交叉編譯openssh

準備工作

openssh源碼根目錄新建external_dependency_libs 目錄用以存放下載的zlib 和 openssl 源碼壓縮包

編譯並將交叉編譯的文件打包

#!/usr/bin/env bash
#filename: build_hisi.sh

PROJECT_DIR=$PWD

EXT_DEPEND_LIBS_PATH=$PROJECT_DIR/external_dependency_libs
ZLIB_NAME=zlib-1.2.11
OPENSSL_NAME=openssl-1.0.2u
#OPENSSH_NAME=
ZLIB_PACKAGE=$ZLIB_NAME.tar.gz
OPENSSL_PACKAGE=$OPENSSL_NAME.tar.gz

BUILD_DIR=build-hisiv400

ZLIB_INSTALL_PATH=$EXT_DEPEND_LIBS_PATH/$ZLIB_NAME/$BUILD_DIR/_install
#/home/luoyang/Source/zlib-1.2.11/build-hisiv600/_install
OPENSSL_INSTALL_PATH=$EXT_DEPEND_LIBS_PATH/$OPENSSL_NAME/$BUILD_DIR/_install
OPENSSH_INSTALL_PATH=$PROJECT_DIR/$BUILD_DIR/_install
OPENSSH_INSTALL_PREFIX=/mnt/sshd

CROSS_PLATFORM=arm-hisiv400-linux

export CC=$CROSS_PLATFORM-gcc
export LD=$CROSS_PLATFORM-ld
export AS=$CROSS_PLATFORM-as
export AR=$CROSS_PLATFORM-ar



# zlib building.....

tar -xzvf $EXT_DEPEND_LIBS_PATH/$ZLIB_PACKAGE -C $EXT_DEPEND_LIBS_PATH
mkdir $EXT_DEPEND_LIBS_PATH/$ZLIB_NAME/$BUILD_DIR
cd $EXT_DEPEND_LIBS_PATH/$ZLIB_NAME/$BUILD_DIR
../configure --prefix=$ZLIB_INSTALL_PATH
make && make install
echo "zlib built successed......"
cd $PROJECT_DIR

# openssl building......
tar -xzvf $EXT_DEPEND_LIBS_PATH/$OPENSSL_PACKAGE -C $EXT_DEPEND_LIBS_PATH
cd $EXT_DEPEND_LIBS_PATH/$OPENSSL_NAME
./Configure -DOPENSSL_NO_HEARTBEATS --openssldir=$OPENSSL_INSTALL_PATH shared os/compiler:$CROSS_PLATFORM-
make && make install

cd $OPENSSL_INSTALL_PATH/lib

$AR -x libcrypto.a
$CC -shared *.o -o libcrypto.so
rm *.o

$AR -x libssl.a
$CC -shared *.o -o libssl.so
rm *.o

cd $PROJECT_DIR

# openssh building....
autoconf
autoheader
mkdir $BUILD_DIR
cd $BUILD_DIR


export CFLAGS="$CFLAGS -I$OPENSSL_INSTALL_PATH/include/ -fPIC"
export LDFLAGS="-L$OPENSSL_INSTALL_PATH/lib"
LD=$CROSS_PLATFORM-gcc
../configure --with-ssl-dir=$OPENSSL_INSTALL_PATH --with-zlib=$ZLIB_INSTALL_PATH --host=$CROSS_PLATFORM --prefix=$OPENSSH_INSTALL_PREFIX
make -j4
# no install
# make install



if [ ! -d $OPENSSH_INSTALL_PATH/bin ];then
    mkdir -p $OPENSSH_INSTALL_PATH/bin
fi

if [ ! -d $OPENSSH_INSTALL_PATH/etc ];then
    mkdir -p $OPENSSH_INSTALL_PATH/etc
fi

if [ ! -d $OPENSSH_INSTALL_PATH/libexec ];then
    mkdir -p $OPENSSH_INSTALL_PATH/libexec
fi

if [ ! -d $OPENSSH_INSTALL_PATH/sbin ];then
    mkdir -p $OPENSSH_INSTALL_PATH/sbin
fi

if [ ! -d $OPENSSH_INSTALL_PATH/lib ];then
    mkdir -p $OPENSSH_INSTALL_PATH/lib
fi



