当前位置: 首页 > 工具软件 > dropbear > 使用案例 >

嵌入式linux轻量级sshd服务工具Dropbear移植

单于经纬
2023-12-01

介绍

  往往考虑到嵌入式系统内存空间小的问题,生成的dropbear大小只有几百kb的大小,所以经常适用于嵌入式系统。需要注意的是dropbear只能使用scp上传文件, 不能使用sftp,若需要支持sftp,还需要用openssl编译生成的sftp-server来支持sftp。

编译流程

dropbear源码:https://matt.ucc.asn.au/dropbear/dropbear.html
zlib源码: http://zlib.net/

1. 编译zlib

#表示注释
$表示命令行

# 下载源码
$ wget http://zlib.net/zlib-1.2.11.tar.gz
$ tar -zxvf zlib-1.2.11.tar.gz

# 创建安装目录install
$ mkdir install
$ ls
install  zlib-1.2.11  zlib-1.2.11.tar.g
$ cd zlib-1.2.11

# 查看帮助文档
$ ./configure --help
usage:
  configure [--const] [--zprefix] [--prefix=PREFIX]  [--eprefix=EXPREFIX]
    [--static] [--64] [--libdir=LIBDIR] [--sharedlibdir=LIBDIR]
    [--includedir=INCLUDEDIR] [--archs="-arch i386 -arch x86_64"]
# 这里并没有提示类似--host,--cross_complie之类方便指定交叉编译工具链的选项
# --prefix=PREFIX 指定安装路径
# --static 编译静态库, 注意这里最好编译动态库,不要选--static
# 编译静态库时,在后面配置dropbear时可能会报"checking for deflate in -lz... no"这样的错误
# ./configure --prefix=`pwd`/../install --static

# 编译动态库
$ ./configure --prefix=`pwd`/../install

# 运行configure之后,打开生成的makefile,可以从中找到关键的CC,CPP这些和交叉编译有关的地方,修改成自己的交叉编译工具,如
# CC=arm-linux-gcc
# CPP=arm-linux-gcc -E
# AR=arm-linux-ar
# RANLIB=arm-linux-ranlib
# LDSHARED=arm-linux-gcc
# 注意在make之前要将交叉编译工具的路径添加到当前的shell环境中,可以命令export=$PATH:交叉编译工具的路径
# 或者使用厂家提供的sdk中的source来设置交叉编译工具的环境,如果先用这种方式设置环境,再使用configure,一般都不必再修改Makefile了

# 编译和安装
make
make install

# 编译安装结果
$ ls ../install/
include  lib  share

2. 编译dropbear

#表示注释
$表示命令行

# 下载源码
$ wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2020.81.tar.bz2

# 解压
$ tar -jxvf dropbear-2020.81.tar.bz2

# 创建安装路径
mkdir install
$ ls
install dropbear-2020.81  dropbear-2020.81.tar.bz2
$ cd dropbear-2020.81
# 查看编译帮助文档
$ ./configure --help
`configure' configures this package to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
  -q, --quiet, --silent   do not print `checking ...' messages
      --cache-file=FILE   cache test results in FILE [disabled]
  -C, --config-cache      alias for `--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR [configure dir or `..']

Installation directories:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [/usr/local]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [PREFIX]

By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc.  You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.

For better control, use the options below.

Fine tuning of the installation directories:
  --bindir=DIR            user executables [EPREFIX/bin]
  --sbindir=DIR           system admin executables [EPREFIX/sbin]
  --libexecdir=DIR        program executables [EPREFIX/libexec]
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
  --infodir=DIR           info documentation [DATAROOTDIR/info]
  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
  --mandir=DIR            man documentation [DATAROOTDIR/man]
  --docdir=DIR            documentation root [DATAROOTDIR/doc/PACKAGE]
  --htmldir=DIR           html documentation [DOCDIR]
  --dvidir=DIR            dvi documentation [DOCDIR]
  --pdfdir=DIR            pdf documentation [DOCDIR]
  --psdir=DIR             ps documentation [DOCDIR]

System types:
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-static         Build static binaries
  --disable-harden        Don't set hardened build flags
  --disable-largefile     omit support for large files
  --disable-zlib          Don't include zlib support
  --enable-pam            Try to include PAM support
  --disable-openpty       Don't use openpty, use alternative method
  --disable-syslog        Don't include syslog support
  --disable-shadow        Don't use shadow passwords (if available)
  --enable-plugin         Enable support for External Public Key Authentication plug-in
  --enable-fuzz           Build fuzzing. Not recommended for deployment.
  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
  --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
                                Default is to use system if available, otherwise bundled.
                                Dropbear requires system libtommath >= 1.2.0 and libtomcrypt >= 1.18.0
  --disable-lastlog       Disable use of lastlog even if detected no
  --disable-utmp          Disable use of utmp even if detected no
  --disable-utmpx         Disable use of utmpx even if detected no
  --disable-wtmp          Disable use of wtmp even if detected no
  --disable-wtmpx         Disable use of wtmpx even if detected no
  --disable-loginfunc     Disable use of login() etc. no
  --disable-pututline     Disable use of pututline() etc. (uwtmp) no
  --disable-pututxline    Disable use of pututxline() etc. (uwtmpx) no

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-zlib=PATH        Use zlib in PATH
  --with-pam=PATH        Use pam in PATH
  --with-lastlog=FILE|DIR specify lastlog location common locations

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  LIBS        libraries to pass to the linker, e.g. -l<library>
  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
              you have headers in a nonstandard directory <include dir>
  CPP         C preprocessor
  CXX         C++ compiler command
  CXXFLAGS    C++ compiler flags

Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.

