用OpenSSH连接TQ2440

       以前一直用nfs 向开发板上copy 文件, 先在Window 中编辑好,然后拖到Vm下的Ubuntu中的nfs目录下,最后才cp命令.实在麻烦,这阵一直在研究boa,忙的慌,昨天终于下定决心把sftp做起来. 终于搞定可以用winSCP连接,图形界面拖拖拽拽．

 

一  移植OpenSSH

 

以下复制于http://my.chinaunix.net/space.php?uid=20282925&do=blog&id=86248

 

1. 下载需要的源码:

    mkdir -p ~/arm/fs ;mkdir -p ~/arm/source
    下载zlib:  wget -c http://www.zlib.net/zlib-1.2.3.tar.gz
    下载ssl:  wget -c http://www.openssl.org/source/openssl-0.9.8d.tar.gz
    下载ssh: wget -c http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz


2.  编译:
    cd ~/arm/source

    (1) 编译zlib:
     tar zxvf zlib-1.2.3.tar.gz -C .
     cd zlib-1.2.3/
     ./configure --prefix=/home/itlanger/arm/fs/zlib-1.2.3
    修改Makefile:
       CC=gcc 改为: 
       CROSS=/usr/local/arm/3.4.1/bin/arm-linux-
       CC=$(CROSS)gcc 
       LDSHARED=gcc 改为: LDSHARED=$(CROSS)gcc
       CPP=gcc -E   改为:  CPP=$(CROSS)gcc -E
       AR=ar rc     改为: AR=$(CROSS)ar rc
  开始编译: make;
           make install

   (2)  编译openssl:
       tar zxvf openssl-0.9.8d.tar.gz
      ./configure --prefix=/home/itlanger/arm/fs/openssl-0.9.8d
     os/compiler:/usr/local/arm/3.4.1/bin/arm-linux-gcc
    make
    make install

   (3) 编译openssh:
      tar zxvf openssh-4.6p1.tar.gz
      cd openssh-4.6p1/
      ./configure --host=arm-linux --with-libs --with-zlib=/home/itlanger/arm/fs/zlib-1.2.3
         --with-ssl-dir=/home/itlanger/arm/fs/openssl-0.9.8d --disable-etc-default-login     
         CC=/usr/local/arm/3.4.1/bin/arm-linux-gcc AR=/usr/local/arm/3.4.1/bin/arm-linux-ar
      make
      ##不要make install

3. 安装
    
    (1) 将 openssh-4.6p1目录下的 sshd 拷贝到 目标板的/usr/sbin目录下
    (2) 再copy scp  sftp  ssh  ssh-add  ssh-agent  ssh-keygen  ssh-keyscan  到目标板/usr/local/bin目录下
            copy sftp-server  ssh-keysign    到/usr/local/libexec
       
    (3) 在目标板下：
        mkdir -p /usr/local/etc/  
        然后将openssh下的sshd_config,ssh_config 拷贝到该目录下

        mkdir -p /var/run; mkdir -p /var/empty/sshd 
        chmod 755 /var/empty     
    （4）在主机上：
         ssh-keygen -t rsa1 -f ssh_host_key -N ""
         ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
         ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
        将生存的 ssh_host_* 4个文件copy到目标板的 /usr/local/etc/目录下
     (5) 添加用户:
    将主机上 /etc/目下的 passwd, shadow, group 三个文件copy到目标板的 /etc目录下， 同时记得将passwd的最后 /bin/bash 该为 /bin/sh 
      其实可以删除不需要的一些用户。
      这一步也可以这样，在目标板的passwd中添加sshd用户:
      sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
      在shadow中也添加对应的项就行了:
      sshd:!:14069:0:99999:7:::
     
4.测试
     目标板启动sshd:  # /usr/sbin/sshd
     主机: $  ssh -v root@192.168.0.34


－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
下边进行免密码登录设置：
cp(主机） root/.ssh/id_dsa.pub 到 （开发板）/.ssh/authorized_keys


－－－－－－－－－－－－－－－--------－－－－－－－－－－－－－－－－－－－－－－－－－－－－
如何让板子开机以后自动启动sshd服务：

添加:/etc/rc.d/init.d/sshd

#!/bin/sh                                                                       
                                                                                
base=sshd                                                                       
                                                                                
# See how we were called.                                                       
case "$1" in                                                                    
  start)                                                                        
                /sbin/$base                                                     
        ;;                                                                      
  stop)                                                                         
        pid=`/bin/pidof $base`                                                  
        if [ -n "$pid" ]; then                                                  
                kill -9 $pid                                                    
        fi                                                                      
        ;;                                                                      
esac                  

在更改/etc/init.d/rcS,添加：

mkdir -p /var/empty/sshd
/etc/rc.d/init.d/sshd start

然后重启机器

 

二 配置sftp

   网上的很多方法,大多是说怎么固定在一个目录下,我不需要这个,弄了半天,winSCP连不上,后来直接把Joggler中文系统中人家做好的sshd_config复制过来,改下路径,搞定了 哈哈

    

# Package generated configuration file

# See the sshd(8) manpage for details

 

# What ports, IPs and protocols we listen for

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes

 

# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 768

 

# Logging

SyslogFacility AUTH

LogLevel INFO

 

# Authentication:

LoginGraceTime 120

PermitRootLogin yes

StrictModes yes

 

RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile %h/.ssh/authorized_keys

 

# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes

 

# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no

 

# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no

 

# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes

 

# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

 

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

 

X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no

 

#MaxStartups 10:30:60

#Banner /etc/issue.net

 

# Allow client to pass locale environment variables

AcceptEnv LANG LC_*

 

Subsystem sftp /usr/local/libexec/sftp-server