移植sshd到arm开发板(修正版)

引言

之前移植sshd到arm开发板，断断续续花了好长时间，但是ssh登录时还总是提示permission denied please try again，网上说的方法都试过了，还是无法解决，让人非常郁闷。当时用的交叉编译器是arm-linux-gcc 3.4.1，busybox用的是1.15.2版本。后来改用arm-linux-gcc  4.4.3，busybox用的是1.19.2版本，很快就移植成功了。写出来供大家参考。

 

环境

交叉编译器版本：

arm-linux-gcc  4.4.3

调试工具

strace

 

源码包：

zlib-1.2.3.tar.tar      http://www.zlib.net/

openssl-1.0.0d.tar.gz       http://www.openssl.org/source

openssh-5.8p2.tar.gz    http://www.openssh.com/portable.html

 

移植步骤

1.        交叉编译 zlib

# tar xjvf zlib-1.2.3.tar.bz2 -C ../source/

# cd ../source/zlib-1.2.3/

# ./configure--prefix=/home/noted2011/install/zlib-1.2.3

 

# vim Makefile

CC=arm-linux-gcc

AR=arm-linux-ar rc

CPP =arm-linux-gcc -E

LDSHARED=arm-linux-gcc

# make

# make install

 

2.        交叉编译openssl

# tar xzvf openssl-1.0.0d.tar.gz -C../source/

# cd ../source/openssl-1.0.0d/

# ./Configure--prefix=/home/noted2011/install/openssl-1.0.0d os/compiler:arm-linux-gcc

# make

# make install

 

3.        交叉编译openssh

#tar xzvf openssh-5.8p2.tar.gz -C../source/

#cd ../source/openssh-5.8p2/

#./configure --host=arm-linux --with-libs--with-zlib=/home/noted2011/install/zlib-1.2.3--with-ssl-dir=/home/noted2011/install/openssl-1.0.0d--disable-etc-default-login CC=arm-linux-gcc AR=arm-linux-ar

#make

 

4.        安装sshd

#cd /home/noted2011/rootfs/rtfs/usr/

#mkdir local

#cd local

#mkdir bin etc libexec sbin share

#arm-linux-strip scp sftp ssh ssh-addssh-agent ssh-keygen ssh-keyscan sftp-server ssh-keysign sshd

#cp scp sftp ssh ssh-add ssh-agentssh-keygen ssh-keyscan /home/noted2011/rootfs/rtfs/usr/local/bin/

#cp moduli ssh_config sshd_config/home/noted2011/rootfs/rtfs/usr/local/etc

#cp sftp-server ssh-keysign/home/noted2011/rootfs/rtfs/usr/local/libexec/

#cp sshd/home/noted2011/rootfs/rtfs/usr/local/sbin/

#ssh-keygen -t rsa1 -f ssh_host_key -N""

#ssh-keygen -t rsa -f ssh_host_rsa_key -N""

#ssh-keygen -t dsa -f ssh_host_dsa_key -N""

#cp ssh_host* /home/noted2011/rootfs/rtfs/usr/local/etc

 

建立目录和拷贝相应的库和文件

mkdir -p var/run

mkdir -p var/empty/sshd

chmod 755 var/empty

 

libgcc_s.so.1

libnsl.so.1

libnss_compat.so.2

libnss_files.so.2

需要拷贝以上库，从你的交叉编译器里拷。例如：

 cp/opt/FriendlyARM/toolschain/4.4.3/arm-none-linux-gnueabi/sys-root/lib/libnss_compat.so.2rtfs/lib

 

还有拷贝下面两个文件

gai.conf

/etc/nsswitch.conf

 

cp/usr/share/doc/glibc-common-2.11/gai.conf rtfs/etc/

cp /etc/nsswitch.conf rtfs/etc/

 

最后把sshd做到根文件系统里

./mkyaffs2image rtfs/ rootfs.yaffs

 

5.        测试

在板子上运行sshd

#/usr/local/sbin/sshd

可能会报Could not load host key: /usr/local/etc/ssh_host_ecdsa_key，这个不影响正常使用。

 

#/usr/local/bin/ssh -v 192.168.0.15

192.168.0.15是板子的ip地址，如果执行上面的操作报ssh:connect to host 192.168.0.15 port 22: Connection timed out，需要执行下面的操作。

#ifconfig lo 127.0.0.1

 

 

6.        可能会遇到的问题的

[root@OK2440  /root]# /usr/local/sbin/sshd

Privilege separation user sshd does notexist

解决办法，借助于strace，查看调试信息，发现是缺少了gai.conf 和nsswitch.conf，还有libnss_compat.so.2和libnss_files.so.2。

 

