OverviewOpenSSH requires zlib and openssl. This is a statically compiled version, heavily optimized for the DroboFS hardware. Changes from the previous version: 1) changed some of the compilation flags which make OpenSSL much faster, 2) changed some file permissions which should make the deployment more secure, and 3) it adds support for Avahi discovery. PreparationMake sure you have a cross-compiling virtual machine properly setup. Compilationexport DEST=/mnt/DroboFS/Shares/DroboApps/openssh cd ~/code/ wget -O zlib-1.2.7.tar.gz http://zlib.net/zlib-1.2.7.tar.gz tar zxf zlib-1.2.7.tar.gz cd zlib-1.2.7 CFLAGS="$CFLAGS -O3 -ffunction-sections -fdata-sections" LDFLAGS="$LDFLAGS -Wl,--gc-sections" ./configure --prefix=$DEST --static make clean && make ZLIB=`pwd` cd .. wget -O openssl-1.0.1c.tar.gz http://www.openssl.org/source/openssl-1.0.1c.tar.gz tar zxf openssl-1.0.1c.tar.gz cd openssl-1.0.1c ./Configure --prefix=$DEST --openssldir=$DEST/etc/ssl --with-zlib-include=$ZLIB --with-zlib-lib=$ZLIB no-shared no-zlib-dynamic threads linux-armv4 -DL_ENDIAN $CFLAGS -ffunction-sections -fdata-sections -Wl,--gc-sections make clean && make && make install_sw rm -fr $DEST/include $DEST/lib OPENSSL=`pwd` cd .. wget -O openssh-6.1p1.tar.gz http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/openssh-6.1p1.tar.gz tar zxf openssh-6.1p1.tar.gz cd openssh-6.1p1 select_works_with_rlimit=yes ./configure --host=arm-none-linux-gnueabi --prefix=$DEST --with-zlib=$ZLIB --with-cflags="$CFLAGS -O3 -ffunction-sections -fdata-sections" --with-ldflags="$LDFLAGS -Wl,--gc-sections" --disable-strip --with-ssl-dir=$OPENSSL --with-pid-dir=$DEST/var/run --with-sandbox=rlimit --with-privsep-path=$DEST/var/empty --with-privsep-user=sshd make clean && make && make install-nokeys $STRIP -s -R .comment -R .note -R .note.ABI-tag $DEST/bin/* $STRIP -s -R .comment -R .note -R .note.ABI-tag $DEST/sbin/* $STRIP -s -R .comment -R .note -R .note.ABI-tag $DEST/libexec/* Output of the configuration script: OpenSSH has been configured with the following options:
User binaries: /mnt/DroboFS/Shares/DroboApps/openssh/bin
System binaries: /mnt/DroboFS/Shares/DroboApps/openssh/sbin
Configuration files: /mnt/DroboFS/Shares/DroboApps/openssh/etc
Askpass program: /mnt/DroboFS/Shares/DroboApps/openssh/libexec/ssh-askpass
Manual pages: /mnt/DroboFS/Shares/DroboApps/openssh/share/man/manX
PID file: /mnt/DroboFS/Shares/DroboApps/openssh/var/run
Privilege separation chroot path: /mnt/DroboFS/Shares/DroboApps/openssh/var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/mnt/DroboFS/Shares/DroboApps/openssh/bin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
Smartcard support:
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
libedit support: no
Solaris process contract support: no
Solaris project support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: rlimit
Packagingcd $DEST mkdir -p var/run var/log mv etc/ssh_config etc/ssh_config.default mv etc/sshd_config etc/sshd_config.default wget -O service.functions http://www.droboports.com/app-repository/service.functions wget -O service.sh http://www.droboports.com/app-repository/openssh-6-1/service.sh wget -O etc/ssh.service http://www.droboports.com/app-repository/openssh-6-1/ssh.service wget -O etc/sftp-ssh.service http://www.droboports.com/app-repository/openssh-6-1/sftp-ssh.service chmod a+x service.sh chmod -R g+w etc var chmod -R g-w var/empty ~/bin/package.sh InstallingDownload the TGZ file below and place it in you DroboApps share. If you do not have SSH access, reboot your Drobo. Otherwise, SSH in and type: /usr/bin/DroboApps.sh install Final remarksMake sure that you have the Dropbear DroboApp disabled or uninstalled before installing OpenSSH, since they will both try to grab the same port, and most likely Dropbear will get it, preventing OpenSSH from starting. Warning: although the migration from the previous version to this one should not override any important configuration files, it is highly recommended to backup your current OpenSSH configuration. The server keys, ssh_config and sshd_config files are preserved, but other files are not. To upgrade without restarting the DroboFS, SSH into the DroboFS and follow these steps: cd /mnt/DroboFS/Shares/DroboApps/ cp -R openssh openssh.old wget -O openssh.tgz http://www.droboports.com/app-repository/openssh-6-1/openssh.tgz DroboApps.sh install ./openssh/service.sh restart Now leave that session alone, and try to open a new session to the FS. If you manage to get it, check the output of this command: ssh -V The output should indicate that you are running version 6.1p1. If that is the case, then delete the old version: rm -fr /mnt/DroboFS/Shares/DroboApps/openssh.old If you want to preserve all of the configuration from the old version, then do this: cd /mnt/DroboFS/Shares/DroboApps/ ./openssh/service.sh stop mv openssh openssh.old wget -O openssh.tgz http://www.droboports.com/app-repository/openssh-6-1/openssh.tgz DroboApps.sh install cp -R openssh.old/etc/* openssh/etc/ ./openssh/service.sh restart Then test the new installation as indicated above. If you are not able to start a new session, then you'll be able to use the original session to repair the SSH server. Once you are sure that the new server works, you should remove the 'openssh.old' folder, since it may cause conflicts on startup with the new server. One final advice: all OpenSSH servers are being encouraged to enable or insert "UsePrivilegeSeparation sandbox" in their etc/sshd_config. Check etc/sshd_config.default for more information. Please visit the DroboSpace forums to leave your comments, suggestions and feedback. |
Supporting the siteIf you like the tutorials, or are using any of the apps from this site, please consider making a donation to support our efforts and help keeping the site online.   |
App Repository >
openssh-6.1 |