Port sshd to jk2410 Development Board
1. Introduction
SSH was developed by a Finnish company. However, due to copyright and encryption algorithm restrictions, OpenSSH is widely used in the industry as a secure network service application. OpenSSH is a software alternative to SSH and is free of charge. As mentioned in the previous article "porting oprofile to jk2410 Development Board", devrocket, an application development and system analysis tool provided by montavista, must establish a connection between the Development Board and the host when debugging and analyzing performance, communicate over ssh. Because the sshd servo program is not configured on the jk2410 Development Board, You need to port the sshd to the jk2410 Development Board.
2. Environment
Hardware environment:
Host:
X86pc
Target:
Jk2410 Development Board
Software environment:
Host:
Vmware6
OS: centos 5
Strace debugging tool
Target:
OS: linux-2.6.18 pro500
Rootfs: initrd-edwin-25M.img
Strace debugging tool
3. Porting steps
Source code package:
Openssh-4.6p1.tar.gz http://www.openssh.com/portable.html
Openssl-0.9.8e.tar.gz http://www.openssl.org/source
Zlib-1.2.3.tar.tar http://www.zlib.net/
Compilation tool
Arm-9tdmi-linux-gnu-gcc
Arm-9tdmi-linux-gnu-g ++
3.1. Cross-Compilation
Create an SSH directory under the/work object
# Mkdir/work/lib ----> shared library directory, mounted through NFS
# Mkdir/work/ssh -----> working directory
# Cd/work/ssh
# Mkdir compressed install source -----> compressed is used to store the source package.
Install software installation directory
Extract the source package directory
# Mv tarpakgs/openssh-4.6p1.tar.gz/work/ssh/compressed
# Mv tarpakgs/openssl-0.9.8e.tar.gz/work/ssh/compressed
# Mv tarpakgs/zlib-1.2.3.tar.tar/work/ssh/compressed
Cross-compile zlib
# Cd/work/ssh/compressed/
# Tar xvf zlib-1.2.3.tar.tar-C ../source
# CD ../source/zlib-1.2.3
#./Configure -- prefix =/work/ssh/install/zlib-1.2.3
# Vim makefile
Cc = arm-9tdmi-linux-gnu-gcc
AR = arm-9tdmi-linux-gnu-ar RC
CPP = arm-9tdmi-linux-gnu-gcc-e
Ldshared = arm-9tdmi-linux-gnu-gcc
# Make
# Make install
Cross-compile OpenSSL
# Cd/work/ssh/compressed/
# Tar zxvf openssl-0.9.8e.tar.gz-C ../source
# CD ../source/openssl-0.9.8e
#./Configure -- prefix =/work/ssh/install/openssl-0.9.8e OS/Compiler: arm-9tdmi-linux-gnu-gcc
# Make
# Make install
Cross-compile OpenSSH
# Cd/work/ssh/compressed
# Tar zxvf openssh-4.6p1.tar.gz-C ../source
# CD ../source/openssh-4.6p1
#. /Configure -- Host = arm-9tdmi-linux-gnu -- With-Libs -- With-zlib =/work/ssh/install/zlib-1.2.3 -- With-SSL-Dir =/work/ssh/install/openssl-0.9.8e -- disable -etc-default-logincc = arm-9tdmi-linux-gnu-gcc AR = arm-9tdmi-linux-gnu-ar
Print the following information:
OpenSSH has been configured with thefollowing options:
User Binaries:/usr/local/bin
System Binaries:/usr/local/sbin
Configuration Files:/usr/local/etc
Askpass program:/usr/local/libexec/ssh-askpass
Manual pages:/usr/local/share/man/Manx
PID file:/var/run
Privilege Separation chroot path:/var/empty
Sshd Default User path:/usr/bin:/usr/sbin:/usr/local/bin
Manpage format: Doc
Pam support: No
Osf sia support: No
Kerberosv support: No
SELinux support: No
Smartcard support: No
S/key support: No
TCP Wrappers support: No
MD5 password support: No
Libedit support: No
Solaris process contract support: No
IP address in $ display hack: No
Translate V4 in V6 hack: Yes
BSD auth support: No
Random Number Source: OpenSSL internal only
HOST: arm-9tdmi-linux-gnu
Compiler: arm-9tdmi-linux-gnu-gcc
Compiler flags:-g-O2-wall-wpointer-Arith-wuninitialized-wsign-compare-STD = gnu99
Preprocessor flags:-I/work/ssh/install/openssl-0.9.8e/include
-I/work/ssh/install/zlib-1.2.3/include
Linker flags:-L/work/ssh/install/openssl-0.9.8e/lib
-L/working/ssh/install/zlib-1.2.3/lib
Libraries:-lresolv-lcrypto-lutil-LZ-lnsl-lcrypt
3.2. Install sshd
Create a directory in the root file system according to the information printed above and copy the corresponding file.
My root file system image is/tftpboot/initrd-edwin-25M.img.
# Cd/tftpboot/
# Mkdir 25 & Mount-oloopinitrd-edwin-25M.img 25
# CD 25/usr/local & mkdir bin etc libexec sbin share
# Cd/work/ssh/source/openssh-4.6p1
# Cp scp sftp Ssh ssh-add ssh-Agent ssh-keygen ssh-keyscan/tftpboot/25/usr/local/bin
# Cp moduli ssh_config sshd_config ssh_host_dsa_key pair ssh_host_key ssh_host_key.pub ssh_host_rsa_key pair/tftpboot/25/usr/local/etc
# Cp sftp-server ssh-keysign/tftpboot/25/usr/local/libexec
# Cp sshd/tftpboot/25/usr/local/sbin
3.3. Build and debug the software environment
A) U-boot parameter settings
Bootargs = root =/dev/ram0 rwconsole = ttysac0, 115200 mem = 64 mramdisk = 32768 initrd = 0x30800000, 25 minit =/linuxrc
Bootcmd = tftpboot 0x33000000 uimage; tftpboot 0x30800000 initrd-edwin-25M.img; bootm 33000000
B) copy the kernel image uimage and the root file system image initrd-edwin-25M.img to the/tftpboot/directory
C) after the system is started, mount the/work directory on the host to/Edwin on the target machine.
Target:
Vim/etc/init. d/RCS
Echo "Mount/work to/Edwin .....";
Mount-T nfs192.168.167.131:/work/Edwin-O nolock, rsize = 1024, wsize = 1024, timeo = 15
D) specify the shared library search directory
Target:
Vim/etc/profile
# Set searchlibrary path
Echo "setsearch library path in/etc/profile"
Exportld_library_path =/Edwin/lib
# Set User path
Echo "setuser path in/etc/profile"
Path =/bin:/sbin:/usr/bin:/usr/sbin
Export path
E) Start the sshd deamon program.
/Usr/local/sbin/sshd
Shows the missing library file and copies it to the/work/lib directory on the host.
D) Use strace to track sshd, query the missing directories and files, and add corresponding supplements.
Strace-f/usr/local/sbin/sshd
E) after successful debugging, add the sshd to the auto-start
Target:
Vim/etc/profile
Echo "Start sshd deamon routine ....."
/Usr/local/sbin/sshd
F)
4. Problems and Solutions
[Question 1]
#/Usr/local/sbin/sshd
/Usr/local/sbin/sshd: Error while loadingshared libraries: libnsl. so.1: cannot open shared object file: no such file ordirectory
#
[Analysis and Solution]
[Root @ localhost lib] # cp libnsl */work/lib/
[Question 2]
#/Usr/local/sbin/sshd
Privilege Separation user sshd does notexist
#
[Analysis and Solution]
No sshd user
Sshd: X: 74: 74: privilege-separatedssh:/var/empty/sshd:/sbin/nologin
Host:
[Root @ localhost etc] # cp/etc/passwd Shadow Group/work
Target:
MV/Edwin/passwd/etc
MV/Edwin/group/etc
MV/Edwin/shadow/etc
Note: Change root: X: 0: 0: Root:/root:/bin/Bash to root: X: 0: 0: Root:/root:/bin/sh.
[Question 3]
#/Usr/local/sbin/sshd
Missing Privilege Separation Directory:/var/empty
#
[Analysis and Solution]
# Mkdir/var/empty
#/Usr/local/sbin/sshd
#
[Question 4]
The [root@localhost.ssh] # ssh-l root 192.168.167.132
Root@192.168.167.132's password:
Permission denied, please try again.
[Analysis and Solution]
Add the corresponding files or directories according to the messages printed below, mainly the files related to the user account and key.
The strace analysis is as follows:
Stat64 ("/root/. Ssh", {st_mode = s_ifdir | 0755, st_size = 4096,...}) = 0
Open ("/etc/passwd", o_rdonly) = 4
Fcntl64 (4, f_getfd) = 0
Fcntl64 (4, f_setfd, fd_cloexec) = 0
Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0
Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000
Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908
Close (4) = 0
Munmap (0xb7f13000, 4096) = 0
Open ("/root/. Ssh/identity", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/identity", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/identity", o_rdonly | o_largefile) =-1 enoent (no such file or D = 0
Fcntl64 (4, f_setfd, fd_cloexec) = 0
Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0
Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000
Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908
Close (4) irectory)
Open ("/root/. Ssh/identity. Pub", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/etc/passwd", o_rdonly) = 4
Fcntl64 (4, f_getfd) = 0
Munmap (0xb7f13000, 4096) = 0
Open ("/root/. Ssh/id_rsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/id_rsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/id_rsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/id_rsa.pub", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/etc/passwd", o_rdonly) = 4
Fcntl64 (4, f_getfd) = 0
Fcntl64 (4, f_setfd, fd_cloexec) = 0
Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0
Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000
Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908
Close (4) = 0
Munmap (0xb7f13000, 4096) = 0
Open ("/root/. Ssh/id_dsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/id_dsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/id_dsa", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/root/. Ssh/id_dsa.pub", o_rdonly | o_largefile) =-1 enoent (no such file or directory)
Open ("/etc/passwd", o_rdonly) = 4
Fcntl64 (4, f_getfd) = 0
Fcntl64 (4, f_setfd, fd_cloexec) = 0
Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0
Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000
Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908
Close (4) = 0
Munmap (0xb7f13000, 4096) = 0
Open ("/etc/passwd", o_rdonly) = 4
Fcntl64 (4, f_getfd) = 0
Fcntl64 (4, f_setfd, fd_cloexec) = 0
Fstat64 (4, {st_mode = s_ifreg | 0644, st_size = 1908,...}) = 0
Mmap2 (null, 4096, prot_read | prot_write, map_private | map_anonymous,-1, 0) = 0xb7f13000
Read (4, "root: X: 0: 0: Root:/root:/bin/bash \ n"..., 4096) = 1908
[Question 5]
#./Ssh-keygen
Generating public/private RSA key pair.
Enter file in which to save the key (/root/. Ssh/id_rsa ):
Cocould not create directory '/root/. Ssh '.
[Analysis and Solution]
# Ls/
Bin etc linuxrc NFS sys var Dev jffs2lost + found proc tmpfs yaffs2 Edwin libmnt sbin USR
# Cd/root
-SH: CD: Can't CD to/root
# Mkdir Root
# Cd/root
# Mkdir. SSH
# Ls-
... Ssh
#./Ssh-keygen
Generating public/private RSA key pair.
Enter file in which to save the key (/root/. Ssh/id_rsa ):
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/root/. Ssh/id_rsa.
Your public key has been saved in/root/. Ssh/id_rsa.pub.
The key fingerprint is:
76: DD: B7: C4: 35: 41: Ce: 35: 97: 5D: 4E: 36: 54: Fe: 67: 08root @ (none)
#./Ssh-keygen-d
Generating public/private DSA key pair.
Enter file in which to save the key (/root/. Ssh/id_dsa ):
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/root/. Ssh/id_dsa.
Your public key has been saved in/root/. Ssh/id_dsa.pub.
