嵌入式Linux 移植 SSH & SFTP

发布于 2025-09-18  311 次阅读

一、配置环境

# 设置交叉编译环境变量
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=${CROSS_COMPILE}gcc
export CXX=${CROSS_COMPILE}g++
export AR=${CROSS_COMPILE}ar
export STRIP=${CROSS_COMPILE}strip
export PATH="/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin:$PATH"

# 设置目标系统路径
export DROPBEAR_INSTALL_DIR="/hdd/Workspace/VS839_SysDeps/output/dropbear"
mkdir -p $DROPBEAR_INSTALL_DIR

二、编译Dropbear

# 1. 下载Dropbear源码
wget https://matt.ucc.asn.au/dropbear/releases/dropbear-2022.83.tar.bz2
tar -xjf dropbear-2022.83.tar.bz2
cd dropbear-2022.83

# 2. 配置编译选项
./configure \
    --host=aarch64-linux-gnu \
    --prefix=/usr \
    --disable-zlib \
    --disable-pam \
    --disable-lastlog \
    --disable-utmp \
    --disable-utmpx \
    --disable-wtmp \
    --disable-wtmpx \
    --disable-loginfunc \
    --disable-pututline \
    --disable-pututxline

# 3. 编译
make PROGRAMS="dropbear dbclient dropbearkey scp"

# 4. 安装到目标文件系统
make DESTDIR=$DROPBEAR_INSTALL_DIR install

三、板端配置Dropbear

# 在目标文件系统中创建必要的目录
mkdir -p /etc/dropbear
mkdir -p /var/log

# 生成主机密钥(在开发板上执行)
# 将以下命令添加到开发板的启动脚本中
cat > /etc/init.d/dropbear << 'EOF'
#!/bin/sh

case "$1" in
  start)
    echo "Starting dropbear SSH daemon..."
    # 生成主机密钥(如果不存在)
    [ ! -f /etc/dropbear/dropbear_rsa_host_key ] && dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
    [ ! -f /etc/dropbear/dropbear_dss_host_key ] && dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
    [ ! -f /etc/dropbear/dropbear_ecdsa_host_key ] && dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key

    # 启动dropbear
    dropbear -R
    ;;
  stop)
    echo "Stopping dropbear SSH daemon..."
    killall dropbear
    ;;
  *)
    echo "Usage: $0 {start|stop}"
    exit 1
    ;;
esac
EOF

chmod +x /etc/init.d/dropbear

四、OpenSSL

tar -xzf openssl-1.1.1w.tar.gz

# 注意:不要和上述的Dropbear配置的CC重复了
unset CC CXX AR STRIP CROSS_COMPILE
# 设置交叉编译工具链环境变量
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=${CROSS_COMPILE}gcc
export CXX=${CROSS_COMPILE}g++
export AR=${CROSS_COMPILE}ar
export RANLIB=${CROSS_COMPILE}ranlib
export STRIP=${CROSS_COMPILE}strip
export PATH="/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin:$PATH"

# 设置安装目录
export OPENSSL_INSTALL_DIR="/hdd/Workspace/VS839_SysDeps/output/openssl"
mkdir -p $OPENSSL_INSTALL_DIR

./Configure linux-aarch64 \
    --prefix=$OPENSSL_INSTALL_DIR \
    --openssldir=$OPENSSL_INSTALL_DIR/ssl \
    CC=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-gcc \
    CXX=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-g++ \
    AR=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-ar \
    RANLIB=/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin/aarch64-linux-gnu-ranlib \
    no-tests \
    no-fuzz-libfuzzer \
    no-fuzz-afl \
    no-async \
    no-egd \
    no-ui-console \
    no-dso \
    no-sock \
    no-dgram \
    no-hw \
    no-weak-ssl-ciphers

# 编译OpenSSL
make -j8

# 安装到指定目录
make install_sw

SFTP

wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

tar -xzf openssh-9.0p1.tar.gz
cd openssh-9.0p1

# 设置交叉编译环境
export CROSS_COMPILE=aarch64-linux-gnu-
export CC=${CROSS_COMPILE}gcc
export CXX=${CROSS_COMPILE}g++
export AR=${CROSS_COMPILE}ar
export STRIP=${CROSS_COMPILE}strip
export RANLIB=${CROSS_COMPILE}ranlib
export PATH="/hdd/System/VS819L/vs-linux/x86-arm/gcc-linaro-7.5.0-aarch64-linux-gnu/bin:$PATH"

# 设置OpenSSL路径
export OPENSSL_ROOT="/hdd/Workspace/VS839_SysDeps/output/openssl"
export PKG_CONFIG_PATH="$OPENSSL_ROOT/lib/pkgconfig:$PKG_CONFIG_PATH"

# 设置输出目录
export OUTPUT_DIR="/hdd/Workspace/VS839_SysDeps/output/openssh"

# 配置configure选项,重点关注禁用zlib和指定OpenSSL路径
./configure \
    --host=aarch64-linux-gnu \
    --target=aarch64-linux-gnu \
    --prefix=/usr \
    --sysconfdir=/etc/ssh \
    --with-ssl-dir=$OPENSSL_ROOT \
    --with-ssl-engine \
    --without-zlib \
    --without-zlib-version-check \
    --disable-etc-default-login \
    --disable-lastlog \
    --disable-utmp \
    --disable-utmpx \
    --disable-wtmp \
    --disable-wtmpx \
    --disable-libutil \
    --disable-pututline \
    --disable-pututxline \
    --without-pam \
    --without-shadow \
    --without-tcp-wrappers \
    --without-libedit \
    --without-kerberos5 \
    --without-selinux \
    --with-cflags="-I$OPENSSL_ROOT/include" \
    --with-ldflags="-L$OPENSSL_ROOT/lib"

# 只编译我们需要的sftp-server
make sftp-server

# 检查编译出的sftp-server
ls -la sftp-server
file sftp-server

# 创建输出目录结构
mkdir -p $OUTPUT_DIR/usr/libexec
mkdir -p $OUTPUT_DIR/usr/bin

# 复制编译结果
cp sftp-server $OUTPUT_DIR/usr/libexec/
${CROSS_COMPILE}strip $OUTPUT_DIR/usr/libexec/sftp-server

# 如果需要sftp客户端,也可以编译
# make sftp
# cp sftp $OUTPUT_DIR/usr/bin/

# 检查最终文件
ls -la $OUTPUT_DIR/usr/libexec/sftp-server