Warning: This version of OpenSSH is deprecated and has been replaced by OpenSSH 6.0. This page and attached files are being kept for reference, but should not be deployed on any systems.

Overview

OpenSSH requires zlib and openssl. This is a statically compiled version, heavily optimized for the DroboFS hardware. Changes from the previous version: 1) updated openssl to the latest version (1.0.0e), and 2) changed some of the compilation flags that ought make OpenSSH faster on the FS.

Preparation

Make sure you have a cross-compiling virtual machine properly setup.

Compilation

export DEST=/mnt/DroboFS/Shares/DroboApps/openssh
cd ~/code/

wget http://zlib.net/zlib-1.2.5.tar.gz
tar zxf zlib-1.2.5.tar.gz
cd zlib-1.2.5
CFLAGS="$CFLAGS -O3" ./configure --prefix=$DEST --static
make clean && make
ZLIB=`pwd`
cd ..

wget http://www.openssl.org/source/openssl-1.0.0e.tar.gz
tar zxf openssl-1.0.0e.tar.gz
cd openssl-1.0.0e
./Configure linux-generic32 -DL_ENDIAN --prefix=$DEST --openssldir=$DEST/etc/ssl no-shared no-zlib-dynamic --with-zlib-include=$ZLIB --with-zlib-lib=$ZLIB
sed -i -e "s/CFLAG= /CFLAG=${CFLAGS} /g" Makefile
make clean && make && make install_sw
rm -fr $DEST/include
rm -fr $DEST/lib
OPENSSL=`pwd`
cd ..

wget http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
tar zxf openssh-5.9p1.tar.gz
cd openssh-5.9p1
./configure --host=arm-none-linux-gnueabi --prefix=$DEST --with-zlib=$ZLIB --with-cflags="$CFLAGS -O3" --disable-strip --with-ssl-dir=$OPENSSL --with-pid-dir=$DEST/var/run --with-privsep-path=$DEST/var/empty
make clean && make && make install-nokeys
find $DEST -type f -executable -exec $STRIP {} \;

Output of the configuration script:

OpenSSH has been configured with the following options:
                     User binaries: /mnt/DroboFS/Shares/DroboApps/openssh/bin
                   System binaries: /mnt/DroboFS/Shares/DroboApps/openssh/sbin
               Configuration files: /mnt/DroboFS/Shares/DroboApps/openssh/etc
                   Askpass program: /mnt/DroboFS/Shares/DroboApps/openssh/libexec/ssh-askpass
                      Manual pages: /mnt/DroboFS/Shares/DroboApps/openssh/share/man/manX
                          PID file: /mnt/DroboFS/Shares/DroboApps/openssh/var/run
  Privilege separation chroot path: /mnt/DroboFS/Shares/DroboApps/openssh/var/empty
            sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/mnt/DroboFS/Shares/DroboApps/openssh/bin
                    Manpage format: doc
                       PAM support: no
                   OSF SIA support: no
                 KerberosV support: no
                   SELinux support: no
                 Smartcard support: 
                     S/KEY support: no
              TCP Wrappers support: no
              MD5 password support: no
                   libedit support: no
  Solaris process contract support: no
           Solaris project support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: yes
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY
             Privsep sandbox style: rlimit

Packaging

cd $DEST
mkdir -p var/run var/empty var/log
chmod -R 755 var
chmod -R a+w etc
wget http://www.droboports.com/app-repository/openssh-5-9p1/service.sh
chmod a+x service.sh
cd etc
mv ssh_config ssh_config.default
mv sshd_config sshd_config.default
cd ..
~/bin/package.sh

Installing

DroboAdmin link: Install openssh-5.9p1 (this link only works if you have not changed the DroboFS name). Otherwise, download below and place it in you DroboApps share.

Final remarks

Make sure that you have the Dropbear DroboApp disabled or uninstalled before installing OpenSSH, since they will both try to grab the same port, and most likely Dropbear will get it, preventing OpenSSH from starting.

Warning: although the migration from the previous version to this one should not override any important configuration files, it is highly recommended to backup your current OpenSSH configuration. The server keys, ssh_config and sshd_config files are preserved, but other files are not.

To upgrade without restarting the DroboFS, SSH into the DroboFS and follow these steps:

cd /mnt/DroboFS/Shares/DroboApps/
cp -R openssh openssh.old
wget -O openssh.tgz http://www.droboports.com/app-repository/openssh-5-9p1/openssh.tgz
DroboApps.sh install
./openssh/service.sh restart

Now leave that session alone, and try to open a new session to the FS. If you manage to get it, check the output of this command:

/mnt/DroboFS/Shares/DroboApps/openssh/sbin/sshd -v

The output should indicate that you are running version 5.9p1. If that is the case, then delete the old version:

rm -fr /mnt/DroboFS/Shares/DroboApps/openssh.old

If you want to preserve all of the configuration from the old version, then do this:

cd /mnt/DroboFS/Shares/DroboApps/
mv openssh openssh.old
wget -O openssh.tgz http://www.droboports.com/app-repository/openssh-5-9p1/openssh.tgz
DroboApps.sh install
cp -R openssh.old/etc/* openssh/etc/
mv openssh openssh.new
mv openssh.old openssh
./openssh/service.sh stop
mv openssh openssh.old
mv openssh.new openssh
./openssh/service.sh start

Then test the new installation as indicated above. If you are not able to start a new session, then you'll be able to use the original session to repair the SSH server.

Once you are sure that the new server works, you should remove the 'openssh.old' folder, since it may cause conflicts on startup with the new server.

Please visit the DroboSpace forums to leave your comments, suggestions and feedback.