openssh_openssh-server source code
赞
踩
一.android openssh
1. put openssh source code to external
external/openssh
2.add LOCAL_MODULE in device/fsl/imx6/imx6.mk
#ssh
PRODUCT_PACKAGES+=\
sshd \
ssh \
ssh-keygen \
sftp \
scp \
start-ssh \ //add start-ssh to system/bin automatically
sshd_config //create ssh folder to system/etc and cp sshd_config file to the ssh folder automatically.
see the external/openssh/Android.mk
4. sshd_config modified
Port 22
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile /data/ssh/authorized_keys //important........
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
HostbasedAuthentication no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
UsePrivilegeSeparation yes
5. /system/bin/start-bin
#!/system/bin/sh
umask 077
DEBUG=1
DSA_KEY=/data/ssh/ssh_host_dsa_key
DSA_PUB_KEY=/data/ssh/ssh_host_dsa_key.pub
RSA_KEY=/data/ssh/ssh_host_rsa_key
RSA_PUB_KEY=/data/ssh/ssh_host_rsa_key.pub
ID_RSA_PUB=/data/ssh/id_rsa.pub
#added ECDSA
ECDSA_KEY=/data/ssh/ssh_host_ecdsa_key
ECDSA_PUB_KEY=/data/ssh/ssh_host_ecdsa_key.pub
AUTHORIZED_KEYS=/data/ssh/authorized_keys
DEFAULT_AUTHORIZED_KEYS=/system/etc/security/authorized_keys.default
if [ ! -f $DSA_KEY ]; then
ssh-keygen -t dsa -f $DSA_KEY -N ""
chmod 600 /$DSA_KEY
chmod 644 $DSA_PUB_KEY
fi
if [ ! -f $RSA_KEY ]; then
/system/bin/ssh-keygen -t rsa -f $RSA_KEY -N ""
chmod 600 /$RSA_KEY
chmod 644 $RSA_PUB_KEY
fi
#add ECDRSA
if [ ! -f $ECDSA_KEY ]; then
/system/bin/ssh-keygen -t ecdsa -f $ECDSA_KEY -N ""
chmod 600 /$ECDSA_KEY
chmod 644 $ECDSA_PUB_KEY
fi
#if [[ ! -f $AUTHORIZED_KEYS && -f $DEFAULT_AUTHORIZED_KEYS ]]; then
# cat $DEFAULT_AUTHORIZED_KEYS > $AUTHORIZED_KEYS
#fi
if [ ! -f $ID_RSA_PUB ]; then
cp /system/etc/ssh/id_rsa.pub /data/ssh/
fi
//added by jason
if [ ! -f $AUTHORIZED_KEYS ]; then
touch $AUTHORIZED_KEYS
chmod 600 $AUTHORIZED_KEYS
cat /data/ssh/id_rsa.pub > $AUTHORIZED_KEYS
fi
if [ "1" == "$DEBUG" ] ; then
# run sshd in debug mode and capture output to logcat
/system/bin/logwrapper /system/bin/sshd -f /system/etc/ssh/sshd_config -D -d &
else
# don't daemonize - otherwise we can't stop the sshd service
/system/bin/sshd -f /system/etc/ssh/sshd_config -D &
fi
6. create file /data/ssh/authorized_keys
#touch /data/ssh/authorized_keys
#chmod 600 /data/ssh/authorized_keys
or create this file in init.rc or start-ssh
7. on PC ubuntu
$cd ~/.ssh
$ssh-keygen -t id_rsa -C "xxx@xxx.com" //e-mail address and file name have to be id_rsa
there will produce two files in .ssh :
id_rsa and id_rsa.pub
8. On EVK
place the id_rsa.pub to EVK by U drive.
