一、配置环境
# 设置交叉编译环境变量
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=${CROSS_COMPILE}gcc
export CXX=${CROSS_COMPILE}g++
export AR=${CROSS_COMPILE}ar
export STRIP=${CROSS_COMPILE}strip
export PATH="/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin:$PATH"
# 设置目标系统路径
export DROPBEAR_INSTALL_DIR="/hdd/Workspace/VS839_SysDeps/output/dropbear"
mkdir -p $DROPBEAR_INSTALL_DIR
二、编译Dropbear
# 1. 下载Dropbear源码
wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2022.83.tar.bz2
tar -xjf dropbear-2022.83.tar.bz2
cd dropbear-2022.83
# 2. 配置编译选项
./configure \
--host=aarch64-linux-gnu \
--prefix=/usr \
--disable-zlib \
--disable-pam \
--disable-lastlog \
--disable-utmp \
--disable-utmpx \
--disable-wtmp \
--disable-wtmpx \
--disable-loginfunc \
--disable-pututline \
--disable-pututxline
# 3. 编译
make PROGRAMS="dropbear dbclient dropbearkey scp"
# 4. 安装到目标文件系统
make DESTDIR=$DROPBEAR_INSTALL_DIR install
三、板端配置Dropbear
# 在目标文件系统中创建必要的目录
mkdir -p /etc/dropbear
mkdir -p /var/log
# 生成主机密钥(在开发板上执行)
# 将以下命令添加到开发板的启动脚本中
cat > /etc/init.d/dropbear << 'EOF'
#!/bin/sh
case "$1" in
start)
echo "Starting dropbear SSH daemon..."
# 生成主机密钥(如果不存在)
[ ! -f /etc/dropbear/dropbear_rsa_host_key ] && dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
[ ! -f /etc/dropbear/dropbear_dss_host_key ] && dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
[ ! -f /etc/dropbear/dropbear_ecdsa_host_key ] && dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
# 启动dropbear
dropbear -R
;;
stop)
echo "Stopping dropbear SSH daemon..."
killall dropbear
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/dropbear
四、OpenSSL
tar -xzf openssl-1.1.1w.tar.gz
# 注意:不要和上述的Dropbear配置的CC重复了
unset CC CXX AR STRIP CROSS_COMPILE
# 设置交叉编译工具链环境变量
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=${CROSS_COMPILE}gcc
export CXX=${CROSS_COMPILE}g++
export AR=${CROSS_COMPILE}ar
export RANLIB=${CROSS_COMPILE}ranlib
export STRIP=${CROSS_COMPILE}strip
export PATH="/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin:$PATH"
# 设置安装目录
export OPENSSL_INSTALL_DIR="/hdd/Workspace/VS839_SysDeps/output/openssl"
mkdir -p $OPENSSL_INSTALL_DIR
./Configure linux-aarch64 \
--prefix=$OPENSSL_INSTALL_DIR \
--openssldir=$OPENSSL_INSTALL_DIR/ssl \
CC=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-gcc \
CXX=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-g++ \
AR=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-ar \
RANLIB=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-ranlib \
no-tests \
no-fuzz-libfuzzer \
no-fuzz-afl \
no-async \
no-egd \
no-ui-console \
no-dso \
no-sock \
no-dgram \
no-hw \
no-weak-ssl-ciphers
# 编译OpenSSL
make -j8
# 安装到指定目录
make install_sw
SFTP
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
tar -xzf openssh-9.0p1.tar.gz
cd openssh-9.0p1
# 设置交叉编译环境
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=${CROSS_COMPILE}gcc
export CXX=${CROSS_COMPILE}g++
export AR=${CROSS_COMPILE}ar
export STRIP=${CROSS_COMPILE}strip
export RANLIB=${CROSS_COMPILE}ranlib
export PATH="/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin:$PATH"
# 设置OpenSSL路径
export OPENSSL_ROOT="/hdd/Workspace/VS839_SysDeps/output/openssl"
export PKG_CONFIG_PATH="$OPENSSL_ROOT/lib/pkgconfig:$PKG_CONFIG_PATH"
# 设置输出目录
export OUTPUT_DIR="/hdd/Workspace/VS839_SysDeps/output/openssh"
# 配置configure选项,重点关注禁用zlib和指定OpenSSL路径
./configure \
--host=aarch64-linux-gnu \
--target=aarch64-linux-gnu \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--with-ssl-dir=$OPENSSL_ROOT \
--with-ssl-engine \
--without-zlib \
--without-zlib-version-check \
--disable-etc-default-login \
--disable-lastlog \
--disable-utmp \
--disable-utmpx \
--disable-wtmp \
--disable-wtmpx \
--disable-libutil \
--disable-pututline \
--disable-pututxline \
--without-pam \
--without-shadow \
--without-tcp-wrappers \
--without-libedit \
--without-kerberos5 \
--without-selinux \
--with-cflags="-I$OPENSSL_ROOT/include" \
--with-ldflags="-L$OPENSSL_ROOT/lib"
# 只编译我们需要的sftp-server
make sftp-server
# 检查编译出的sftp-server
ls -la sftp-server
file sftp-server
# 创建输出目录结构
mkdir -p $OUTPUT_DIR/usr/libexec
mkdir -p $OUTPUT_DIR/usr/bin
# 复制编译结果
cp sftp-server $OUTPUT_DIR/usr/libexec/
${CROSS_COMPILE}strip $OUTPUT_DIR/usr/libexec/sftp-server
# 如果需要sftp客户端,也可以编译
# make sftp
# cp sftp $OUTPUT_DIR/usr/bin/
# 检查最终文件
ls -la $OUTPUT_DIR/usr/libexec/sftp-server
