交叉编译arm openssh-9.0p1
下载openssh
wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
tar xvf openssh-9.0p1.tar.gz
编译指令
./configure --prefix=/ --host=arm-linux-gnueabihf --with-zlib=$(pwd)/.. --with-ssl-dir=$(pwd)/.. --with-libs="-lpthread" --disable-strip -with-ldflags="-Wl,-rpath /usr/lib -Wl,-rpath /lib" --disable-etc-default-login --with-privsep-user=nobody --with-privsep-path="/var/empty"
make
注意:只make,不要make install
如果使用了--prefix指定的其他目录,会出现类似错误
scp pub.key root@192.168.1.8:/var/www/html/
/home/const/arm-compile/openssh-9.0p1/../bin/ssh: No such file or directory
如果不指定--prefix, 就会要求ssh放在/usr/local/bin/ssh目录下。
scp scp root@192.168.1.8:/var/www/html
/usr/local/bin/ssh: No such file or directory
scp: Connection closed
静态编译openssh的问题
./configure --prefix=/ --host=arm-linux-gnueabihf --with-zlib=$(pwd)/.. --with-ssl-dir=$(pwd)/.. --with-libs="-lpthread" --disable-strip -with-ldflags="-static" --disable-etc-default-login --with-privsep-user=nobody --with-privsep-path="/var/empty"
编译完成后,运行scp,会卡死无响应。
strace /bin/scp
execve("/bin/scp", ["/bin/scp"], 0x7ea03ce0 / 18 vars /) = 0
brk(NULL) = 0x115f000
brk(0x115fd0c) = 0x115fd0c
set_tls(0x115f4c0) = 0
readlink("/proc/self/exe", "/bin/scp", 4096) = 8
brk(0x1180d0c) = 0x1180d0c
brk(0x1181000) = 0x1181000
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
close(3) = 0
futex(0x1e9c24, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1e9c28, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1e9c2c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1e9ee8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1e9c34, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1e9c38, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1e9cbc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid() = 20133
getrandom("x8axadx3fx00xd7x42xa5xcax40x16xfax2fxcexb5xe8x9cxb5x65x44x10x0dx33x18xe9xa7x3cx9ax65x17xffxdbx09", 32, 0) = 32
clock_gettime(CLOCK_REALTIME, {tv_sec=1651798290, tv_nsec=756874203}) = 0
gettimeofday({tv_sec=1651798290, tv_usec=757342}, NULL) = 0
futex(0x1e9ca4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x1162574, FUTEX_WAIT_PRIVATE, 0, NULL
从上面可以看到futex 阻塞住了。
静态编译后的ssh可以运行.
查看静态编译依赖的动态库
arm-linux-gnueabihf-objdump -x ssh |grep NEEDED
查看动态编译依赖的动态库
arm-linux-gnueabihf-objdump -x ../bin/ssh |grep NEEDED
NEEDED libcrypto.so.1.1
NEEDED libdl.so.2
NEEDED libutil.so.1
NEEDED libz.so.1
NEEDED libpthread.so.0
NEEDED libcrypt.so.1
NEEDED libresolv.so.2
NEEDED libc.so.6
NEEDED ld-linux-armhf.so.3
这里说到一个不需要使用ldd,查看动态库依赖的方法。使用arm-linxu-gnueabihf-objdump -x scp |grep NEEDED
使用ldd的方法如下:
ldd /bin/scplinux-vdso.so.1 (0x00007ffe21797000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f0bfaadd000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0bfa8eb000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f0bfa8e5000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f0bfa8c2000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0bfade7000)
objdump -x /bin/scp |grep NEEDED
NEEDED libcrypto.so.1.1
NEEDED libc.so.6
过程中出现的各种问题
scp报错 -bash: scp: command not found
此错误要求arm的scp要放在/bin/scp目录下面。
scp: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory
此错误是scp没有找到相关的动态库,要求动态库的位置在/usr/lib/arm-linux-gnueabihf/目录下。这个也是通过调试得到的。
调试scp日志的方法
/home/const/bin/strace /home/const/bin/scp -v 2
将上述命令以脚本方式保存为/bin/scp即可在对端得到调试信息。
根据上面的提示信息,我们可以将依赖设置到指定目录
gcc rpath multiple directories
-Wl,-rpath /usr/lib -Wl,-rpath /lib
这就是上面openssh编译命令中的ldflags选项。
错误提示:
OpenSSL version mismatch. Built against 10101080, you have 101010bf
scp: Connection closed
因为编译的OpenSSL版本与实际使用的版本有少少差异,导致不能使用.最好的解决办法是使用相同的版本,如果版本差异不大呢, 就修改openssh的源码.
将entropy.c文件
if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER,
OpenSSL_version_num()))
debug3("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER,
OpenSSL_version_num());删除或注释就可以了.
本文链接地址:https://const.net.cn/699.html