9. On EVK
start sshd service
modify init.rc : service sshd /system/bin/start-ssh
or
#/system/bin/start-ssh
10.debug enable.
on EVK:
start-ssh: set DEBUG=1 and logcat (logcat -c)
on PC:
ssh -v root@192.168.1.199
11. scp file transfer
on PC:
scp a.txt root@192.168.1.199:/data //send data to EVK sucessfully
scp root@192.168.1.199:/init.rc /home/ //get data from RVK successfully
question:
1. when the EVK reboot the img that means ECDSA has been changed on the EVK side.
when PC ubuntu try to ssh connect the EVK sshd, it will have error happen as showed blow:
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
8b:7e:c9:5c:6f:7b:a8:82:44:df:9a:24:88:66:48:be.
Please contact your system administrator.
Add correct host key in /home/jason/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/jason/.ssh/known_hosts:28
remove with: ssh-keygen -f "/home/jason/.ssh/known_hosts" -R 192.168.1.199
ECDSA host key for 192.168.1.199 has changed and you have requested strict checking.
reason:
PC ubuntu has old ECDSA key of EVK stored in ~/.ssh/know_hosts file.when PC ubuntu try to connect EVK it will use the default old ECDSA key but this ecdsa key doesn't math the one in EVK(ecdsa has change due to EVK reburn img)
solution:
(1)rm -rf ~/.ssh/known_hosts
(2)ssh-keygen -R 192.168.1.199
in my case, I take the first one solution.
二.linux openssh
1.zlib.1.2.11
(1)source code
http://www.gzip.org/zlib/
(2)configure
#./configure --prefix=/home/jason/E9/openssh/out
(3)modify Makefile
(4)set PATH
# export PATH=$PATH:/opt/Embedsky/gcc-4.6.2-glibc-2.13-linaro-multilib-2011.12/tq-linaro-toolchain/bin
(5)# make
(6)# make install
2.openssl-1.0.1s
how to install openssl ,please refer to wpa_supplicant article.
3.openssh-5.9p1
(1)source code
https://www.openssh.com/
(2)configure
#./configure --host=arm-none-linux-gnueabi --prefix=/home/jason/E9/openssh/out --with-libs --with-zlib=/home/jason/E9/openssh/out --with-ssl-dir=/opt/out --disable-
etc-default-login CC=arm-none-linux-gnueabi-gcc AR=arm-none-linux-gnueabi-ar LD=arm-none-linux-gnueabi-ld
(3)#make
(4)# make install-nokeys
problems:
(1)if make install
problem has not solved yet,but make install-nokeys is ok.
./ssh-keygen: 1: ./ssh-keygen: Syntax error: word unexpected (expecting ")")
./ssh-keygen: 1: ./ssh-keygen: Syntax error: word unexpected (expecting ")")
./ssh-keygen: 1: ./ssh-keygen: Syntax error: word unexpected (expecting ")")
./ssh-keygen: 1: ./ssh-keygen: Syntax error: word unexpected (expecting ")")
make: *** [host-key] Error 2
(2)
mkdir /usr/local/libexec
(umask 022 ; ./mkinstalldirs /var/empty)
mkdir /var/empty
/usr/bin/install -c -m 0755 -s ssh /usr/local/bin/ssh
strip: Unable to recognise the format of the input file `/usr/local/bin/ssh'
/usr/bin/install: strip process terminated abnormally
make: *** [install-files] Error 1
solved:
modify the Makefile
STRIP_OPT=-s --strip-program=arm-none-linux-gnueabi-strip
(3)
checking whether snprintf can declare const char *fmt... yes
checking whether system supports SO_PEERCRED getsockopt... yes
checking for (overly) strict mkstemp... yes
checking if openpty correctly handles controlling tty... yes
checking whether getpgrp requires zero arguments... yes
checking openssl/opensslv.h usability... no
checking openssl/opensslv.h presence... no
checking for openssl/opensslv.h... no
configure: error: *** OpenSSL headers missing - please install first or check config.log ***
solved:
#./configure --with-ssl-dir=/opt/out
(4)
arm-none-linux-gnueabi-ld: -f may not be used without -shared
make: *** [ssh] Error 1
solved:
add the -shared to Makefile
(5)增加-share虽然编译过,但是编译出来的不是可执行文件,无法在目标板执行
$ file ssh
文件是shared object,一个共享库文件
解决:
修改Makefile
将-fstack-protector-all 去掉
编译后生成可执行文件
