服务器评测
以前一直用nfs 向开发板上copy 文件, 先在Window 中编辑好,然后拖到Vm下的Ubuntu中的nfs目录下,最后才cp命令.实在麻烦,这阵一直在研究boa,忙的慌,昨天终于下定决心把sftp做起来. 终于搞定可以用winSCP连接,图形界面拖拖拽拽.
一 移植OpenSSH
1. 下载需要的源码:
mkdir -p ~/arm/fs ;mkdir -p ~/arm/source
下载zlib: wget -c http://google-desktop-for-linux-mirror.googlecode.com/files/zlib-1.2.3.tar.gz
下载ssl: wget -c http://www.openssl.org/source/openssl-0.9.8d.tar.gz
下载ssh: wget -c http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz
2. 编译:
cd ~/arm/source
(1) 编译zlib:
tar zxvf zlib-1.2.3.tar.gz -C .
cd zlib-1.2.3/
./configure –prefix=/home/itlanger/arm/fs/zlib-1.2.3
修改Makefile:
CC=gcc 改为:
CROSS=/usr/local/arm/3.4.1/bin/arm-linux-
CC=$(CROSS)gcc
LDSHARED=gcc 改为: LDSHARED=$(CROSS)gcc
CPP=gcc -E 改为: CPP=$(CROSS)gcc -E
AR=ar rc 改为: AR=$(CROSS)ar rc
开始编译: make;
make install
(2) 编译openssl:
tar zxvf openssl-0.9.8d.tar.gz
./configure –prefix=/home/itlanger/arm/fs/openssl-0.9.8d
os/compiler:/usr/local/arm/3.4.1/bin/arm-linux-gcc
make
make install
(3) 编译openssh:
tar zxvf openssh-4.6p1.tar.gz
cd openssh-4.6p1/
./configure –host=arm-linux –with-libs –with-zlib=/home/itlanger/arm/fs/zlib-1.2.3
–with-ssl-dir=/home/itlanger/arm/fs/openssl-0.9.8d –disable-etc-default-login
CC=/usr/local/arm/3.4.1/bin/arm-linux-gcc AR=/usr/local/arm/3.4.1/bin/arm-linux-ar
make
##不要make install
3. 安装
(1) 将 openssh-4.6p1目录下的 sshd 拷贝到 目标板的/usr/sbin目录下
(2) 再copy scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan 到目标板/usr/local/bin目录下
copy sftp-server ssh-keysign 到/usr/local/libexec
(3) 在目标板下:
mkdir -p /usr/local/etc/
然后将openssh下的sshd_config,ssh_config 拷贝到该目录下
mkdir -p /var/run; mkdir -p /var/empty/sshd
chmod 755 /var/empty
(4)在主机上:
ssh-keygen -t rsa1 -f ssh_host_key -N “”
ssh-keygen -t rsa -f ssh_host_rsa_key -N “”
ssh-keygen -t dsa -f ssh_host_dsa_key -N “”
将生存的 ssh_host_* 4个文件copy到目标板的 /usr/local/etc/目录下
(5) 添加用户:
将主机上 /etc/目下的 passwd, shadow, group 三个文件copy到目标板的 /etc目录下, 同时记得将passwd的最后 /bin/bash 该为 /bin/sh
其实可以删除不需要的一些用户。
这一步也可以这样,在目标板的passwd中添加sshd用户:
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
在shadow中也添加对应的项就行了:
sshd:!:14069:0:99999:7:::
4.测试
目标板启动sshd: # /usr/sbin/sshd
主机: $ ssh -v root@192.168.0.34
------------------------------------------------
下边进行免密码登录设置:
cp(主机) root/.ssh/id_dsa.pub 到 (开发板)/.ssh/authorized_keys
---------------——–----------------------------
添加:/etc/rc.d/init.d/sshd
#!/bin/sh
base=sshd
# See how we were called.
case “$1” in
start)
/sbin/$base
;;
stop)
pid=`/bin/pidof $base`
if [ -n “$pid” ]; then
kill -9 $pid
fi
;;
esac
在更改/etc/init.d/rcS,添加:
mkdir -p /var/empty/sshd
/etc/rc.d/init.d/sshd start
然后重启机器
二 配置sftp
网上的很多方法,大多是说怎么固定在一个目录下,我不需要这个,弄了半天,winSCP连不上,后来直接把Joggler中文系统中人家做好的sshd_config复制过来,改下路径,搞定了 哈哈
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don’t read the user’s ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don’t trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/local/libexec/sftp-server