Report bugs to the package provider.

# 配置
# configure --prefix=安装路径 --host=arm CC=交叉编译链gcc名称 --with-zlib=zlib安装路径
# 安装路径最后使用绝对路径
$ ./configure --prefix=/opt/dropbear/install --host=arm CC=arm-linux-gcc --with-zlib=/opt/zlib/install

# 编译 
$ make
$ make scp
# 编译出来的scp在dropbear的源码目录下,而非安装--prefix=/opt/dropbear/install目录下
$ make install

# 注,编译完成后可以使用arm-linux-strip工具去除调试信息, 对.so同样适用, 这样优化后能减小文件大小,对嵌入式系统很有用, 比如:
$ arm-linux-strip scp

3. 移植

  1. 将scp复制到/usr/bin
  2. 将/opt/dropbear/install下的文件复制到相应的/usr/bin, /usr/sbin下面
  3. 在/etc目录下面创建dropbear,注意这一个目录一定要有
mkdir -p /etc/dropbear

4. 运行

#表示注释
$表示命令行

# 查看版本及命令
$ /usr/sbin/dropbear -V
$ /usr/sbin/dropbear -h

# 需要注意一个选项-R, 使用这个选项可以不必立刻生成hostkey,会在需要的时候自动生成
# 运行,为了方便,最好添加到自启动中, 自启动的方法就不这里赘述了
$ /usr/sbin/dropbear -R

# 也可以先生成dropbear_rsa_host_key, 放到/etc/dropbear/下, 生成一次就够了
$ dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
$ dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
# 运行
$ /usr/sbin/dropbear

5. 移植sftp-server

源码地址:https://www.openssh.com/portable.html

# 下载
$ wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
$ tar -zxvf openssh-8.6p1.tar.gz
$ mkdir install
$ cd openssh-8.6p1
# ./configure --host=arm-linux --with-zlib=zlib安装路径
$./configure --host=arm-linux --with-zlib=/opt/zlib/install

# 编译sft-server
make sftp-server

# 利用arm-linux-strip减小sftp-server文件大小
$ arm-linux-strip sftp-server

# 利用arm-linux-readelf查看sftp-server的依赖库
# arm-linux-readelf -d sftp-server
Dynamic section at offset 0x1dc60 contains 29 entries:
  Tag        Type                         Name/Value
 0x00000003 (PLTGOT)                     0x1edb8
 0x00000002 (PLTRELSZ)                   1144 (bytes)
 0x00000017 (JMPREL)                     0x17c4
 0x00000014 (PLTREL)                     REL
 0x00000011 (REL)                        0x1364
 0x00000012 (RELSZ)                      1120 (bytes)
 0x00000013 (RELENT)                     8 (bytes)
 0x6ffffffa (RELCOUNT)                   131
 0x00000015 (DEBUG)                      0x0
 0x00000006 (SYMTAB)                     0x1cc
 0x0000000b (SYMENT)                     16 (bytes)
 0x00000005 (STRTAB)                     0xb5c
 0x0000000a (STRSZ)                      1553 (bytes)
 0x6ffffef5 (GNU_HASH)                   0x1170
 0x00000001 (NEEDED)                     Shared library: [libcrypto.so.1.0.0]
 0x00000001 (NEEDED)                     Shared library: [libc.so.6]
 0x00000001 (NEEDED)                     Shared library: [ld-linux.so.3]
 0x0000000c (INIT)                       0x1c3c
 0x0000000d (FINI)                       0x19c54
 0x00000019 (INIT_ARRAY)                 0x1ec54
 0x0000001b (INIT_ARRAYSZ)               4 (bytes)
 0x0000001a (FINI_ARRAY)                 0x1ec58
 0x0000001c (FINI_ARRAYSZ)               4 (bytes)
 0x0000001e (FLAGS)                      BIND_NOW
 0x6ffffffb (FLAGS_1)                    Flags: NOW
 0x6ffffff0 (VERSYM)                     0x11a0
 0x6ffffffe (VERNEED)                    0x12d4
 0x6fffffff (VERNEEDNUM)                 3
 0x00000000 (NULL)                       0x0

将sftp-server复制到开发板的/usr/libexec/目录下, 同时将sftp-server以来的库复制到/usr/lib/目录下

 类似资料: