源码包为:
openssh-4.6p1.tar.gz
openssl-0.9.8h.tar.gz
zlib-1.2.3.tar.gz
在主机中新建一个ssh目录,存放源文件
mkdir -p /root/ Gemini_v2_6_3-n/ssh
tar zxvf openssh-4.6p1.tar.gz /root/ Gemini_v2_6_3-n/ssh
tar zxvf zlib-1.2.3.tar.gz /root/ Gemini_v2_6_3-n/ssh
tar zxvf openssl-0.9.8h.tar.gz /root/ Gemini_v2_6_3-n/ssh
cd Gemini_v2_6_3-n
进入Gemini_v2_6_3-n后,使其为根目录
#chroot .
在ssh目录中新建一个install文件夹,作为安装目录。
mkdir -p /ssh/install
移植openssh4.6的步骤:
1.编译
(1)编译zlib
cd /ssh/zlib-1.2.3
./configure --prefix=/ssh/install/zlib-1.2.3
修改Makefile:
CC=gcc 改为:
CROSS=/usr/local/920t/bin/arm_920t_le-
CC=$(CROSS)gcc
LDSHARED=gcc 改为: LDSHARED=$(CROSS)gcc
CPP=gcc -E 改为: CPP=$(CROSS)gcc -E
AR=ar rc 改为: AR=$(CROSS)ar rc
开始编译:
make;
make install
(2)编译openssl
cd openssl-0.9.8h
./Configure -prefix=/ssh/install/openssl-0.9.8h os/complier:/usr/local/920t_le/bin/arm_920t_le-gcc
make
Make install
(3) 编译openssh:
cd openssh-4.6p1/
./configure--host=arm-none-linux--with-libs--with-zlib=/ssh/install/zlib-1.2.--with-ssl-dir=/ssh/install/openssl-0.9.8h--disable-etc-default-login CC=/usr/local/920t_le/bin/arm_920t_le-gcc AR=//usr/local/920t_le/bin/arm_920t_le-ar
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /etc/ssh
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: cat
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
Smartcard support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
libedit support: no
Solaris process contract support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -fstack-protector-all -std=gnu99
Preprocessor flags:
Linker flags: -fstack-protector-all
Libraries: -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
make
不要make install
(1) 将 openssh-4.6p1目录下的 sshd copy到nas中的public目录 再链接到 nas的/usr/sbin目录下
(2) copy scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan 到nas 的 /usr/local/bin 目录中
copy sftp-server ssh-keysign 到/usr/local/libexec中
(3) 在nas下:
mkdir -p /usr/local/etc/
然后将openssh下的sshd_config,ssh_config 拷贝到该目录下
mkdir -p /var/empty/sshd
chmod 755 /var/empty
(4)在主机上:
ssh-keygen -t rsa1 -f ssh_host_key -N ""
ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
将生成的ssh_host_* 6个文件copy到nas的/usr/local/etc/目录下
(5) 添加用户
将主机上/etc/目录下的passwd, 中的sshd用户追加到nas的/etc目录中的passwd中(具体代码为:
sshd:x:74:74:Privilege-separatedSSH:/var/empty/sshd:/sbin/nologin )同时将passwd的最后/bin/bash 改为/bin/sh
再将主机中/etc目录下的group文件中的用户也同样追加到nas的/etc目录下的group(sshd:x:74:)文件。
4.测试
在nas中启动sshd服务: /usr/sbin/sshd
用putty 或者再主机中ssh 192.168.1.59
ssh自己
stornas> ssh -v 192.168.1.59
OpenSSH_4.6p1, OpenSSL 0.9.8 05 Jul 2005
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 192.168.1.59 [192.168.1.59] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6
debug1: match: OpenSSH_4.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.59' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@192.168.1.59's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
root@192.168.1.59's password:
ssh别人
stornas> ssh -v 192.168.1.53
OpenSSH_4.6p1, OpenSSL 0.9.8 05 Jul 2005
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 192.168.1.53 [192.168.1.53] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0
debug1: match: OpenSSH_5.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.53' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@192.168.1.53's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Thu Aug 7 11:31:15 2008 from 192.168.1.53
[root@localhost ~]#
5. 在NAS中测试:如果中间出现问题的话,
一、可以将/root/.ssh文件删除再重新启动服务。
二、检查/usr/local/etc/sshd_config文件,看是否配置有问题。 (可能还有其他因素哦。)
附:openssh-5.0p1的移植跟上面的步骤一样,需要的环境支持也是一样。
