嵌入式linux轻量级sshd服务工具Dropbear移植
单于经纬
介绍
往往考虑到嵌入式系统内存空间小的问题,生成的dropbear大小只有几百kb的大小,所以经常适用于嵌入式系统。需要注意的是dropbear只能使用scp上传文件, 不能使用sftp,若需要支持sftp,还需要用openssl编译生成的sftp-server来支持sftp。
编译流程
dropbear源码:https://matt.ucc.asn.au/dropbear/dropbear.html
zlib源码: http://zlib.net/
1. 编译zlib
#表示注释
$表示命令行
# 下载源码
$ wget http://zlib.net/zlib-1.2.11.tar.gz
$ tar -zxvf zlib-1.2.11.tar.gz
# 创建安装目录install
$ mkdir install
$ ls
install zlib-1.2.11 zlib-1.2.11.tar.g
$ cd zlib-1.2.11
# 查看帮助文档
$ ./configure --help
usage:
configure [--const] [--zprefix] [--prefix=PREFIX] [--eprefix=EXPREFIX]
[--static] [--64] [--libdir=LIBDIR] [--sharedlibdir=LIBDIR]
[--includedir=INCLUDEDIR] [--archs="-arch i386 -arch x86_64"]
# 这里并没有提示类似--host,--cross_complie之类方便指定交叉编译工具链的选项
# --prefix=PREFIX 指定安装路径
# --static 编译静态库, 注意这里最好编译动态库,不要选--static
# 编译静态库时,在后面配置dropbear时可能会报"checking for deflate in -lz... no"这样的错误
# ./configure --prefix=`pwd`/../install --static
# 编译动态库
$ ./configure --prefix=`pwd`/../install
# 运行configure之后,打开生成的makefile,可以从中找到关键的CC,CPP这些和交叉编译有关的地方,修改成自己的交叉编译工具,如
# CC=arm-linux-gcc
# CPP=arm-linux-gcc -E
# AR=arm-linux-ar
# RANLIB=arm-linux-ranlib
# LDSHARED=arm-linux-gcc
# 注意在make之前要将交叉编译工具的路径添加到当前的shell环境中,可以命令export=$PATH:交叉编译工具的路径
# 或者使用厂家提供的sdk中的source来设置交叉编译工具的环境,如果先用这种方式设置环境,再使用configure,一般都不必再修改Makefile了
# 编译和安装
make
make install
# 编译安装结果
$ ls ../install/
include lib share
2. 编译dropbear
#表示注释
$表示命令行
# 下载源码
$ wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2020.81.tar.bz2
# 解压
$ tar -jxvf dropbear-2020.81.tar.bz2
# 创建安装路径
mkdir install
$ ls
install dropbear-2020.81 dropbear-2020.81.tar.bz2
$ cd dropbear-2020.81
# 查看编译帮助文档
$ ./configure --help
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-static Build static binaries
--disable-harden Don't set hardened build flags
--disable-largefile omit support for large files
--disable-zlib Don't include zlib support
--enable-pam Try to include PAM support
--disable-openpty Don't use openpty, use alternative method
--disable-syslog Don't include syslog support
--disable-shadow Don't use shadow passwords (if available)
--enable-plugin Enable support for External Public Key Authentication plug-in
--enable-fuzz Build fuzzing. Not recommended for deployment.
--enable-bundled-libtom Force using bundled libtomcrypt/libtommath even if a system version exists.
--disable-bundled-libtom Force using system libtomcrypt/libtommath, fail if it does not exist.
Default is to use system if available, otherwise bundled.
Dropbear requires system libtommath >= 1.2.0 and libtomcrypt >= 1.18.0
--disable-lastlog Disable use of lastlog even if detected no
--disable-utmp Disable use of utmp even if detected no
--disable-utmpx Disable use of utmpx even if detected no
--disable-wtmp Disable use of wtmp even if detected no
--disable-wtmpx Disable use of wtmpx even if detected no
--disable-loginfunc Disable use of login() etc. no
--disable-pututline Disable use of pututline() etc. (uwtmp) no
--disable-pututxline Disable use of pututxline() etc. (uwtmpx) no
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-zlib=PATH Use zlib in PATH
--with-pam=PATH Use pam in PATH
--with-lastlog=FILE|DIR specify lastlog location common locations
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
CXX C++ compiler command
CXXFLAGS C++ compiler flags
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to the package provider.
