S3C2416 移植ssh服务

目的是实现远程对2416的管理配置和文件拷贝。

一  首先下载三个文件：openssh-4.6p1         openssl-0.9.8d         zlib-1.2.3
由于网络原因，源码未能从官网下载到，所以google下载的，推荐个国内google：（不知到能用多久）

https://www.gotosearch.info/

二 编译配置

 1  编译zlib:

解压 tar zxvf zlib-1.2.3.tar.gz

   cd zlib-1.2.3

   ./configure --prefix=/home/hakits/shen_cloud/arm/fs/zlib-1.2.3

   修改Makefile：vim Makefile
   CC=gcc 改为: 
       CROSS=/usr/local/arm/3.4.1/bin/arm-linux-
       CC=$(CROSS)gcc 
       LDSHARED=gcc 改为: LDSHARED=$(CROSS)gcc
       CPP=gcc -E   改为:  CPP=$(CROSS)gcc -E
       AR=ar rc     改为: AR=$(CROSS)ar rc
  开始编译: make;
           make install

2 编译openssl:

解压 tar xzvf openssl-0.9.8d.tar.gz

   cd openssl-0.9.8d

./Configure --prefix=/home/hakits/shen_cloud/arm/fs/openssl-0.9.8d os/compiler:/opt/EmbedSky/4.3.3/bin/arm-linux-gcc

make

make install

3  编译openssh:

 tar zxvf openssh-4.6p1.tar.gz

 cd openssh-4.6p1

./configure --host=arm-linux --with-libs --with-zlib=/home/hakits/shen_cloud/arm/fs/zlib-1.2.3  --with-ssl-dir=/home/hakits/shen_cloud/arm/fs/openssl-0.9.8d --disable-etc-default-login  CC=/opt/EmbedSky/4.3.3/bin/arm-linux-gcc AR=/opt/EmbedSky/4.3.3/bin/arm-linux-ar

make

#不要 make  install

三  安装到开发板上，我是用的tftp的方式传到开发板上的

   1  将 openssh-4.6p1目录下的 sshd 拷贝到 目标板的/usr/sbin目录下
   2  再copy scp  sftp  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan  到目标板/usr/local/bin目录下
            copy sftp-server  ssh-keysign    到/usr/local/libexec
       
   3  在目标板下：
        mkdir -p /usr/local/etc/  
        然后将openssh下的sshd_config,ssh_config 拷贝到该目录下     

  mkdir -p /var/run; mkdir -p /var/empty/sshd   chmod 755 /var/empty     

    4 在主机上：
         ssh-keygen -t rsa1 -f ssh_host_key -N ""
         ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
         ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
        将生存的 ssh_host_* 6个文件copy到目标板的 /usr/local/etc/目录下

注意：

#chmod 600 sshd_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key#chmod 644 ssh_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub

否则启动sshd的时候报错：

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Permissions 0644 for '/usr/local/etc/ssh_host_key' are too open.It is recommended that your private key files are NOT accessible by others.This private key will be ignored.bad permissions: ignore key: /usr/local/etc/ssh_host_keyCould not load host key: /usr/local/etc/ssh_host_key

5   添加用户:
    将主机上 /etc/目下的 passwd, shadow, group 三个文件中有关ssh的用户信息拷贝到开发板相应文件下

四 测试

   目标板启动sshd:  # /usr/sbin/sshd
   主机: $  ssh -v root@192.168.0.190

   给开发板root用户添加密码：passwd root

设置开机启动：
# vi /etc/init.d/rcS

/ mkdir -p /var/empty/sshd/usr/sbin/sshd

五 配置sftp

网上找的还没实验过

# Package generated configuration file# See the sshd(8) manpage for details# What ports, IPs and protocols we listen forPort 22# Use these options to restrict which interfaces/protocols sshd will bind to#ListenAddress ::#ListenAddress 0.0.0.0Protocol 2# HostKeys for protocol version 2#HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_dsa_key#Privilege Separation is turned on for securityUsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server keyKeyRegenerationInterval 3600ServerKeyBits 768# LoggingSyslogFacility AUTHLogLevel INFO# Authentication:LoginGraceTime 120PermitRootLogin yesStrictModes yesRSAAuthentication yesPubkeyAuthentication yes#AuthorizedKeysFile %h/.ssh/authorized_keys# Don't read the user's ~/.rhosts and ~/.shosts filesIgnoreRhosts yes# For this to work you will also need host keys in /etc/ssh_known_hostsRhostsRSAAuthentication no# similar for protocol version 2HostbasedAuthentication no# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication#IgnoreUserKnownHosts yes# To enable empty passwords, change to yes (NOT RECOMMENDED)PermitEmptyPasswords no# Change to yes to enable challenge-response passwords (beware issues with# some PAM modules and threads)ChallengeResponseAuthentication no# Change to no to disable tunnelled clear text passwords#PasswordAuthentication yes# Kerberos options#KerberosAuthentication no#KerberosGetAFSToken no#KerberosOrLocalPasswd yes#KerberosTicketCleanup yes# GSSAPI options#GSSAPIAuthentication no#GSSAPICleanupCredentials yesX11Forwarding yesX11DisplayOffset 10PrintMotd noPrintLastLog yesTCPKeepAlive yes#UseLogin no#MaxStartups 10:30:60#Banner /etc/issue.net# Allow client to pass locale environment variablesAcceptEnv LANG LC_*Subsystem sftp /usr/local/libexec/sftp-server