The key fingerprint is:
7A: 96: B7: 05: Cf: D2: D1: E2: 16: 70: 0a: 6f: B2: 62: 12: d8root @ (none)
[Question 6]
#/Usr/local/sbin/sshd
Missing Privilege Separation Directory:/var/empty
[Analysis and Solution]
# Ls/var
# Mkdir/var/empty
#/Usr/local/sbin/sshd
#
[Question 7]
[Root @ localhost ~] # SSH 192.168.167.132
SSH: connect to host 192.168.167.132 port22: Connection refused
[Analysis and Solution]
The sshd deamon program on the target side is not started.
/Usr/local/sbin/sshd
[Question 8]
What is the sshd User Creation on the target end?
[Analysis and Solution]
The adduser and passwd commands provided by the root file system created using busybox are different from those on the PC.
Create an account on a PC:
[Root @ localhost 25] # adduser Test
[Root @ localhost 25] # passwd Test
[Root @ localhost 25] # passwd Test
Changing password for user test.
New UNIX password:
Create an account on target:
First, use the-D option to set the password. Otherwise, the message "unknown uid" is displayed.
# Adduser-H/test-S/bin/sh-D Test
# Passwd Test
[Question 9]
After the client SSH to the target board, the user account and password are verified, but the shell is not started?
[Analysis and Solution]
Step 1: Use strace to trace and find no valuable information.
Step 2: Modify the OpenSSH source code to print as much debug information as possible.
Comment out the following two lines in the log. c file to print all debugging information.
// If (level> log_level)
// Return;
Step 3: recompile OpenSSH and reinstall sshd according to 3.2
Step 4: Create the/var/log directory on the target
Step 5: Start the syslogd Service
Step 6: Start sshd and SSH on the host end to the target end.
HOST:/usr/local/sbin/sshd
Target: SSH-l root 192.168.167.132
Observe the var/log/messagesdebug information:
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_by_channel: Session 0 channel 0
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_input_channel_req: Session 0 req Pty-req
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: allocating Pty.
Jan 1 01:27:03 (none) Auth. Err sshd [436]: Error: openpty: no such file or directory
Jan 1 01:27:03 (none) Auth. Err sshd [436]: Error: session_pty_req: Session 0 alloc failed
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: server_input_channel_req: Channel 0 request env reply 0
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_by_channel: Session 0 channel 0
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_input_channel_req: Session 0 req env
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug2: Ignoring env requestlang: disallowed name
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: server_input_channel_req: Channel 0 request shell reply 0
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_by_channel: Session 0 channel 0
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug1: session_input_channel_req: Session 0 req Shell
Jan 1 01:27:03 (none) Auth. Err sshd [440]: Error: setlogin failed: Illegal seek
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug2: FD 3 setting tcp_nodelay
Jan 1 01:27:03 (none) Auth. debug sshd [436]: debug2: FD 7 setting o_nonblock
Search openpty in OpenSSH source code and find that many device files need to be opened in the openpty function, such as/dev/ptmx, PT,/dev/PTC, realize whether the corresponding device file is missing, because when creating the root file system, select some device files as needed and do not add them completely. Add all the device files.
# Cp-aVF/dev/*/tftpboot/25/dev/
Restart or not.
Search openpty on the Internet and find a solution to "sshd makes error 'openpty: no such file or directory"
-Mknod/dev/ptmx C 5 2
Chmod 666/dev/ptmx
Mkdir/dev/PTS
-Add to/etc/fstab:
None/dev/PTS devpts gid = 5, mode = 620 0 0
(Note: gid = 5 is applicable for Redhat systems forwhich group "tty" has GID 5. adjust according to your distribution. use mode = 600 if you want "mesg n" to be default.
-Mount/dev/PTS
Original sticker: http://www.patoche.org/LTT/kernel/00000172.html
Follow the above steps to SSH from the host to the target, OK.
5. Summary
The sshd has been successfully transplanted. I feel that it is strongly recommended that you add all the device files when creating the root file system. Strace is a good tracing debugging tool.