSTALL_PATH/lib ];then
mkdir -p $OPENSSH_INSTALL_PATH/lib
fi
# mkdir $OPENSSH_INSTALL_PATH/bin $OPENSSH_INSTALL_PATH/etc $OPENSSH_INSTALL_PATH/libexec $OPENSSH_INSTALL_PATH/sbin
cp scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan $OPENSSH_INSTALL_PATH/bin/
cp modulissh_config sshd_config $OPENSSH_INSTALL_PATH/etc/
cp sftp-server ssh-keysign $OPENSSH_INSTALL_PATH/libexec/
cp sshd $OPENSSH_INSTALL_PATH/sbin/
cp $OPENSSL_INSTALL_PATH/lib/*.so $OPENSSH_INSTALL_PATH/lib
cp $ZLIB_INSTALL_PATH/lib/*.so* $OPENSSH_INSTALL_PATH/lib
ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
ssh-keygen -t ecdsa -f ssh_host_ecdsa_key -N ""
ssh-keygen -t dsa -f ssh_host_ed25519_key -N ""
cp ssh_host_*_key $OPENSSH_INSTALL_PATH/etc/
cp -r $EXT_DEPEND_LIBS_PATH/scripts $OPENSSH_INSTALL_PATH/
tar -czvf ssh_install.tar.gz _install
嵌入式程序安裝
#!/bin/sh
#filename:install_hisi.sh
LOCAL_DIR=$PWD
INSTALL_DIR=/usr/local
if [ ! -d $INSTALL_DIR/lib ];then
mkdir -p $INSTALL_DIR/lib
fi
if [ ! -d $INSTALL_DIR/bin ];then
mkdir -p $INSTALL_DIR/bin
fi
if [ ! -d $INSTALL_DIR/sbin ];then
mkdir -p $INSTALL_DIR/sbin
fi
if [ ! -d $INSTALL_DIR/etc ];then
mkdir -p $INSTALL_DIR/etc
fi
if [ ! -d $INSTALL_DIR/libexec ];then
mkdir -p $INSTALL_DIR/libexec
fi
if [ ! -d /var/run ];then
mkdir -p /var/run
fi
if [ ! -d /var/empty ];then
mkdir -p /var/empty
fi
cp $LOCAL_DIR/lib/* $INSTALL_DIR/lib/
cp $LOCAL_DIR/bin/* $INSTALL_DIR/bin/
cp $LOCAL_DIR/sbin/* $INSTALL_DIR/sbin/
cp $LOCAL_DIR/etc/* $INSTALL_DIR/etc/
cp $LOCAL_DIR/libexec/* $INSTALL_DIR/libexec/
#在/etc/passwd 中添加下面這一行
#sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin
echo "sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd
sshd 配置文件
以下配置文件開啓了和root賬戶登入,同時還支持 WinSCP 這種可視化拖拽操作軟件。
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_ecdsa_key
HostKey /usr/local/etc/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
sshd 運行
上面的安裝腳本將 sshd 安裝在目錄 /usr/local/sbin/
下,要啓動必須使用絕對路徑。
/usr/local/sbin/sshd
#/usr/local/sbin/sshd -f /usr/local/etc/sshd_config #和上面等同,默認使用 /usr/local/etc/sshd_config 這個配置文件
注意事項
- ssh 客戶端登入輸入密碼正確死活登入不上
/root/var
、/root/empty
目錄必須是 root 用戶所有- 配置文件問題,需要使用上面提供的配置文件。