Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DroboApp HOWTO: openssh 5.8p1
02-09-2011, 04:02 PM (This post was last modified: 02-28-2011 11:57 AM by ricardo.)
Post: #1
DroboApp HOWTO: openssh 5.8p1
This is a simplified version of this tutorial, updated to the latest version of OpenSSH (as of today), and made into a pre-configured DroboApp.

Compilation summary

Before you start, make sure that your CFLAGS and LDFLAGS are properly set for DroboApp compilation using DroboLibs compilation, like this:
Code:
export CFLAGS="-march=armv5te"
export CPPFLAGS="-march=armv5te"
export CXXFLAGS="-march=armv5te"
export LDFLAGS=""

Keep in mind that openSSH requires zlib and openssl.

The following sequence of commands takes you from zero to compiled library. Explanation below.
Code:
wget http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.8p1.tar.gz
tar zxf openssh-5.8p1.tar.gz
cd openssh-5.8p1
./configure --host=arm-none-linux-gnueabi --prefix=/mnt/DroboFS/Shares/DroboApps/openssh --with-zlib=/mnt/DroboFS/Shares/DroboApps/zlib --with-ssl-dir=/mnt/DroboFS/Shares/DroboApps/openssl --with-cflags="-O" --disable-strip
make
mkdir -p /mnt/DroboFS/Shares/DroboApps/openssh
make install-nokeys

The 'configure' looks way more complicated now. But in fact we are just specifying the location of each one of the dependencies manually, instead of letting pkgconfig deal with it for us. I had to add --with-cflags and --disable-strip to fix some errors that came up during configuration.

Packaging summary

The following sequence of commands takes you from compiled library to droboapp. Explanation and content of files below.
Code:
cd /mnt/DroboFS/Shares/DroboApps/openssh
nano README.txt
# copy and paste the content of README.txt from below
nano service.sh
# copy and paste the content of service.sh from below
chmod a+x service.sh
# optionally, remove the docs
#rm -fr share/man
tar czfv ../openssh-5.8p1.tgz *

Content README.txt:
Code:
Name: OpenSSH
Description: SSH connectivity tools
Version: 5.8p1
Requires: zlib openssl


EDIT: This is a fixed version of service.sh, which makes sure that /var/empty is created as well, since it is required for privilege separation. Also, as I learned the hard way, it won't output anything to stdout, otherwise it breaks the FS's boot sequence. Restarting openssh using this won't kill your current session (which was a problem with the previous version).

Content service.sh:
Code:
#!/bin/sh
#
# openSSH service

. /etc/service.subr

prog_dir=`dirname \`realpath $0\``

name="openssh"                          # service name
version="5.8p1"                         # program version

pidfile=/var/run/sshd.pid               # location of the pid file
logfile=${prog_dir}/sshd.log            # location of log file
rsakey=${prog_dir}/etc/ssh_host_rsa_key # location of rsa key
dsakey=${prog_dir}/etc/ssh_host_dsa_key # location of dsa key
ecdsakey=${prog_dir}/etc/ssh_host_ecdsa_key # location of ecdsa key
sshd_user=sshd
sshd_group=sshd

start()
{
  # make sure /dev/null is non-root writeable
  chmod a+rw /dev/null

  # make sure /var/empty is properly setup for privilege separation
  mkdir -p /var/empty
  chmod 755 /var/empty

  # make sure that we have the sshd user for privilege separation
  id ${sshd_user} > /dev/null 2>&1
  if [ 0 -ne $? ]; then
    adduser -S -D -H -h "/var/empty" -s "/bin/false" ${sshd_user}
  fi

  # make sure sshd owns the log file
  chown ${sshd_user}.${sshd_group} ${logfile}

  # make sure that the RSA key exists
  if [ ! -f $rsakey ]; then
    ${prog_dir}/bin/ssh-keygen -t rsa -f ${rsakey} -N ""
  fi

  # make sure that the DSA key exists
  if [ ! -f $dsakey ]; then
    ${prog_dir}/bin/ssh-keygen -t dsa -f ${dsakey} -N ""
  fi

  # make sure the ECDSA key exists
  if [ ! -f $ecdsakey ]; then
    ${prog_dir}/bin/ssh-keygen -t ecdsa -f ${ecdsakey} -N ""
  fi

  # add sshd to the path
  which sshd > /dev/null 2>&1
  if [ 0 -ne $? ]; then
    export PATH=$PATH:${prog_dir}/sbin
  fi

  # add ssh/scp/sftp to the path
  which slogin > /dev/null 2>&1
  if [ 0 -ne $? ]; then
    export PATH=$PATH:${prog_dir}/bin
  fi

  ${prog_dir}/sbin/sshd -e > ${logfile} 2>&1
}


case "$1" in
  start)
    start_service
    ;;
  stop)
    /sbin/start-stop-daemon -K -p ${pidfile}
    ;;
  restart)
    /sbin/start-stop-daemon -K -p ${pidfile}
    sleep 3
    start_service
    ;;
  status)
    status
    ;;
  *)
    echo "Usage: $0 [start|stop|restart|status]"
    exit 1
    ;;
esac

This service.sh guarantees that:
1) Fixes /dev/null permission
2) Creates and fixes permissions of /var/empty
3) Creates (if necessary) the 'sshd' system account
4) Generates (if necessary) all encryption keys
5) Fixes the PATH


With this droboapp, I'm able to SSH, SCP, SFTP and tunnel without a problem.

