打印
[新唐博主]

nuc980 bsp版本移植SSH服务

[复制链接]
20|0
手机看帖
扫描二维码
随时随地手机跟帖
跳转到指定楼层
楼主
1.下载zlib,wget http://www.zlib.net/zlib-1.2.12.tar.gz;

2.下载ssl,wget https://www.openssl.org/source/openssl-3.0.2.tar.gz

3.下载ssh,wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz。

4.解压zlib库,新建一个zlib用于存放编译输出的文件,执行创建目录命令mkdir zlib,然后引入编译工具链的环境:export PATH=/home/zouyang/Nuvoton/Toolchain/arm_linux_4.8/bin:$PATH

5.配置编译编译工具,链接等

export CC=armarm-nuvoton-linux-uclibceabi-gcc

export LD=arm-nuvoton-linux-uclibceabi-ld

export AD=arm-nuvoton-linux-uclibceabi-as

6.配置编译输出的路径:

./configure --prefix=/home/zouyang/Nuvoton/app/zlib

7.此时生成一个Makefile文件,我们需要修改Makefile指定与路径无关,在如图所示位置添加-fPIC



8.编译安装make && make install

9.解压openssl:tar -zxf openssl-3.0.2.tar.gz

10.创建一个openssl目录用于保存编译生产的文件:mkdir openssl

11.配置编译工具:export CROSS_COMPILE=arm-nuvoton-linux-uclibceabi-

12.配置编译路径和变量:./Configure  linux-armv4 shared no-asm no-async --prefix=/home/zouyang/Nuvoton/app/openssl-3.0.2/openssl

13.编译与安装make && make install

14.解压openssh,tar -zxf openssh-8.9.tar.gz

15.配置../configure --host=arm-nuvoton-linux-uclibceabi- --with-libs --with-zlib=/home/zouyang/Nuvoton/app/zlib  --with-ssl-dir=/home/zouyang/Nuvoton/app/openssl --disable-etcdefault-login CC=arm-nuvoton-linux-uclibceabi-gcc AR=arm-nuvoton-linux-uclibceabi-ar

16.编译:make

17 在ge2000板子上面

创建mkdir -p /usr/local/bin,mkdir -p /usr/local/sbin,mkdir -p /usr/local/libexec/,mkdir -p /usr/local/etc,mkdir -p /var/empty/(一定要用mkdir -p)

将编译完成的文件分别复制到开发板目录下。

将scp、sftp、ssh、ssh-add、ssh-agent、ssh-keygen、ssh-keyscan复制到/usr/local/bin目录下;

将sshd复制到/usr/local/sbin目录下;

将moduli、ssh_config、sshd_config复制到/usr/local/etc目录下;

将sftp-server、ssh-keysign复制到 /usr/local/libexec目录下;

18.复制虚拟机开发环境的libatomic.so.1.0.0 然后ln -s 为libatomic.so.1,放在/lib下,复制libcrypto.so.3

19.修改etc目录下两个文件:

passwd:

root:x:0:0:root:/:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/false
bin:x:2:2:bin:/bin:/bin/false
sys:x:3:3:sys:/dev:/bin/false
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/false
www-data:x:33:33:www-data:/var/www:/bin/false
operator:x:37:37:Operator:/var:/bin/false
nobody:x:65534:65534:nobody:/home:/bin/false
sshd:x:1000:1000:SSH drop priv user:/:/bin/false
shadow:

root:$1$dvxX/kiv$V9K0mzwtAXVBrIJO6Xe.j1:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
bin:*:10933:0:99999:7:::
sys:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
mail:*:10933:0:99999:7:::
www-data:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
sshd:*:::::::

20.在/etc/init.d/rcS中添加mkdir /dev/pts   ,挂载devpts文件系统。mount -t devpts devpts /dev/pts.

21.生成密钥

在/usr/local/etc目录下:

/usr/local/bin/ssh-keygen -t rsa -f ssh_host_rsa_key -N ""

/usr/local/bin/ssh-keygen -t dsa -f ssh_host_dsa_key -N ""

/usr/local/bin/ssh-keygen -t ecdsa -f ssh_host_ecdsa_key -N ""

/usr/local/bin/ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ""

22.添加ssh、sshd执行权限

23.修改sshd_config文件内容:

#       $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

#新增
Hostkey /usr/local/etc/ssh_host_rsa_key
Hostkey /usr/local/etc/ssh_host_ecdsa_key
Hostkey /usr/local/etc/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#修改
PubkeyAuthentication no

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

#修改

PasswordAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords yes

# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
24 修改rcS

#新增

/usr/local/sbin/sshd &
————————————————

                            版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原文链接:https://blog.csdn.net/xunyuho/article/details/140609339

使用特权

评论回复
发新帖 我要提问
您需要登录后才可以回帖 登录 | 注册

本版积分规则

12

主题

24

帖子

0

粉丝