How-to: Install and Configure Dropbear on the PCH

[racanu]

Introduction
This guide aims to describe the steps I had to take to get dropbear installed on my system. I've searched a lot for this information and finally got it working. Most of what is described here can be found elsewhere. The added value is that it is all gathered together for the benefit of anyone who wants to do the same (including myself).

I use my PopCornHour (PCH) as a networked-attached storage (NAS) where I place my media files but also other documents. My goal was to achieve a secure connection to PCH from outside my network and to be able to:

• copy files from/to the PCH
• start a console to the PCH to examine or change setings
• give download tasks to nzbget
• be able to access the configuration pages of my ADSL modem and VOIP gateway (tunnel into my internal network)
  

Everything I describe here is strictly tailored to my environment and my goals and may not be suitable for anything else. So use the guide wisely and don't take anything to the letter.

My main work environment is Windows. I use Linux inside virtual machines and occasionaly boot a LiveCD.

Building the Cross-compilation Toolchain

Download and install VmWare.

Download the Debian Etch 4.0 VmWare image (other distributions of your choice may also be used).

Download the Syabas NMT (SMP8634) toolchain and place it in the ~/popcorn/smp directory.

In the Debian image some packages were missing, so I had to install them:

Code:

apt-get install flex
apt-get install bison
apt-get install gettext
apt-get install genromfs
apt-get install ncurses-dev
apt-get update

Unpack the toolchain:

Code:

cd ~/popcorn/smp
tar xf smp86xx_toolchain.20080505.tar.bz2
cd smp86xx_toolchain.20080505

Read the README file.

Make sure your terminal window has at least 19 rows and 80 columns.

Configure the build:

Code:

make menuconfig

Select Kernel Headers options (Linux 2.6.11.0 kernel headers) --->

Select Toolchain Options --->
Select uCLibc version 0.9.28.3 --->
Select binUtils version 2.17 --->
Select gcc version 4.0.4 --->

At this point the build can start:

Code:

make

When the build is done, the file toolchain-path.env will be created, that contains the environment settings necessary to use the toolchain.

Make this file executable and run it or copy-paste it's contents into the command-line before starting any cross-compilation.

Building Dropbear

Create the ~/popcorn/dropbear directory and download the latest version of dropbear (at the time of writing this was dropbear-0.51.tar.gz). You can get it for example by using:

Code:

cd ~/popcorn/dropbear
wget http://matt.ucc.asn.au/dropbear/dropbear-0.51.tar.gz

Unpack it:

Code:

tar xvzf dropbear-0.51.tar.gz
cd dropbear-0.51

Read the README, INSTALL and MULTI files.

Configure the build:

Code:

./configure --host=mipsel-linux --disable-zlib

I needed to use --disable-zlib as I still haven't sorted out how to cross-compile it. Any hints are welcome!
Update: I have been able to build and use zlib. See below.

You shouldn't need to change anything in options.h at this point but have a look anyway at what settings are available.

I have chosen to build a combined binary à la busybox:

Code:

make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" MULTI=1

In the end, you will get a binary called dropbearmulti. This is all you need.
It contains all of the above programs.

Compiling and Using zlib

I have been able to build zlib and then use it for dropbear so I am sharing this with you:

Get zlib from the OpenWrt project and unpack it into a directory:

Code:

cd ~/popcorn
mkdir 05_zlib
cd 05_zlib
wget http://downloads.openwrt.org/sources/zlib-1.2.3.tar.bz2
tar xvjf zlib-1.2.3.tar.bz2
cd zlib-1.2.3

Prepare it for cross-compilation:

Code:

CC=mipsel-linux-gcc  ./configure

Now you're ready to make:

Code:

make

When the build is done you need 3 files:

Code:

zlib.h
zconf.h
libz.a

You must make these files available to the toolchain. I chose to copy them to the directory where the toolchain was built:

Code:

cp zlib.h ~/popcorn/00_smp/smp86xx_toolchain.20080505/build_mipsel_nofpu/staging_dir/include
cp zconf.h ~/popcorn/00_smp/smp86xx_toolchain.20080505/build_mipsel_nofpu/staging_dir/include
cp libz.a ~/popcorn/00_smp/smp86xx_toolchain.20080505/build_mipsel_nofpu/staging_dir/lib

Now you can configure and build dropbear as described above without using --disable-zlib:

Code:

./configure --host=mipsel-linux
make

Installing Dropbear on the PCH

From this point on, work moves to the PCH. All commands have to be issued on a telnet terminal connected to PCH. There are good tutorials on how to install and run telnetd on PCH so I will skip this.

I've added /share/start_app.sh to the start() function in /mnt/syb8634/etc/ftpserver.sh. So start_app.sh will be executed at every reboot. One of the things I've added to start_app.sh is the following command:

Code:

cp -r -P -p /share/apps/start/* /

This allows me to place whatever files (and softlinks) I need in
/share/apps/start (i.e. on my internal harddisk) and have them copied to the root of the filesystem at startup.

This is very important, as files like /etc/passwd, /etc/shadow, /etc/groups get overwritten at every startup, so user passwords, home directories and shell settings are lost and need to be refreshed every time.

Beware! I'm no security expert and have no idea what kind of security risks this method involves! Gather your own information and make your own informed decision as to what to use and how.

The contents of my /share/apps/start directory is listed here below:

Code:

root@PCH-A100 in /opt/sybhttpd/localhost.drives/HARD_DISK/apps/start # ls -AlR
.:
drwxr-xr-x    2 root     root         4096 Sep 14 23:00 bin
drwxr-xr-x    3 root     root         4096 Sep 14 22:03 etc
drwxr-xr-x    3 root     root         4096 Sep 14 21:53 mnt
drwxr-xr-x    5 root     root         4096 Sep 14 22:28 usr

./bin:
lrwxrwxrwx    1 root     root           28 Sep 14 23:00 login -> ../mnt/syb8634/bin/busybox26

./etc:
drwxr-xr-x    2 root     root         4096 Sep 18 21:06 dropbear
-rw-r--r--    1 root     root          135 Sep 14 21:54 group
-rw-r--r--    1 root     root          650 Sep 14 21:54 passwd
-rw-r--r--    1 root     root          436 Sep 14 21:55 shadow

./etc/dropbear:
-rw-r--r--    1 root     root          459 Sep 14 21:59 dropbear_dss_host_key
-rw-r--r--    1 root     root          427 Sep 14 21:59 dropbear_rsa_host_key

./mnt:
drwxr-xr-x    4 root     root         4096 Sep 14 22:21 syb8634

./mnt/syb8634:
drwxrwxrwx    2 root     root         4096 Sep 14 21:43 bin
drwxrwxrwx    2 root     root         4096 Sep 21 16:41 sbin

./mnt/syb8634/bin:
lrwxrwxrwx    1 root     root            9 Sep 14 21:34 ash -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:34 awk -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 basename -> busybox26
-rwxr-xr-x    1 root     root       598768 Sep 14 21:13 busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 cat -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 chmod -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 chown -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 chroot -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 clear -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 cmp -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 cp -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 crond -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 crontab -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 cut -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 date -> busybox26
lrwxrwxrwx    1 root     root           13 Sep 14 21:42 dbclient -> dropbearmulti
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 dd -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:35 df -> busybox26
lrwxrwxrwx    1 root     root           13 Sep 14 21:41 dropbear -> dropbearmulti
lrwxrwxrwx    1 root     root           13 Sep 14 21:43 dropbearconvert -> dropbearmulti
lrwxrwxrwx    1 root     root           13 Sep 14 21:42 dropbearkey -> dropbearmulti
-rwxr-xr-x    1 root     root       499146 Sep 18 23:01 dropbearmulti
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 du -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 echo -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 egrep -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 env -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 ether-wake -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 expr -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 false -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 fgrep -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 find -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 ftpget -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 ftpput -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 grep -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:36 gunzip -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 gzip -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 head -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 hostname -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 ifconfig -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 kill -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 killall -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 less -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 ln -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 login -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 more -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:37 passwd -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 ping -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 poweroff -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 ps -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 pwd -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 realpath -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 reboot -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 reset -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 rm -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:38 rmdir -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 route -> busybox26
lrwxrwxrwx    1 root     root           13 Sep 14 21:17 scp -> dropbearmulti
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 sed -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 sh -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 sha1sum -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 sleep -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 sort -> busybox26
lrwxrwxrwx    1 root     root           13 Sep 14 21:42 ssh -> dropbearmulti
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 strings -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 tail -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 tar -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 telnet -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 telnetd -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:39 tftp -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 time -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 top -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 touch -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 traceroute -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 true -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 umount -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 uptime -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 vi -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 wc -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 wget -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:33 which -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:40 xargs -> busybox26
lrwxrwxrwx    1 root     root            9 Sep 14 21:41 yes -> busybox26

./mnt/syb8634/sbin:
lrwxrwxrwx    1 root     root           20 Sep 14 21:45 dropbear -> ../bin/dropbearmulti
lrwxrwxrwx    1 root     root           16 Sep 21 16:41 telnetd -> ../bin/busybox26

./usr:
drwxr-xr-x    2 root     root         4096 Sep 14 22:59 bin
drwxr-xr-x    2 root     root         4096 Sep 14 22:10 etc
drwxr-xr-x    2 root     root         4096 Sep 21 16:42 sbin

./usr/bin:

./usr/etc:
lrwxrwxrwx    1 root     root           26 Sep 14 22:10 nzbget.conf -> /share/.nzbget/nzbget.conf

./usr/sbin:
lrwxrwxrwx    1 root     root           35 Sep 21 16:42 dropbear -> ../../mnt/syb8634/bin/dropbearmulti
lrwxrwxrwx    1 root     root           31 Sep 21 16:42 telnetd -> ../../mnt/syb8634/bin/busybox26

Everything is prepared to be copied as-is to the root of the file system. Most likely, it would be more elegant to tar everything and untar it upon startup. I will consider that at some moment in the future.

In ./etc/dropbear above, there are two key files that dropbear uses. To generate them, use:

Code:

dropbearkey -t rsa -s 1024 -f dropbear_rsa_host_key
dropbearkey -t dss -f dropbear_dss_host_key

Finally, to automatically start dropbear after reboot, add the following command at a convenient place in start_app.sh:

Code:

dropbear -a -p 22 &

Now you should be able to connect to your PCH with an SSH client like PuTTY. Enjoy!

Generating Passwords and Setting-up the Accounts

The normal way of generating passwords is to use the passwd command. In my environment this doesn't work hoewever. I get an error saying:

Code:

passwd: An error occurred updating the password file.

Not having had the time and skills to investigate what is wrong, I decided to be
practical about it and find alternative ways. This is how I discovered the
makepwd.pl perl script that generates passwords for me to paste into the shadow file. (Unfortunately I don't remember where I've got it from -- googled it but then forgot where I've found it and can't find it again. Also I don't know how to attach files to posts so I am pasting the code here):

Code:

#!perl -w --

use strict;
#use Crypt;             # if no native crypt function, use the crypt module
use Term::ReadKey;      END { ReadMode ('restore'); }   # just in case

my $usage = <<EOD;
Usage: $0 {create|check} user [password]
        create          create a new password
        check           check a password
        user            username
        password        if not present prompts for one interactively

EOD
die $usage if @ARGV < 2;

my $dbg = 0;                    # debug

# legal encrypted chars
my @legal_enc = ('.', '/', '0'..'9', 'A'..'Z', 'a'..'z'); # legal encrypted chrs

# legal clear passwd chrs (26+26+10+24=86): "a-zA-Z0-9!#$%&()*+,-./:;<=>?@[\]^";
my @legal_clear = ('a'..'z', 'A'..'Z', '0'..'9', split //,
  '!#$%&()*+,-./:;<=>?@[\]^');
my %legal_clear; foreach (@legal_clear) { $legal_clear{$_} =1; }

my $passwd_file = './passwd';
my $enc_passwd;
my $user;
my $passwd;

#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# my $tmp = (time + $$) % 65536;
# srand ($tmp);
#
# for (1 .. 1000) {
#
#       if ($_ & 1) {
#               @ARGV = ('create', 'fubar') if $_ & 1;
#               my $tmp = '';
#               for (my $ii = 0; $ii < 10; $ii++) {
#                       $tmp .= chr rand (256);
#               }
#               push @ARGV, $tmp;
#       } else {
#               @ARGV = ('check', 'fubar', $passwd);
#       }
#       print "@ARGV\n";

#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

my $create_passwd = 0;          # 1 if creating a new passwd else 0
my $type = shift;
$create_passwd = 1 if $type eq 'create';

$user = '';                     # used to look up encrypted passwd in file
                                # gotten from input form or ?
$user = shift;

$passwd = '';                   # plain text passwd gotten from input form or ?
$passwd = shift;

# to auto magically create a passwd - something like this should work

#my $max_chars = 10;
#$passwd = join '', @legal_clear[map { rand @legal_clear } (1 .. $max_chars)];

# go get a passwd if none on command line

if (not $passwd) {

        $| = 1; # unbuffer stdout

        print "Password: ";
        ReadMode ('cbreak');
        while (defined (my $ch = ReadKey ())) {

                last if $ch eq "\x0d";
                if ($ch eq "\x08") {    # backspace
                        print "\b \b" if $passwd;       # back up 1
                        chop $passwd;
                        next;
                }
                if ($ch eq "\x15") {    # ^U
                        print "\b \b" x length $passwd; # back 1 for each char
                        $passwd = '';
                        next;
                }
                if (not exists $legal_clear{$ch}) {
                        print "\n'$ch' not a legal password character\n";
                        print 'Password: ', "*" x length $passwd; # retype *'s
                        next;
                }
                $passwd .= $ch;
                print '*';
        }
        ReadMode ('restore');
}

# check for legal passwd

my $retry = 0;
foreach (split //, $passwd) {
        if (not exists $legal_clear{$_}) {
                print "'$_' not a legal password character\n";
                $retry = 1;
        }
}
die "Try again\n" if $retry;

print "$passwd \n" if $dbg;

$enc_passwd = '';               # encrypted passwd from passwd file

print "user='$user'; passwd='$passwd'; enc_passwd='$enc_passwd'\n" if $dbg;

#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Password adding part:

if ($create_passwd) {

        # this part is to create a new encrypted password.  Basically the same
        # as htpasswd would do.  Create a salt and encrypt the password.
        # Would allow you to add new users to your passwd file.

        # use plain text password

        $enc_passwd = &crypt_passwd ($passwd);

        print "enc_passwd='$enc_passwd'\n";

        # Now add it to your passwd file and you're done.

        if (not -e $passwd_file) {

                open NPW, ">$passwd_file" or
                  die "Error opening passwd file for write: $!\n";
                print NPW "$user:$enc_passwd\n";
                close NPW;

        } else {

                open OPW, $passwd_file or
                  die "Error opening passwd file for read: $!\n";
                open NPW, ">$passwd_file.new" or
                  die "Error opening passwd file for write: $!\n";

                my $found = 0;
                while (<OPW>) {

                        if (/^$user:/) {
                                s/^$user:[^:\s]+/$user:$enc_passwd/;
                                $found = 1;
                        }
                        print NPW;
                }
                print NPW "$user:$enc_passwd\n" if not $found;
                close OPW;
                close NPW;

                rename ($passwd_file, "$passwd_file.old") or
                  die "Error renaming old passwd file: $!\n";
                rename ("$passwd_file.new", $passwd_file) or
                  die "Error renaming new passwd file: $!\n";
        }

#       # you can also use htpasswd to add direct to passwd file
#
#       my $htpasswd = '<path>htpasswd';
#       print "$htpasswd -b $passwd_file $user $passwd\n" if $dbg;
#
#       my $ret = system "$htpasswd -b $passwd_file $user $passwd";
#       print "ret=$ret\n" if $dbg;
#
#       # Now you would open the passwd file and find the user you
#       # added and get the encrypted passwd back if you needed it.
#
#       # On Win32, Apache htpasswd uses MD5 as default method, so it
#       # won't help for the rest of this example.  The -d option
#       # should make it use crypt instead.

}

#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Password checking part:

# The user logs in and gives his plain text passwd
# You retrieve encrypted password from passwd file for this user (1st field)
# You encrypt the plaintext password using first 2 letters of encrypted
# password as salt

open PW, $passwd_file or die "Error opening passwd file for write: $!\n";

my $found = 0;
while (<PW>) {

        if (/^$user:([^:\s]+)/) {

                $enc_passwd = $1;
                print "enc_passwd  ='$enc_passwd'\n" if $dbg;
                $found = 1;
                last;
        }
}
close PW;

if (not $found) {
        print "User '$user' not found in passwd file\n";
        exit 2;
}

# encrypt passwd using enc_passwd for salt

my $crypt_passwd = crypt ($passwd, $enc_passwd);

print "crypt_passwd='$crypt_passwd'\n" if $dbg;

if ($crypt_passwd eq $enc_passwd) {
        print "Passwd OK\n";
} else {
        print "Passwd not OK\n";
}

#}
exit 0;

#- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

sub crypt_passwd {   # $crypted_passwd = crypt_passwd ($plainpasswd [, $salt]);
        my $passwd = shift;
        my $salt;

# if salt supplied

if (defined $_[0]) {

        $salt = substr $_[0], 0, 2;     # get first 2 chars for salt

# else create a salt using time, pid and rand

} else {

        my $tmp = (time + $$) % 65536;
        srand ($tmp);
        $salt = $legal_enc[sprintf "%u", rand (@legal_enc)];
        $salt .= $legal_enc[sprintf "%u", rand (@legal_enc)];
}

my $new_passwd = crypt ($passwd, $salt);
return $new_passwd;

}

In the passwd file I've defined /bin/sh as shell for root, guest, nmt and ftpuser. Also, I have defined home directories for each of the above users in /mnt/syb8634/home/

Authenticating with a Pair of Keys

To make it even easier to connect, and eliminate the need of typing the password at every connection, you can configure the system to authenticate using a pair of keys. Dropbear supports the OpenSSH authorized_keys method.

To use this method you need to generate a pair of keys using for example PuTTYgen.

• Select SSH-2 RSA and press Generate.
• Save the private key into a file (e.g. PopCorn Private Key.ppk).
• Copy the key located at the top of the PuTTYgen window and save it into a file named authorized_keys. It must have the following structure:
  

Quote:ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuew​ZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname

Place the file authorized_keys in a directory named .ssh in the home directory of the user that you want to login using this key.

In PuTTY, under Connection|SSH|Auth add the private key you've saved earlier, PopCorn Private Key.ppk. Also, under Connection|Data specify the
Auto-login username.

This is the username that has the home directory where you've placed the
authorized_keys file before.

Greets,
Adrian

[werner]

nice tutorial

[spookt]

(09-21-2008 07:56 PM)werner Wrote:  nice tutorial

WOW

Thanks, dropbear ssh is on my "Popcorn to do list" - it looks like you just made my life a lot simpler !

[racanu]

(09-21-2008 09:40 PM)spookt Wrote:  

(09-21-2008 07:56 PM)werner Wrote:  nice tutorial

WOW

Thanks, dropbear ssh is on my "Popcorn to do list" - it looks like you just made my life a lot simpler !

Thanks for the enthousiastic reply. Glad to hear it helps someone. Hopefully there will be others to benefit from it. I certainly am very happy with the solution.

Now my ambitions point to OpenSSH

Forgot to mention that I use WinSCP with the SCP protocol (provided by dropbear) to transfer files. WinSCP also supports authentication with a pair of keys.

Greets,

Adrian.

[racanu]

Hi all,

I have updated the tutorial:
- there was an omission in the compilation of dropbear; I had forgotten to add --host=mipsel-linux
- I have now been able to build and use zlib, so I've added that to the tutorial

Greets,

Adrian

[fbv2]

I'd like to say thanks for the info.

Also, I'd like to comment on some things.

Under the make menuconfig, there is a typo, it should be clear that you are editing the UClibC, not UlibC. Also, you will want to change the option for kernel headers from 2.4.29 to 2.6.11.0 (since the latest PCH linux kernel is based on 2.6.15, I believe it will be better.)

If you do 'make' and you get errors, as I did, scroll up to see if you get a message saying 'makeinfo is missing...' I know I have makeinfo installed, since typing 'makeinfo' at the command prompt told me it was in the path, and 'makeinfo --version' told me I have 4.11 installed.

Googling, I found this post which says.

Quote: Troubleshooting

If you see the following error:

WARNING: `makeinfo' is missing on your system. You should only need it if
you modified a `.texi' or `.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy `make' (AIX,
DU, IRIX). You might want to install the `Texinfo' package or
the `GNU make' package. Grab either from any GNU archive site.

then you need to locate and install the texinfo package on your build system. After installing texinfo, you should verify that the makeinfo command is in your PATH (i.e. type makeinfo on the command line and make sure it's not missing). Finally, do

cd gumstix-buildroot
rm -rf toolchain_build_arm_nofpu
make

If you did the fix above and you still get the `makeinfo' error message above, AND you are sure that makeinfo is properly installed on your path, then type

makeinfo --version

If your makeinfo version is 4.11 or higher, then you may have encountered a well-known `binutils' bug. See this thread for ways to work around this bug.

Alternative: Edit the Makefile if `missing' is entered

Alternatively if you see `missing' by the MAKEINFO macro definition in the Makefile in `gumstix-buildroot/toolchain_build_arm_nofpu/binutils-2.17.50.0.6-build' edit it to

MAKEINFO = /usr/bin/makeinfo

I followed the link to the other thread, and apparently make sees version 4.11 as older than version 4.4, and complains that it is out of date. It doesn't really complain that it is too old, it just says 'missing'.

That post leads to another post here

The solution is written as

Quote:makeinfo version check

* From: Alan Modra
* To: gcc-patches at gcc dot gnu dot org
* Date: Sat, 15 Sep 2007 00:42:23 +0930
* Subject: makeinfo version check

We've had two reports since binutils-2.18 saying that the configure
makeinfo version check fails for texinfo 4.11. I'd like to install
the following fairly obvious patch to fix this in both gcc and src.
I also moved the match for texinfo 10 thru texinfo 39 to the end, and
made it match 10 thru 99 so that it won't break when texinfo 40.0
is released.

* configure.ac: Correct makeinfo version check.

OK to install?

Index: configure.ac
===================================================================
diff -up ./configure.fix ./configure
--- configure.ac (revision 128489)
+++ configure.ac (working copy)
@@ -2454,7 +2454,7 @@
# For an installed makeinfo, we require it to be from texinfo 4.4 or
# higher, else we use the "missing" dummy.
if ${MAKEINFO} --version \
- | egrep 'texinfo[^0-9]*([1-3][0-9]|4\.[4-9]|[5-9])' >/dev/null 2>&1; then
+ | egrep 'texinfo[^0-9]*(4\.([4-9]|[1-9][0-9])|[5-9]|[1-9][0-9])' >/dev/null 2>&1; then
:
else
MAKEINFO="$MISSING makeinfo"

--
Alan Modra
Australia Development Lab, IBM

The problem is that - with at least for now Ubuntu Hardy, and eventually
other distros - texinfo was updated to version 4.11.
binutils v1.7 and 1.8 and gcc etc have 'broken' regexp lines in the
config that don't check versions > x.9 properly.

This is not a bug in texinfo, but in binutils et al configure files,
which assumes that texinfo 4.11 is older than texinfo 4.4.

Buildroot will fail on an 'abstract' error 2 when building with make -j3
(or jobs = 3 in menuconfig) because the _actual error_ (binutils build)
is buried 3 pages up by another job that is finishing.

Unless your Linux distro goes straight to texinfo 5.x instead of > 4.10,
assuming you update your system, then this will probably affect everyone
using buildroot - eventually.

Translation: the config files in binutils are broken. So you need to patch it, manually. Do the following
$ cd ~/popcorn/smp/smp86xx_toolchain.20080505/toolchain/binutils
$ cd 2.17
$ touch configure.patch

now you need to edit the file you just created. So break out whatever you like to use: nano, vi, vim, or gedit... I like vi, but if you don't know the shortcuts to paste, then I suggest gedit. and paste in the patch code. You need to change the first line few lines in the code, since that example is for gumstix... I haven't figured out what to change it to, but you should then be able to....[/i][/size]

Then move up three directories,
$ cd ../../..
$ rm -rf toolchain_build_mipsel_nofpu

and then repeat the 'make' command

[fbv2]

So I did a little reconnaissance work, and I think I solved the problem.

