Port OpenSSH in tq2440

Port SSH to armI have referenced several previous articles on the internet today and transplanted SSH to the arm board of tq2440. Now I don't need to use minicom to control uClinux. The serial port on the board can finally be connected to the Collector. References:

• Http://blog.chinaunix.net/u1/43047/showart_371372.html
• Http://blog.chinaunix.net/u2/63379/showart_513655.html

 

1. download the required source code:
Mkdir-P ~ /ARM/Fs; mkdir-P ~ /ARM/source
Download zlib: wget-C http://www.zlib.net/zlib-1.2.3.tar.gz
Download SSL: wget-C http://www.openssl.org/source/openssl-0.9.8d.tar.gz
Download SSH: wget-C http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz


2. Compile:
Cd ~ /ARM/source

(1) Compile zlib:
Tar zxvf zlib-1.2.3.tar.gz.-C.
CD zlib-1.2.3/
./Configure -- prefix =/home/itlanger/ARM/fs/zlib-1.2.3
Modify makefile:
Cc = GCC changed:
   CROSS=/usr/local/arm/3.4.1/bin/arm-linux-
       CC=$(CROSS)gcc
       Ldshared = GCC changed:LDSHARED=$(CROSS)gcc
       CPP = gcc-e changed:CPP=$(CROSS)gcc -E
       AR = ar RC is changed:AR = $ (Cross) Ar RC
Start Compilation: make;
Make install

   (2) Compile OpenSSL:
Tar zxvfopenssl-0.9.8d.tar.gz
./configure --prefix=/home/itlanger/arm/fs/openssl-0.9.8d
     os/compiler:/usr/local/arm/3.4.1/bin/arm-linux-gcc
    make
    make install

   (3) Compile OpenSSH:
Tar zxvf openssh-4.6p1.tar.gz
CD openssh-4.6p1/
./Configure -- Host = arm-Linux -- With-Libs -- With-zlib =/home/itlanger/ARM/fs/zlib-1.2.3
-- With-SSL-Dir =/home/itlanger/ARM/fs/openssl-0.9.8d -- disable-etc-default-Login
Cc =/usr/local/ARM/3.4.1/bin/ARM-Linux-gcc ar =/usr/local/ARM/3.4.1/bin/ARM-Linux-ar
Make
# Do not make install

3. Install

(1) copy the sshd under the openssh-4.6p1 directory to the/usr/sbin directory of the target board
(2) Copy scp sftp Ssh ssh-add ssh-Agent ssh-keygen ssh-keyscan to the target board/usr/local/bin directory.
Copy sftp-server ssh-keysign to/usr/local/libexec

(3) Under the target board:
Mkdir-P/usr/local/etc/
Copy sshd_config and ssh_config under OpenSSH to this directory.

Mkdir-P/var/run; mkdir-P/var/empty/sshd
Chmod 755/var/empty
(4) On the Host:
ssh-keygen -t rsa1 -f ssh_host_key -N ""
         ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
         Ssh-keygen-t dsa-F ssh_host_dsa_key-n ""
Copy the generated ssh_host _ * files to the/usr/local/etc/directory of the target board (you can use the CP ssh_host _ */usr/local/etc/command to copy the files to the target board)
(5) Add a user:
Copy the passwd, shadow, and group files in the/etc/directory of the host to the/etc directory of the target board, remember to set the last/bin/bash of passwd to/bin/sh
// After this step, the user structure on the Development Board is the same as that on your local machine, so set your own root password before CP
// # Set the root password for passwd, and then cp the above three files to the Development Board/etc
You can delete unnecessary users.
You can also add the sshd user to the passwd of the target board as follows:
Sshd: X: 110: 65534:/var/run/sshd:/usr/sbin/nologin
Add the corresponding items to the Shadow:
Sshd :! : 14069: 0: 99999: 7 :::

4. Test
Target Board start sshd: #/usr/sbin/sshd
// The prompt may be displayed when you run this command on the Development Board.
// Privilege Separation userSshdDoes not exist
// You Need To adduser IN THE SYSTEM OF THE DEVELOPMENT BOARDShhd
// Or add the following line in/etc/passwd

Sshd: X: 74: 74: privilege-separated SSH:/var/empty/sshd:/sbin/nologin

HOST: $ SSH root@192.168.0.34 (Development Board IP) // the root password is your local Root Password


PS: the red ones are required when arm is used as an SSH server.
------------------------------------------------
Perform password-free Logon Settings below:
CP (host) Root/. Ssh/id_dsa.pub to (Development Board)/. Ssh/authorized_keys

---------------------------------------------------
How to enable the sshd service automatically after the Board is started:

Add:/etc/rc. d/init. d/sshd

#!/bin/sh                                                                      
                                                                               
base=sshd                                                                      
                                                                               
# See how we were called.                                                      
case "$1" in                                                                   
  start)                                                                       
                /usr/sbin/$base                                                    
        ;;                                                                     
  stop)                                                                        
        pid=`/bin/pidof $base`                                                 
        if [ -n "$pid" ]; then                                                 
                kill -9 $pid                                                   
        fi                                                                     
        ;;                                                                     
esac                 

Add:

mkdir -p /var/empty/sshd
/etc/rc.d/init.d/sshd start

Restart the machine. Everything is OK!