# 配置
# configure --prefix=安装路径 --host=arm CC=交叉编译链gcc名称 --with-zlib=zlib安装路径
# 安装路径最后使用绝对路径
$ ./configure --prefix=/opt/dropbear/install --host=arm CC=arm-linux-gcc --with-zlib=/opt/zlib/install
# 编译
$ make
$ make scp
# 编译出来的scp在dropbear的源码目录下,而非安装--prefix=/opt/dropbear/install目录下
$ make install
# 注,编译完成后可以使用arm-linux-strip工具去除调试信息, 对.so同样适用, 这样优化后能减小文件大小,对嵌入式系统很有用, 比如:
$ arm-linux-strip scp
3. 移植
- 将scp复制到/usr/bin
- 将/opt/dropbear/install下的文件复制到相应的/usr/bin, /usr/sbin下面
- 在/etc目录下面创建dropbear,注意这一个目录一定要有
mkdir -p /etc/dropbear
4. 运行
#表示注释
$表示命令行
# 查看版本及命令
$ /usr/sbin/dropbear -V
$ /usr/sbin/dropbear -h
# 需要注意一个选项-R, 使用这个选项可以不必立刻生成hostkey,会在需要的时候自动生成
# 运行,为了方便,最好添加到自启动中, 自启动的方法就不这里赘述了
$ /usr/sbin/dropbear -R
# 也可以先生成dropbear_rsa_host_key, 放到/etc/dropbear/下, 生成一次就够了
$ dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
$ dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
# 运行
$ /usr/sbin/dropbear
5. 移植sftp-server
源码地址:https://www.openssh.com/portable.html
# 下载
$ wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
$ tar -zxvf openssh-8.6p1.tar.gz
$ mkdir install
$ cd openssh-8.6p1
# ./configure --host=arm-linux --with-zlib=zlib安装路径
$./configure --host=arm-linux --with-zlib=/opt/zlib/install
# 编译sft-server
make sftp-server
# 利用arm-linux-strip减小sftp-server文件大小
$ arm-linux-strip sftp-server
# 利用arm-linux-readelf查看sftp-server的依赖库
# arm-linux-readelf -d sftp-server
Dynamic section at offset 0x1dc60 contains 29 entries:
Tag Type Name/Value
0x00000003 (PLTGOT) 0x1edb8
0x00000002 (PLTRELSZ) 1144 (bytes)
0x00000017 (JMPREL) 0x17c4
0x00000014 (PLTREL) REL
0x00000011 (REL) 0x1364
0x00000012 (RELSZ) 1120 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffa (RELCOUNT) 131
0x00000015 (DEBUG) 0x0
0x00000006 (SYMTAB) 0x1cc
0x0000000b (SYMENT) 16 (bytes)
0x00000005 (STRTAB) 0xb5c
0x0000000a (STRSZ) 1553 (bytes)
0x6ffffef5 (GNU_HASH) 0x1170
0x00000001 (NEEDED) Shared library: [libcrypto.so.1.0.0]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x00000001 (NEEDED) Shared library: [ld-linux.so.3]
0x0000000c (INIT) 0x1c3c
0x0000000d (FINI) 0x19c54
0x00000019 (INIT_ARRAY) 0x1ec54
0x0000001b (INIT_ARRAYSZ) 4 (bytes)
0x0000001a (FINI_ARRAY) 0x1ec58
0x0000001c (FINI_ARRAYSZ) 4 (bytes)
0x0000001e (FLAGS) BIND_NOW
0x6ffffffb (FLAGS_1) Flags: NOW
0x6ffffff0 (VERSYM) 0x11a0
0x6ffffffe (VERNEED) 0x12d4
0x6fffffff (VERNEEDNUM) 3
0x00000000 (NULL) 0x0
将sftp-server复制到开发板的/usr/libexec/目录下, 同时将sftp-server以来的库复制到/usr/lib/目录下
类似资料: