Port sshd to jk2410 Development Board

Source: Internet
Author: User

Port sshd to jk2410 Development Board

1. Introduction

SSH was developed by a Finnish company. However, due to copyright and encryption algorithm restrictions, OpenSSH is widely used in the industry as a secure network service application. OpenSSH is a software alternative to SSH and is free of charge. As mentioned in the previous article "porting oprofile to jk2410 Development Board", devrocket, an application development and system analysis tool provided by montavista, must establish a connection between the Development Board and the host when debugging and analyzing performance, communicate over ssh. Because the sshd servo program is not configured on the jk2410 Development Board, You need to port the sshd to the jk2410 Development Board.

2. Environment

Hardware environment:

Host:

X86pc

Target:

Jk2410 Development Board

 

Software environment:

Host:

Vmware6

OS: centos 5

Strace debugging tool

Target:

OS: linux-2.6.18 pro500

Rootfs: initrd-edwin-25M.img

Strace debugging tool

3. Porting steps

Source code package:

Openssh-4.6p1.tar.gz http://www.openssh.com/portable.html

Openssl-0.9.8e.tar.gz http://www.openssl.org/source

Zlib-1.2.3.tar.tar http://www.zlib.net/

 

Compilation tool

Arm-9tdmi-linux-gnu-gcc

Arm-9tdmi-linux-gnu-g ++

 

3.1. Cross-Compilation

Create an SSH directory under the/work object

# Mkdir/work/lib ----> shared library directory, mounted through NFS

# Mkdir/work/ssh -----> working directory

# Cd/work/ssh

# Mkdir compressed install source -----> compressed is used to store the source package.

Install software installation directory

Extract the source package directory

# Mv tarpakgs/openssh-4.6p1.tar.gz/work/ssh/compressed

# Mv tarpakgs/openssl-0.9.8e.tar.gz/work/ssh/compressed

# Mv tarpakgs/zlib-1.2.3.tar.tar/work/ssh/compressed

 

Cross-compile zlib

# Cd/work/ssh/compressed/

# Tar xvf zlib-1.2.3.tar.tar-C ../source

# CD ../source/zlib-1.2.3

#./Configure -- prefix =/work/ssh/install/zlib-1.2.3

# Vim makefile

Cc = arm-9tdmi-linux-gnu-gcc

AR = arm-9tdmi-linux-gnu-ar RC

CPP = arm-9tdmi-linux-gnu-gcc-e

Ldshared = arm-9tdmi-linux-gnu-gcc

 

# Make

# Make install

 

Cross-compile OpenSSL

# Cd/work/ssh/compressed/

# Tar zxvf openssl-0.9.8e.tar.gz-C ../source

# CD ../source/openssl-0.9.8e

#./Configure -- prefix =/work/ssh/install/openssl-0.9.8e OS/Compiler: arm-9tdmi-linux-gnu-gcc

 

# Make

# Make install

 

Cross-compile OpenSSH

# Cd/work/ssh/compressed

# Tar zxvf openssh-4.6p1.tar.gz-C ../source

# CD ../source/openssh-4.6p1

#. /Configure -- Host = arm-9tdmi-linux-gnu -- With-Libs -- With-zlib =/work/ssh/install/zlib-1.2.3 -- With-SSL-Dir =/work/ssh/install/openssl-0.9.8e -- disable -etc-default-logincc = arm-9tdmi-linux-gnu-gcc AR = arm-9tdmi-linux-gnu-ar

 

 

Print the following information:

OpenSSH has been configured with thefollowing options:

User Binaries:/usr/local/bin

System Binaries:/usr/local/sbin

Configuration Files:/usr/local/etc

Askpass program:/usr/local/libexec/ssh-askpass

Manual pages:/usr/local/share/man/Manx

PID file:/var/run

Privilege Separation chroot path:/var/empty

Sshd Default User path:/usr/bin:/usr/sbin:/usr/local/bin

Manpage format: Doc

Pam support: No

Osf sia support: No

Kerberosv support: No

SELinux support: No

Smartcard support: No

S/key support: No

TCP Wrappers support: No

MD5 password support: No

Libedit support: No

Solaris process contract support: No

IP address in $ display hack: No

Translate V4 in V6 hack: Yes

BSD auth support: No

Random Number Source: OpenSSL internal only

 

HOST: arm-9tdmi-linux-gnu

Compiler: arm-9tdmi-linux-gnu-gcc

Compiler flags:-g-O2-wall-wpointer-Arith-wuninitialized-wsign-compare-STD = gnu99

Preprocessor flags:-I/work/ssh/install/openssl-0.9.8e/include

-I/work/ssh/install/zlib-1.2.3/include

Linker flags:-L/work/ssh/install/openssl-0.9.8e/lib

-L/working/ssh/install/zlib-1.2.3/lib

Libraries:-lresolv-lcrypto-lutil-LZ-lnsl-lcrypt

 

3.2. Install sshd

Create a directory in the root file system according to the information printed above and copy the corresponding file.

My root file system image is/tftpboot/initrd-edwin-25M.img.

# Cd/tftpboot/

# Mkdir 25 & Mount-oloopinitrd-edwin-25M.img 25

# CD 25/usr/local & mkdir bin etc libexec sbin share

# Cd/work/ssh/source/openssh-4.6p1

# Cp scp sftp Ssh ssh-add ssh-Agent ssh-keygen ssh-keyscan/tftpboot/25/usr/local/bin

# Cp moduli ssh_config sshd_config ssh_host_dsa_key pair ssh_host_key ssh_host_key.pub ssh_host_rsa_key pair/tftpboot/25/usr/local/etc

# Cp sftp-server ssh-keysign/tftpboot/25/usr/local/libexec

# Cp sshd/tftpboot/25/usr/local/sbin

 

3.3. Build and debug the software environment

A) U-boot parameter settings

Bootargs = root =/dev/ram0 rwconsole = ttysac0, 115200 mem = 64 mramdisk = 32768 initrd = 0x30800000, 25 minit =/linuxrc

Bootcmd = tftpboot 0x33000000 uimage; tftpboot 0x30800000 initrd-edwin-25M.img; bootm 33000000

 

B) copy the kernel image uimage and the root file system image initrd-edwin-25M.img to the/tftpboot/directory

C) after the system is started, mount the/work directory on the host to/Edwin on the target machine.

Target:

Vim/etc/init. d/RCS

Echo "Mount/work to/Edwin .....";

Mount-T nfs192.168.167.131:/work/Edwin-O nolock, rsize = 1024, wsize = 1024, timeo = 15

D) specify the shared library search directory

Target:

Vim/etc/profile

 

# Set searchlibrary path

Echo "setsearch library path in/etc/profile"

Exportld_library_path =/Edwin/lib

 

# Set User path

Echo "setuser path in/etc/profile"

Path =/bin:/sbin:/usr/bin:/usr/sbin

Export path

E) Start the sshd deamon program.

/Usr/local/sbin/sshd

Shows the missing library file and copies it to the/work/lib directory on the host.

D) Use strace to track sshd, query the missing directories and files, and add corresponding supplements.

Strace-f/usr/local/sbin/sshd

 

E) after successful debugging, add the sshd to the auto-start

Target:

Vim/etc/profile

 

Echo "Start sshd deamon routine ....."

/Usr/local/sbin/sshd

F)

 

4. Problems and Solutions

[Question 1]

#/Usr/local/sbin/sshd

/Usr/local/sbin/sshd: Error while loadingshared libraries: libnsl. so.1: cannot open shared object file: no such file ordirectory

#

[Analysis and Solution]

[Root @ localhost lib] # cp libnsl */work/lib/

 

[Question 2]

#/Usr/local/sbin/sshd

Privilege Separation user sshd does notexist

#

[Analysis and Solution]

No sshd user

Sshd: X: 74: 74: privilege-separatedssh:/var/empty/sshd:/sbin/nologin

 

Host:

[Root @ localhost etc] # cp/etc/passwd Shadow Group/work

 

Target:

MV/Edwin/passwd/etc

MV/Edwin/group/etc

MV/Edwin/shadow/etc

 

Note: Change root: X: 0: 0: Root:/root:/bin/Bash to root: X: 0: 0: Root:/root:/bin/sh.