# mkdir $OPENSSH_INSTALL_PATH/bin $OPENSSH_INSTALL_PATH/etc $OPENSSH_INSTALL_PATH/libexec $OPENSSH_INSTALL_PATH/sbin
cp scp  sftp  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan $OPENSSH_INSTALL_PATH/bin/
cp modulissh_config sshd_config $OPENSSH_INSTALL_PATH/etc/
cp sftp-server  ssh-keysign $OPENSSH_INSTALL_PATH/libexec/
cp sshd $OPENSSH_INSTALL_PATH/sbin/

cp $OPENSSL_INSTALL_PATH/lib/*.so $OPENSSH_INSTALL_PATH/lib
cp $ZLIB_INSTALL_PATH/lib/*.so* $OPENSSH_INSTALL_PATH/lib

ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
ssh-keygen -t ecdsa -f ssh_host_ecdsa_key -N ""
ssh-keygen -t dsa -f ssh_host_ed25519_key -N ""

cp ssh_host_*_key $OPENSSH_INSTALL_PATH/etc/

cp -r $EXT_DEPEND_LIBS_PATH/scripts $OPENSSH_INSTALL_PATH/
tar -czvf ssh_install.tar.gz _install

嵌入式程序安裝

#!/bin/sh
#filename:install_hisi.sh
LOCAL_DIR=$PWD
INSTALL_DIR=/usr/local

if [ ! -d $INSTALL_DIR/lib ];then
    mkdir -p $INSTALL_DIR/lib
fi


if [ ! -d $INSTALL_DIR/bin ];then
    mkdir -p $INSTALL_DIR/bin
fi

if [ ! -d $INSTALL_DIR/sbin ];then
    mkdir -p $INSTALL_DIR/sbin
fi

if [ ! -d $INSTALL_DIR/etc ];then
    mkdir -p $INSTALL_DIR/etc
fi

if [ ! -d $INSTALL_DIR/libexec ];then
    mkdir -p $INSTALL_DIR/libexec
fi

if [ ! -d /var/run ];then
    mkdir -p /var/run
fi

if [ ! -d /var/empty ];then
    mkdir -p /var/empty
fi

cp $LOCAL_DIR/lib/* $INSTALL_DIR/lib/
cp $LOCAL_DIR/bin/* $INSTALL_DIR/bin/
cp $LOCAL_DIR/sbin/* $INSTALL_DIR/sbin/
cp $LOCAL_DIR/etc/* $INSTALL_DIR/etc/
cp $LOCAL_DIR/libexec/* $INSTALL_DIR/libexec/


#在/etc/passwd 中添加下面這一行
#sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin
echo "sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd 

sshd 配置文件

以下配置文件開啓了和root賬戶登入，同時還支持 WinSCP 這種可視化拖拽操作軟件。

#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_ecdsa_key
HostKey /usr/local/etc/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
#Subsystem	sftp	/usr/local/libexec/sftp-server
Subsystem      sftp internal-sftp
Match Group sftp
ChrootDirectory /%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

sshd 運行

上面的安裝腳本將 sshd 安裝在目錄 /usr/local/sbin/下，要啓動必須使用絕對路徑。

/usr/local/sbin/sshd
#/usr/local/sbin/sshd -f /usr/local/etc/sshd_config #和上面等同，默認使用 /usr/local/etc/sshd_config 這個配置文件

注意事項

1. ssh 客戶端登入輸入密碼正確死活登入不上

• /root/var、/root/empty 目錄必須是 root 用戶所有
• 配置文件問題，需要使用上面提供的配置文件。