The droboapp is preconfigured to run on port 22, so you might want to disable/remove dropbear or change the configuration file in openssh-5.8p1/etc/sshd_config to test it.


EDIT: I decided to try and make the OpenSSH DroboApp a single, all-dependencies included file. The procedure is pretty much the same, but you have to start from scratch and do all the dependencies in one pass. Here is the complete sequence of steps that takes you from source to compiled DroboApp:
Code:
export DEST="/mnt/DroboFS/Shares/DroboApps/openssh-5.8p1"

wget http://zlib.net/zlib-1.2.5.tar.gz
tar zxf zlib-1.2.5.tar.gz
cd zlib-1.2.5
./configure --prefix=$DEST
make
make install

wget http://www.openssl.org/source/openssl-1.0.0c.tar.gz
tar zxf openssl-1.0.0c.tar.gz
cd openssl-1.0.0c
./Configure linux-generic32 -DL_ENDIAN --prefix=$DEST
make
make install

wget http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.8p1.tar.gz
tar zxf openssh-5.8p1.tar.gz
cd openssh-5.8p1
./configure --host=arm-none-linux-gnueabi --prefix=$DEST --with-zlib=$DEST --with-ssl-dir=$DEST --with-cflags="-O" --disable-strip
make
make install-nokeys
cd $DEST
; create README.txt and service.sh as indicated above
tar czfv ../openssh-5.8p1.tgz *

I have adjusted the information below to reflect this new version.


Installation summary

Recommended: If you have the DroboAdmin installed, and your FS is called 'drobo-fs', do this:
(Note: You can also adapt the URLs to match your Drobo's name or IP address)
  1. Disable dropbear here.
  2. Click here to install openssh.


If you do not have DroboAdmin, but do not want to use SSH, then do this:
  1. Download the OpenSSH DroboApp, and place it in the DroboApps share.
  2. Remove the 'dropbear' folder (if it is present)
  3. Restart the DroboFS. OpenSSH is now available.


If you want to use SSH, then SSH into the DroboFS, then type the following sequence of commands:
Code:
cd /mnt/DroboFS/Shares/DroboApps
wget http://commondatastorage.googleapis.com/drobofs/openssh-5.8p1.tgz
; make sure that what has been downloaded has been named openssh-5.8p1.tgz
dropbear/service.sh stop; DroboApps.sh install

If all goes well, dropbear is gone and next time you SSH into the FS you'll get a fancy warning that the server fingerprint has changed.
Find all posts by this user
Quote this message in a reply
02-21-2011, 08:18 PM (This post was last modified: 02-21-2011 09:41 PM by leetlamer.)
Post: #2
RE: DroboApp HOWTO: openssh 5.8p1
Thanks for this!

I tried installing this, and it doesn't seem to be working.

I deleted the dropbear folder, put in the archive, and restarted the Drobo FS, but when I try and ssh in, it says connection refused. It looks like it installed okay, the archive is gone and the directory was extracted.

Any idea whats wrong?

Also how would I configure username/password settings? What is the default username and password?
Find all posts by this user
Quote this message in a reply
02-22-2011, 04:26 AM
Post: #3
RE: DroboApp HOWTO: openssh 5.8p1
The first time it is started it may take a while to actually be accessible, since it has to generate the secret keys. Have you tried again after a while?
Find all posts by this user
Quote this message in a reply
02-22-2011, 02:25 PM (This post was last modified: 02-23-2011 01:33 AM by leetlamer.)
Post: #4
RE: DroboApp HOWTO: openssh 5.8p1
Haha, yeah its been like 24 hours since I've installed it and it still isn't working.

EDIT: So I tried installing via the DroboApp Manager. Still no luck.

EDIT2: I tried installing via dropbear, and installation seems to have worked fine. It generated the keys and everything, but I still can't connect. I have no idea why it isn't working.

Back when I first installed dropbear, I ran the included script that changed the root password for dropbear, which stays even if I uninstall/reinstall dropbear. Could that have messed something up, that is making openssh not work?

Other than that I have no ideas.
Find all posts by this user
Quote this message in a reply
02-23-2011, 03:12 AM
Post: #5
RE: DroboApp HOWTO: openssh 5.8p1
Let's go back to the basics:
  1. Is there a folder openssh-5.8p1 in DroboApps? Does this folder contain anything? If not, the installation is somehow corrupt.
  2. Do you have dropbear and openssh installed at the same time? If so, one will prevent the other from running, since they use the same port. You can change the openssh config to pick another port, and run them side-by-side.