具体的调试信息：

[root@OK2440  /root]# strace /usr/local/sbin/sshd

execve("/usr/local/sbin/sshd",["/usr/local/sbin/sshd"], [/* 8 vars */]) = 0

brk(0)                                  = 0x1cf000

uname({sys="Linux",node="OK2440", ...}) = 0

access("/etc/ld.so.preload",R_OK)      = -1 ENOENT (No such file ordirectory)

open("/etc/ld.so.cache",O_RDONLY)      = -1 ENOENT (No such fileor directory)

open("/lib/tls/v4l/half/libdl.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/lib/tls/v4l/half",0xbed344f8) = -1 ENOENT (No such file or directory)

open("/lib/tls/v4l/libdl.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/lib/tls/v4l",0xbed344f8)      = -1 ENOENT (No suchfile or directory)

open("/lib/tls/half/libdl.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/lib/tls/half",0xbed344f8)     = -1 ENOENT (No such fileor directory)

open("/lib/tls/libdl.so.2",O_RDONLY)   = -1 ENOENT (No such file ordirectory)

stat64("/lib/tls",0xbed344f8)          = -1 ENOENT (No suchfile or directory)

open("/lib/v4l/half/libdl.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/lib/v4l/half",0xbed344f8)     = -1 ENOENT (No such fileor directory)

open("/lib/v4l/libdl.so.2",O_RDONLY)   = -1 ENOENT (No such file ordirectory)

stat64("/lib/v4l",0xbed344f8)          = -1 ENOENT (No suchfile or directory)

open("/lib/half/libdl.so.2",O_RDONLY)  = -1 ENOENT (No such file ordirectory)

stat64("/lib/half", 0xbed344f8)         = -1 ENOENT (No such file ordirectory)

open("/lib/libdl.so.2",O_RDONLY)       = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0 \t\0\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0555,st_size=9740, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000

mmap2(NULL, 41136, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40025000

mprotect(0x40027000, 28672, PROT_NONE)  = 0

mmap2(0x4002e000, 8192,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x4002e000

close(3)                                = 0

open("/lib/libutil.so.1",O_RDONLY)     = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\344\t\0\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0555,st_size=9776, ...}) = 0

mmap2(NULL, 41128, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40030000

mprotect(0x40032000, 28672, PROT_NONE)  = 0

mmap2(0x40039000, 8192,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x40039000

close(3)                                = 0

open("/lib/libnsl.so.1",O_RDONLY)      = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0t/\0\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0555,st_size=96883, ...}) = 0

mmap2(NULL, 116488, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4003b000

mprotect(0x4004d000, 28672, PROT_NONE)  = 0

mmap2(0x40054000, 8192,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) =0x40054000

mmap2(0x40056000, 5896,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40056000

close(3)                                = 0

open("/lib/libcrypt.so.1",O_RDONLY)    = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0t\7\0\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0555,st_size=34304, ...}) = 0

mmap2(NULL, 225608, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40058000

mprotect(0x40060000, 28672, PROT_NONE)  = 0

mmap2(0x40067000, 8192, PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x40067000

mmap2(0x40069000, 155976,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40069000

close(3)                                = 0

open("/lib/libresolv.so.2",O_RDONLY)   = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0D$\0\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0555,st_size=67356, ...}) = 0

mmap2(NULL, 108440, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40090000

mprotect(0x400a0000, 28672, PROT_NONE)  = 0

mmap2(0x400a7000, 8192,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf) = 0x400a7000

mmap2(0x400a9000, 6040,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400a9000

close(3)                                = 0

open("/lib/libgcc_s.so.1",O_RDONLY)    = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\24-\0\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0444,st_size=173731, ...}) = 0

mmap2(NULL, 78168, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x400ab000

mprotect(0x400b6000, 28672, PROT_NONE)  = 0

mmap2(0x400bd000, 8192,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x400bd000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3,"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\334Q\1\0004\0\0\0"...,512) = 512

fstat64(3, {st_mode=S_IFREG|0555,st_size=1176900, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000

mmap2(NULL, 1212952, PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x400bf000

mprotect(0x401da000, 32768, PROT_NONE)  = 0

mmap2(0x401e2000, 12288,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11b) =0x401e2000

mmap2(0x401e5000, 8728,PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401e5000

close(3)                                = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001e000

set_tls(0x4001dde0, 0x4001e4b7, 0x4001e4b8,0x4001dde0, 0x40024000) = 0

mprotect(0x401e2000, 8192, PROT_READ)   = 0

mprotect(0x400bd000, 4096, PROT_READ)   = 0

mprotect(0x400a7000, 4096, PROT_READ)   = 0

mprotect(0x40067000, 4096, PROT_READ)   = 0

mprotect(0x40054000, 4096, PROT_READ)   = 0

mprotect(0x40039000, 4096, PROT_READ)   = 0

mprotect(0x4002e000, 4096, PROT_READ)   = 0

mprotect(0x1c4000, 4096, PROT_READ)     = 0

mprotect(0x40023000, 4096, PROT_READ)   = 0

brk(0)                                  = 0x1cf000

brk(0x1f0000)                           = 0x1f0000

geteuid32()                             = 0

setgroups32(0, [])                      = 0

open("/dev/null",O_RDWR|O_LARGEFILE)   = 3

close(3)                                = 0

getpid()                                = 1070

open("/proc/1070/fd",O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3

fstat64(3, {st_mode=S_IFDIR|0500,st_size=0, ...}) = 0

fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)

getdents64(3, /* 6 entries */, 1024)    = 144

getdents64(3, /* 0 entries */, 1024)    = 0

close(3)                                = 0

open("/usr/local/etc/sshd_config",O_RDONLY|O_LARGEFILE) = 3

fstat64(3, {st_mode=S_IFREG|0644,st_size=3212, ...}) = 0

mmap2(NULL, 4096, PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001f000

read(3, "#\t$OpenBSD: sshd_config,v1.82 2"..., 4096) = 3212

read(3, "", 4096)                       = 0

close(3)                                = 0

munmap(0x4001f000, 4096)                = 0

open("/dev/urandom",O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3

fstat64(3, {st_mode=S_IFCHR|0660,st_rdev=makedev(1, 9), ...}) = 0

poll([{fd=3, events=POLLIN}], 1, 10)    = 1 ([{fd=3, revents=POLLIN}])

read(3,"\307\23\315\25\t\273\270\253\341p,\26\312\355@0\32\241W\367\3\254sm\215\341\17r\364e\21\22",32) = 32

close(3)                                = 0

getuid32()                              = 0

gettimeofday({49, 541076}, NULL)        = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 3

bind(3, {sa_family=AF_NETLINK, pid=0,groups=00000000}, 12) = 0

getsockname(3, {sa_family=AF_NETLINK,pid=1070, groups=00000000}, [12]) = 0

gettimeofday({49, 552092}, NULL)        = 0

sendto(3,"\24\0\0\0\26\0\1\0031\0\0\0\0\0\0\0\0\0\0\0", 20, 0,{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3,{msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},msg_iov(1)=[{"<\0\0\0\24\0\2\0001\0\0\0.\4\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250\0\17"...,4096}], msg_cOntrollen=0, msg_flags=0}, 0) = 60

recvmsg(3,{msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000},msg_iov(1)=[{"\24\0\0\0\3\0\2\0001\0\0\0.\4\0\0\0\0\0\0\2\0\0\0\10\0\1\0\300\250\0\17"...,4096}], msg_cOntrollen=0, msg_flags=0}, 0) = 20

close(3)                                = 0

open("/etc/gai.conf",O_RDONLY)         = -1 ENOENT (No suchfile or directory)

socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) =-1 EAFNOSUPPORT (Address family not supported by protocol)

socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3

connect(3, {sa_family=AF_INET, sin_port=htons(22),sin_addr=inet_addr("0.0.0.0")}, 16) = -1 EINVAL (Invalid argument)

close(3)                                = 0

socket(PF_FILE,SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_FILE,path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file ordirectory)

close(3)                                = 0

socket(PF_FILE,SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3

connect(3, {sa_family=AF_FILE,path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file ordirectory)

close(3)                                = 0

open("/etc/nsswitch.conf",O_RDONLY)    = -1 ENOENT (No such file ordirectory)

open("/lib/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/lib/tls/v4l/half/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls/v4l/half",0xbed33a88) = -1 ENOENT (No such file or directory)

open("/usr/lib/tls/v4l/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls/v4l",0xbed33a88)  = -1 ENOENT (No such file ordirectory)

open("/usr/lib/tls/half/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls/half",0xbed33a88) = -1 ENOENT (No such file or directory)

open("/usr/lib/tls/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/tls",0xbed33a88)      = -1 ENOENT (No suchfile or directory)

open("/usr/lib/v4l/half/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/v4l/half",0xbed33a88) = -1 ENOENT (No such file or directory)

open("/usr/lib/v4l/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/v4l",0xbed33a88)      = -1 ENOENT (No suchfile or directory)

open("/usr/lib/half/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib/half",0xbed33a88)     = -1 ENOENT (No such fileor directory)

open("/usr/lib/libnss_compat.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

stat64("/usr/lib",{st_mode=S_IFDIR|0755, st_size=2048, ...}) = 0

open("/lib/libnss_files.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

open("/usr/lib/libnss_files.so.2",O_RDONLY) = -1 ENOENT (No such file or directory)

write(2, "Privilege separation usersshd d"..., 47Privilege separation user sshd does not exist

) = 47

exit_group(255)                         = ?

 

后记

连接ssh比较慢，大概需要二三十秒，按照网上的方法，修改配置文件/usr/local/etc/sshd_config里的"UseDNS"的值为“no”，修改配置文件/usr/local/etc/ssh_config“GSSAPIAuthentication”的值为“no”，都无效，还是很慢。如果大家有什么好的解决办法，麻烦告诉我一声。邮箱地址是noted2011@163.com。还有ssh-keygen-t ecdsa -f ssh_host_ecdsa_key -N ""，报unknown key typeecdsa的解决办法。