 

[Question 3]

#/Usr/local/sbin/sshd

Missing Privilege Separation Directory:/var/empty

#

 

 

[Analysis and Solution]

# Mkdir/var/empty

#/Usr/local/sbin/sshd

#

 

[Question 4]

The [root@localhost.ssh] # ssh-l root 192.168.167.132

Root@192.168.167.132's password:

Permission denied, please try again.

 

[Analysis and Solution]

Add the corresponding files or directories according to the messages printed below, mainly the files related to the user account and key.

The strace analysis is as follows:

 

Stat64 ("/root/. Ssh", {st_mode = s_ifdir | 0755, st_size = 4096,...}) = 0

Open ("/etc/passwd", o_rdonly) = 4

Fcntl64 (4, f_getfd) = 0

Fcntl64 (4, f_setfd, fd_cloexec) = 0

Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0

Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000

Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908

Close (4) = 0

Munmap (0xb7f13000, 4096) = 0

Open ("/root/. Ssh/identity", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/identity", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/identity", o_rdonly | o_largefile) =-1 enoent (no such file or D = 0

Fcntl64 (4, f_setfd, fd_cloexec) = 0

Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0

Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000

Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908

Close (4) irectory)

Open ("/root/. Ssh/identity. Pub", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/etc/passwd", o_rdonly) = 4

Fcntl64 (4, f_getfd) = 0

Munmap (0xb7f13000, 4096) = 0

Open ("/root/. Ssh/id_rsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/id_rsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/id_rsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/id_rsa.pub", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/etc/passwd", o_rdonly) = 4

Fcntl64 (4, f_getfd) = 0

Fcntl64 (4, f_setfd, fd_cloexec) = 0

Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0

Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000

Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908

Close (4) = 0

Munmap (0xb7f13000, 4096) = 0

Open ("/root/. Ssh/id_dsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/id_dsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/id_dsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/root/. Ssh/id_dsa.pub", o_rdonly | o_largefile) =-1 enoent (no such file or directory)

Open ("/etc/passwd", o_rdonly) = 4

Fcntl64 (4, f_getfd) = 0

Fcntl64 (4, f_setfd, fd_cloexec) = 0

Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0

Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000

Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908

Close (4) = 0

Munmap (0xb7f13000, 4096) = 0

Open ("/etc/passwd", o_rdonly) = 4

Fcntl64 (4, f_getfd) = 0

Fcntl64 (4, f_setfd, fd_cloexec) = 0

Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0

Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000

Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908

 

[Question 5]

#./Ssh-keygen

Generating public/private RSA key pair.

Enter file in which to save the key (/root/. Ssh/id_rsa ):

Cocould not create directory '/root/. Ssh '.

 

[Analysis and Solution]

# Ls/

Bin etc linuxrc NFS sys var Dev jffs2lost + found proc tmpfs yaffs2 Edwin libmnt sbin USR

# Cd/root

-SH: CD: Can't CD to/root

# Mkdir Root

# Cd/root

# Mkdir. SSH

# Ls-

... Ssh

 

#./Ssh-keygen

Generating public/private RSA key pair.

Enter file in which to save the key (/root/. Ssh/id_rsa ):

Enter passphrase (empty for no passphrase ):

Enter same passphrase again:

Your identification has been saved in/root/. Ssh/id_rsa.

Your public key has been saved in/root/. Ssh/id_rsa.pub.

The key fingerprint is:

76: DD: B7: C4: 35: 41: Ce: 35: 97: 5D: 4E: 36: 54: Fe: 67: 08root @ (none)

 

#./Ssh-keygen-d

Generating public/private DSA key pair.

Enter file in which to save the key (/root/. Ssh/id_dsa ):

Enter passphrase (empty for no passphrase ):

Enter same passphrase again:

Your identification has been saved in/root/. Ssh/id_dsa.

Your public key has been saved in/root/. Ssh/id_dsa.pub.