To change the port of openssh, edit the file openssh-5.8p1/etc/sshd_config, and search for this line:
Code:
#Port 22
and change it to this
Quote:Port 2222

If you have dropbear access, login and type:
Quote:/mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh restart

If the files are correctly in place, you should be able to ssh into it by using something like:
Code:
ssh -p 2222 root@<drobo.fs.ip.address>
Find all posts by this user
Quote this message in a reply
02-23-2011, 12:12 PM
Post: #6
RE: DroboApp HOWTO: openssh 5.8p1
I have dropbear installed but I disable it when I try and run openssh.

Interesting, when I try and restart openssh I get this error:
Code:
# /mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh restart
/mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh: line 77: start-stop-daemon: not found

The openssh folder is there and it is full of files and folders.
Find all posts by this user
Quote this message in a reply
02-23-2011, 07:53 PM
Post: #7
RE: DroboApp HOWTO: openssh 5.8p1
(02-23-2011 12:12 PM)leetlamer Wrote:  I have dropbear installed but I disable it when I try and run openssh.

Interesting, when I try and restart openssh I get this error:
Code:
# /mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh restart
/mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh: line 77: start-stop-daemon: not found

The openssh folder is there and it is full of files and folders.

So I looked up at Ricardo's service.sh, and it's missing the definition for "start-stop-daemon" which is specified as the function to start/restart ssh. Also not specified in /etc/service.subr, so I can only assume Ricardo had some idea to include more functions? Or perhaps that is supposed to be an actual file in the path? Well, Ricardo specified a start() function but never used it.... so I can only assume this service.sh script is half-baked? Since there is no magic $pidfile var specified, something will have to kill openssh manually.

maybe this?

s
Code:
stop() {
for P in `ps -we | grep sshd | awk '{print $1}'` ; do kill $P ; done
}

Putting it all together:
Code:
#!/bin/sh
#
# openSSH service

. /etc/service.subr

prog_dir=`dirname \`realpath $0\``

name="openssh"                          # service name
version="5.8p1"                         # program version

logfile=${prog_dir}/sshd.log            # location of log file
rsakey=${prog_dir}/etc/ssh_host_rsa_key # location of rsa key
dsakey=${prog_dir}/etc/ssh_host_dsa_key # location of dsa key
ecdsakey=${prog_dir}/etc/ssh_host_ecdsa_key # location of ecdsa key

start()
{
  # make sure /dev/null is non-root writeable
  chmod a+rw /dev/null

  # make sure that we have the sshd user for privilege separation
  id sshd || adduser -S -D -H -s "/bin/false" sshd

  # make sure that the keYS exists
  [ -f $rsakey ]   || ${prog_dir}/bin/ssh-keygen -t rsa   -f ${rsakey}   -N ""
  [ -f $dsakey ]   || ${prog_dir}/bin/ssh-keygen -t dsa   -f ${dsakey}   -N ""
  [ -f $ecdsakey ] || ${prog_dir}/bin/ssh-keygen -t ecdsa -f ${ecdsakey} -N ""
  
  # add sshd to the path
  which sshd   || export PATH="$PATH:${prog_dir}/sbin"
  which slogin || export PATH=$PATH:${prog_dir}/bin
  
  # ROCK AND ROLL
  ${prog_dir}/sbin/sshd -e > ${logfile} 2>&1
}


stop() {
for P in `ps -we | grep sshd | awk '{print $1}'` ; do kill $P ; done
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    #start-stop-daemon -K -n sshd
    ;;
  restart)
    stop
    #start-stop-daemon -K -n sshd
    sleep 3
    start
    ;;
  status)
    status
    ;;
  *)
    echo "Usage: $0 [start|stop|restart|status]"
    exit 1
    ;;
esac
Find all posts by this user
Quote this message in a reply
02-23-2011, 09:54 PM
Post: #8
RE: DroboApp HOWTO: openssh 5.8p1
start-stop-daemon is a cmd in /sbin

so... implies /sbin is not in the path.
Find all posts by this user
Quote this message in a reply
02-24-2011, 03:58 AM
Post: #9
RE: DroboApp HOWTO: openssh 5.8p1
(02-23-2011 09:54 PM)parasense Wrote:  so... implies /sbin is not in the path.

/slaps forehead

Damn. That is most definitely it. I have cross-compiled bash, which probably adds /sbin for me automatically. I fixed service.sh to include the full path of start-stop-daemon.

New version replaces the old at the same address: http://commondatastorage.googleapis.com/...http://commondatastorage.googleapis.com/drobofs/openssh
Find all posts by this user
Quote this message in a reply
02-24-2011, 10:25 AM (This post was last modified: 02-24-2011 10:27 AM by leetlamer.)
Post: #10
RE: DroboApp HOWTO: openssh 5.8p1
I installed the new version but I still can't seem to start it...

Code:
# /mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh start  
uid=1(sshd) gid=1(sshd) groups=1(sshd)
# /mnt/DroboFS/Shares/DroboApps/openssh-5.8p1/service.sh status
openssh is enabled and stopped

I try and start it but it stays stopped.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: