Drobo

Cross-Compiling for DroboFS: openssh5.6p1

Cross-Compiling for DroboFS: openSSH-5.6p1
Here is another post on the cross-compile series for DroboFS.

Introduction: Why openssh?

Just because! (sftp and sshfs)

Overall compiling complexity: Easy to medium.

Step 1: Background info

To be able to make use of this post, you need a VM configured as indicated in this post.

Step 2: Enter the cross-compiling environment

See step 2 of this post to see instructions on how to enter the chroot environment.

Step 3: Dependencies

openssh needs:
openssl

Step 4: Get the source code

openSSH website: http://www.openssh.com/
Version: 5.6p1
Direct link: http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.6p1.tar.gz

Make sure that you are in the folder /root/code, then type:

Code:

wget http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/openssh-5.6p1.tar.gz tar xzf openssh-5.6p1.tar.gz cd openssh-5.6p1

Step 5: Configuration

Configuration for openssh is the same like other libraries:

Code:

./configure --host=arm-none-linux-gnueabi --prefix=/usr/arm

This should return no errors.

Step 6: Compiling

Within the folder /root/code/openssh-5.6p1

Code:

make

Again, there should be no errors. If any errors are reported, make sure you performed steps 3 and 4 correctly. If you still have errors, make sure that the VM is properly configured (e.g. like I did the first time around, when I got the wrong toolchain, or forgot to ‘export’ the proper compiler flags).

Step 7: Installing

Installing is simple:

We don’t want it to generate the keys, not just because the keys have to be generated on the drobo but also because it wont work :wink: So we use “make install-nokeys” instead of “make install”
The keys will be generated on the DroboFS later.

Code:

make install-nokeys

which will place the compiled library under /usr/arm.

Then we package the whole /usr/arm and copy it over to the DroboFS, as indicated on step 9 here.

Step 8: Generating Keys

Log in to your DroboFS through SSH (Dropbear is still running ;)).

Make sure that the Sym-Link /usr/arm is pointing to /mnt/DroboFS/Shares/DroboApps/arm.

Code:

ssh-keygen -t rsa1 -f /usr/arm/etc/ssh_host_key ssh-keygen -t dsa -f /usr/arm/etc/ssh_host_dsa_key ssh-keygen -t rsa -f /usr/arm/etc/ssh_host_rsa_key

Step 9: Configuring and Testing SSHD

Since Port 22 is still used by Dropbear we will change the default port in the configuration file of SSHD.

/usr/arm/etc/sshd_config
Code:

# Change default port 22 to 2222
Port 2222

#
# Set the paths to the host keys
#
# HostKey for protocol version 1
HostKey /usr/arm/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/arm/etc/ssh_host_rsa_key
HostKey /usr/arm/etc/ssh_host_dsa_key

# Disable privilege separation, since the user "sshd" doesn't exsists
UsePrivilegeSeparation no[/code]

You can start sshd with the command: 

Code:

[code]/usr/arm/sbin/sshd

And you will be able to connect to port 2222 with ssh!

Step 10: Setting sshd up as a service started at boot

I would like to discuss this eventuality with you guys. Is there anybody who has experience with setting up services on the DroboFS? Has anybody already done it?

Cheers

Thanks for the great step-by-step!

Is there any information on getting this to run as a replacement for dropbear?

I really don’t need or want two ssh daemons running on the Drobo. :slight_smile:

Any progress on having it run at boot or with non-root users? The big issue that I’ve found is having it run as a non root user you can’t access /dev/null which is a problem. While this isn’t a horrific thing in a LAN it’s really just not good practice.

I’ll try out your build instructions and path it with the HPN-SSH patches. I think the big win there will be the use of the none cipher switch. You still authenticate in cryptographically secure way but it then switches the cipher to none so data passes in the clear. The big win is that you aren’t overtaxing the processor with ciphering so throughput should improve dramatically on something like the AMR9 processor we have. It still computes the HMAC though.

You could also use it for WAN transfers on GigE+ networks but the DroboFS really doesn’t have the buffer space for that by default. You’d have to play with the rmem settings for it to make any sense.

You can find a nicely packaged version here: http://www.droboports.com/app-repository/openssh-5-8p1

It does privilege isolation, but does not have the HPN-SSH patch.