The key fingerprint is:

7A: 96: B7: 05: Cf: D2: D1: E2: 16: 70: 0a: 6f: B2: 62: 12: d8root @ (none)

 

[Question 6]

#/Usr/local/sbin/sshd

Missing Privilege Separation Directory:/var/empty

 

[Analysis and Solution]

# Ls/var

# Mkdir/var/empty

#/Usr/local/sbin/sshd

#

 

 

[Question 7]

[Root @ localhost ~] # SSH 192.168.167.132

SSH: connect to host 192.168.167.132 port22: Connection refused

 

[Analysis and Solution]

The sshd deamon program on the target side is not started.

 

/Usr/local/sbin/sshd

[Question 8]

What is the sshd User Creation on the target end?

 

[Analysis and Solution]

The adduser and passwd commands provided by the root file system created using busybox are different from those on the PC.

Create an account on a PC:

[Root @ localhost 25] # adduser Test

[Root @ localhost 25] # passwd Test

[Root @ localhost 25] # passwd Test

Changing password for user test.

New UNIX password:

 

Create an account on target:

First, use the-D option to set the password. Otherwise, the message "unknown uid" is displayed.

# Adduser-H/test-S/bin/sh-D Test

# Passwd Test

 

[Question 9]

After the client SSH to the target board, the user account and password are verified, but the shell is not started?

 

[Analysis and Solution]

Step 1: Use strace to trace and find no valuable information.

Step 2: Modify the OpenSSH source code to print as much debug information as possible.

Comment out the following two lines in the log. c file to print all debugging information.

// If (level> log_level)

// Return;

Step 3: recompile OpenSSH and reinstall sshd according to 3.2

Step 4: Create the/var/log directory on the target

Step 5: Start the syslogd Service

Step 6: Start sshd and SSH on the host end to the target end.

HOST:/usr/local/sbin/sshd

Target: SSH-l root 192.168.167.132

Observe the var/log/messagesdebug information:

 

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_by_channel: Session 0 channel 0

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_input_channel_req: Session 0 req Pty-req

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: allocating Pty.

Jan 1 01:27:03 (none) Auth. Err sshd [436]: Error: openpty: no such file or directory

Jan 1 01:27:03 (none) Auth. Err sshd [436]: Error: session_pty_req: Session 0 alloc failed

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: server_input_channel_req: Channel 0 request env reply 0

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_by_channel: Session 0 channel 0

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_input_channel_req: Session 0 req env

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug2: Ignoring env requestlang: disallowed name

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: server_input_channel_req: Channel 0 request shell reply 0

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_by_channel: Session 0 channel 0

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_input_channel_req: Session 0 req Shell

Jan 1 01:27:03 (none) Auth. Err sshd [440]: Error: setlogin failed: Illegal seek

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug2: FD 3 setting tcp_nodelay

Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug2: FD 7 setting o_nonblock

 

Search openpty in OpenSSH source code and find that many device files need to be opened in the openpty function, such as/dev/ptmx, PT,/dev/PTC, realize whether the corresponding device file is missing, because when creating the root file system, select some device files as needed and do not add them completely. Add all the device files.

# Cp-aVF/dev/*/tftpboot/25/dev/

Restart or not.

 

Search openpty on the Internet and find a solution to "sshd makes error 'openpty: no such file or directory"

-Mknod/dev/ptmx C 5 2

Chmod 666/dev/ptmx

Mkdir/dev/PTS

 

-Add to/etc/fstab:

None/dev/PTS devpts gid = 5, mode = 620 0 0

(Note: gid = 5 is applicable for Redhat systems forwhich group "tty" has GID 5. adjust according to your distribution. use mode = 600 if you want "mesg n" to be default.

 

-Mount/dev/PTS

 

Original sticker: http://www.patoche.org/LTT/kernel/00000172.html

 

Follow the above steps to SSH from the host to the target, OK.

 

5. Summary

The sshd has been successfully transplanted. I feel that it is strongly recommended that you add all the device files when creating the root file system. Strace is a good tracing debugging tool.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.