目的是实现远程对2416的管理配置和文件拷贝。
一 首先下载三个文件:openssh-4.6p1 openssl-0.9.8d zlib-1.2.3
由于网络原因,源码未能从官网下载到,所以google下载的,推荐个国内google:(不知到能用多久)
https://www.gotosearch.info/
二 编译配置
1 编译zlib:
解压 tar zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure --prefix=/home/hakits/shen_cloud/arm/fs/zlib-1.2.3
CC=gcc 改为:
CROSS=/usr/local/arm/3.4.1/bin/arm-linux-
CC=$(CROSS)gcc
LDSHARED=gcc 改为:
LDSHARED=$(CROSS)gcc
CPP=gcc -E 改为
: CPP=$(CROSS)gcc -E
AR=ar rc 改为:
AR=$(CROSS)ar rc
开始编译: make;
make install
2 编译openssl:
解压 tar xzvf openssl-0.9.8d.tar.gz
cd openssl-0.9.8d
./Configure --prefix=/home/hakits/shen_cloud/arm/fs/openssl-0.9.8d os/compiler:/opt/EmbedSky/4.3.3/bin/arm-linux-gccmake
make install
3 编译openssh:
tar zxvf openssh-4.6p1.tar.gz
cd openssh-4.6p1
./configure --host=arm-linux --with-libs --with-zlib=/home/hakits/shen_cloud/arm/fs/zlib-1.2.3 --with-ssl-dir=/home/hakits/shen_cloud/arm/fs/openssl-0.9.8d --disable-etc-default-login CC=/opt/EmbedSky/4.3.3/bin/arm-linux-gcc AR=/opt/EmbedSky/4.3.3/bin/arm-linux-ar
make
#不要 make install
三 安装到开发板上,我是用的tftp的方式传到开发板上的
1 将 openssh-4.6p1目录下的 sshd 拷贝到 目标板的/usr/sbin目录下
2 再copy scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan 到目标板/usr/local/bin目录下
copy sftp-server ssh-keysign 到/usr/local/libexec
3 在目标板下:
mkdir -p /usr/local/etc/
然后将openssh下的sshd_config,ssh_config 拷贝到该目录下
mkdir -p /var/run; mkdir -p /var/empty/sshd chmod 755 /var/empty
ssh-keygen -t rsa1 -f ssh_host_key -N ""
ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
将生存的 ssh_host_* 6个文件copy到目标板的 /usr/local/etc/目录下
注意:
#chmod 600 sshd_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key #chmod 644 ssh_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub否则启动sshd的时候报错:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/usr/local/etc/ssh_host_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /usr/local/etc/ssh_host_key Could not load host key: /usr/local/etc/ssh_host_key
5 添加用户:
将主机上 /etc/目下的 passwd, shadow, group 三个文件中有关ssh的用户信息拷贝到开发板相应文件下
四 测试
目标板启动sshd: # /usr/sbin/sshd
主机: $ ssh -v root@192.168.0.190
给开发板root用户添加密码:passwd root
设置开机启动:
# vi /etc/init.d/rcS
/ mkdir -p /var/empty/sshd /usr/sbin/sshd
网上找的还没实验过
# Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/local/libexec/sftp-server
原文地址:http://blog.csdn.net/hanglinux/article/details/45242055