S3C2416 移植ssh服务

最新推荐文章于 2024-09-13 17:49:42 发布

原创最新推荐文章于 2024-09-13 17:49:42 发布 · 1k 阅读

0 ·

本内容遵循CC 4.0 BY-SA版权协议

标签

#linux #ssh #2440 2416

嵌入式专栏收录该内容

24 篇文章

订阅专栏

本文详细介绍如何在嵌入式设备上搭建SSH服务，包括所需软件的下载、编译及配置过程，并指导如何进行测试及配置SFTP服务。

目的是实现远程对2416的管理配置和文件拷贝。

一首先下载三个文件：openssh-4.6p1 openssl-0.9.8d zlib-1.2.3
由于网络原因，源码未能从官网下载到，所以google下载的，推荐个国内google：（不知到能用多久）

https://www.gotosearch.info/

二编译配置

1 编译zlib:

解压 tar zxvf zlib-1.2.3.tar.gz

cd zlib-1.2.3

   ./configure --prefix=/home/hakits/shen_cloud/arm/fs/zlib-1.2.3

   修改Makefile：vim Makefile
   CC=gcc 改为:

   CROSS=/usr/local/arm/3.4.1/bin/arm-linux-

CC=$(CROSS)gcc

LDSHARED=gcc 改为:

LDSHARED=$(CROSS)gcc

CPP=gcc -E 改为:

CPP=$(CROSS)gcc -E

AR=ar rc 改为:

AR=$(CROSS)ar rc

  开始编译: make;

           make install

2 编译openssl:

解压 tar xzvf openssl-0.9.8d.tar.gz

cd openssl-0.9.8d

./Configure --prefix=/home/hakits/shen_cloud/arm/fs/openssl-0.9.8d os/compiler:/opt/EmbedSky/4.3.3/bin/arm-linux-gcc

make

make install

3 编译openssh:

tar zxvf openssh-4.6p1.tar.gz

cd openssh-4.6p1

./configure --host=arm-linux --with-libs --with-zlib=/home/hakits/shen_cloud/arm/fs/zlib-1.2.3  --with-ssl-dir=/home/hakits/shen_cloud/arm/fs/openssl-0.9.8d --disable-etc-default-login  CC=/opt/EmbedSky/4.3.3/bin/arm-linux-gcc AR=/opt/EmbedSky/4.3.3/bin/arm-linux-ar

make

#不要 make install

三安装到开发板上，我是用的tftp的方式传到开发板上的

   1 将 openssh-4.6p1目录下的 sshd 拷贝到目标板的/usr/sbin目录下
   2 再copy scp  sftp  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan 到目标板/usr/local/bin目录下
          copy sftp-server  ssh-keysign    到/usr/local/libexec

   3 在目标板下：
        mkdir -p /usr/local/etc/
        然后将openssh下的sshd_config,ssh_config 拷贝到该目录下

  mkdir -p /var/run; mkdir -p /var/empty/sshd 
  chmod 755 /var/empty

4 在主机上：

ssh-keygen -t rsa1 -f ssh_host_key -N ""

    ssh-keygen -t rsa -f ssh_host_rsa_key -N ""

ssh-keygen -t dsa -f ssh_host_dsa_key -N ""

        将生存的 ssh_host_* 6个文件copy到目标板的 /usr/local/etc/目录下

注意：

#chmod 600 sshd_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key
#chmod 644 ssh_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub

否则启动sshd的时候报错：

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/usr/local/etc/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_key

5 添加用户: 将主机上 /etc/目下的 passwd, shadow, group 三个文件中有关ssh的用户信息拷贝到开发板相应文件下

四测试

目标板启动sshd: # /usr/sbin/sshd 主机: $ ssh -v root@192.168.0.190

给开发板root用户添加密码：passwd root

设置开机启动：
# vi /etc/init.d/rcS

/ mkdir -p /var/empty/sshd
/usr/sbin/sshd

五配置sftp

网上找的还没实验过

# Package generated configuration file

# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes

 
# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 768


# Logging

SyslogFacility AUTH

LogLevel INFO


# Authentication:

LoginGraceTime 120

PermitRootLogin yes

StrictModes yes


RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile %h/.ssh/authorized_keys


# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes


# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no


# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no


# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes


# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes


# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes


X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no


#MaxStartups 10:30:60

#Banner /etc/issue.net


# Allow client to pass locale environment variables

AcceptEnv LANG LC_*


Subsystem sftp /usr/local/libexec/sftp-server