The following problems occur after I successfully port the file:

Cocould not load host key:/etc/ssh/ssh_host_rsa_key

Problem Solving

Symptom:

When you start sshd with the command/usr/sbin/sshd:

The system prompts "cocould not load host key:/etc/ssh/ssh_host_key

 

Problem:

1. ssh_host_dsa_key and ssh_host_rsa_key are lost.

2. You are not authorized to access these two keys.

The solution is as follows::

1. When two keys are lost:

Enter ssh-keygen-t dsa-F/etc/ssh/ssh_host_dsa_key in the terminal to recreate the ssh_host_dsa_key file.

The following information is returned:

Generating public/private DSA key pair.

Enter passphrase (empty for no passphrase) :( press Enter)

Enter same passphrase again:

Your identification has been saved in/etc/ssh/ssh_host_dsa_key.

Your public key has been saved in/etc/ssh/ssh_host_dsa_key.pub.

The key fingerprint is:

XX: XX root@localhost.localdomain

Enter ssh-keygen-t rsa-F/etc/ssh/ssh_host_rsa_key in the terminal to recreate the ssh_host_rsa_key file.

The following information is returned:

Generating public/private rkey pair.

Enter passphrase (empty for no passphrase) :( press Enter)

Enter same passphrase again:

Your identification has been saved in/etc/ssh/ssh_host_rsa_key.

Your public key has been saved in/etc/ssh/ssh_host_dsa_rey.pub.

Root@localhost.localdomain

Use now

/Usr/sbin/sshd

Sshd can be started successfully.

At this time, you can use Putty to connect to this Linux host under windows.

2. Use commands when the current user has no Permissions

/Usr/sbin/sshd

This is also true when sshd is started, so this is to check whether it is a root user. Generally, the root user can perform this operation.

Configure SFTP

Most of the methods on the Internet are fixed in a directory. I don't need this. After half a day, winscp won't be able to connect, later, I copied the sshd_config file in the joggler Chinese system and changed the path.

Create an sshd_config file, run the following code, and copy the file to/usr/local/etc/of the target board to overwrite the original file.

 

# Package generated configuration file

# See the sshd (8) manpage for details

 

# What ports, IPS and protocols we listen

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind

# Listenaddress ::

# Listenaddress 0.0.0.0

Protocol 2

# Hostkeys for Protocol Version 2

# Hostkey/etc/ssh/ssh_host_rsa_key

# Hostkey/etc/ssh/ssh_host_dsa_key

# Privilege Separation is turned on for security

Useprivilegeseparation Yes

 

# Lifetime and size of ephemeral version 1 server key

Keyregenerationinterval 3600

Serverkeybits 768

 

# Logging

Syslogfacility auth

Loglevel info

 

# Authentication:

Logingracetime 120

Permitrootlogin Yes

Strictmodes Yes

 

Rsaauthentication Yes

Pubkeyauthentication Yes

# Authorizedkeysfile % H/. Ssh/authorized_keys

 

# Don't read the user's ~ /. Rhosts and ~ /. Shosts files

IgnoreRhosts Yes

# For this to work you will also need host keys in/etc/ssh_known_hosts

RhostsRSAAuthentication No

# Similar for Protocol Version 2

Hostbasedauthentication No

# Uncomment if you don't trust ~ /. Ssh/known_hosts for RhostsRSAAuthentication

# Ignoreuserknownhosts Yes

 

# To enable empty passwords, change to Yes (not recommended)

Permitemptypasswords No

 

# Change to yes to enable challenge-response passwords (beware issues

# Some PAM modules and threads)

Challengeresponseauthentication No

 

# Change to no to disable tunnelled clear text passwords

# Passwordauthentication Yes

 

# Kerberos options

# Define custom uthentication No

# Kerberosgetafstoken No

# Kerberosorlocalpasswd Yes

# Define osticketcleanup Yes

 

# Gssapi options

# Gssapiauthentication No

# Gssapicleanupcredentials Yes

 

X11forwarding Yes

X11displayoffset 10

Printmotd No

Printlastlog Yes

Tcpkeepalive Yes

# UseLogin No

 

# Maxstartups 10: 30: 60

# Banner/etc/issue.net

 

# Allow client to pass locale environment variables

Acceptenv Lang LC _*

 

Subsystem SFTP/usr/local/libexec/SFTP-Server