I first had to learn about diff and patch; if you're into linux and would like to know more yourself, go here.

Basically, what I did was looked for a reference to this missing texinfo

Code:

~/popcorn/smp/$ grep missing *
~/popcorn/smp/$ grep missing *

I saw a reference to in a configure file in the toolchain_build_mipsel_nofpu/binutils-2.17 directory.

I copied the configure file, opened it up, did a search to find the area in question... discovered it was on line 3641. Edited it by hand to look as it should. Did a diff command comparing the two files

Code:

diff configure configure-new > configure.diff

The output of the file I will show here:

Quote:
*** configure 2008-10-02 01:04:35.000000000 -0400
--- configure 2008-10-02 19:20:32.000000000 -0400
***************
*** 3637,3643 ****
# For an installed makeinfo, we require it to be from texinfo 4.4 or
# higher, else we use the "missing" dummy.
if ${MAKEINFO} --version \
! | egrep 'texinfo[^0-9]*([1-3][0-9]|4\.[4-9]|[5-9])' >/dev/null 2>&1; then
:
else
MAKEINFO="$MISSING makeinfo"
--- 3637,3643 ----
# For an installed makeinfo, we require it to be from texinfo 4.4 or
# higher, else we use the "missing" dummy.
if ${MAKEINFO} --version \
! | egrep 'texinfo[^0-9]*([1-3][0-9]|4\.([4-9]|[1-9][0-9])|[5-9])' >/dev/null 2>&1; then
:
else
MAKEINFO="$MISSING makeinfo"

I then moved the configure.diff file to the toolchain/binutils/2.17 directory, and renamed it configure.patch

Code:

mv configure.diff ../../toolchain/binutils/2.17/configure.patch

I then went back to ~popcorn/smp/smp86xx_toolchain.20080505 and removed the toolchain_build_mipsel_nofpu directory, and tried make again.

It did ask me which file to patch, (I didn't figure out how to correctly tell it the where the configure file was), so I typed in "configure" and it continued on its merry way, and created the toolchain environment file.


PS: I think it would be so nice (and critical) of SYABAS to update their toolchain by including this patch so that others don't run into any compilation problems in the future. BinUtils 2.18 is now out as stable, and I'm surprised they haven't had this problem before with building this toolchain since it lacks the patch.

[fbv2]

Grrr... the next problem I now face is compiling Zlib.a, which requires the misel-linux-gcc cross compiler. Just doing

Code:

$ CC=mipsel-linux-gcc ./configure

does not work. It returns an error

Quote: Checking for unistd.h... No.
Checking whether to use vs[n]printf() or s[n]printf()... using s[n]printf()
Checking for snprintf() in stdio.h... No.
WARNING: snprintf() not found, falling back to sprintf(). zlib
can build but will be open to possible buffer-overflow security
vulnerabilities.
Checking for return value of sprintf()... No.
WARNING: apparently sprintf() does not return a value. zlib
can build but will be open to possible string-format security
vulnerabilities.
Checking for errno.h... No.
Checking for mmap support... No.

Since I'm building on an x86 machine it wants to use x86 libraries to build, but I need to build for the mipsel-linux architecture so I need to figure out how to get it to use that cross compiler.

[bonym]

HI,
It is wery nice to compile dorpbear, BUT i don't want to do this.
SO, would you be so kind to share the compiled dropbearmulti!
Now i have the not-multi dropbear on my PCH: from http://groll.troll.free.fr/wiki/index.ph...e=Dropbear
But it has no scp and i want to copy files using scp.
Please help me, and share it!
thanks
bonym

[hugbug]

Why not put compiled binaries somethere, to not bother all users with compilation?

[Josiv]

I stated some time ago threat about links to compiled system tools
http://www.networkedmediatank.com/showth...p?tid=7192

[fbv2]

UPDATE

It was my bad.... the toolchain path WAS added... to the current session of that terminal window. If you have multiple TERMs open, the PATH is only exported to THAT one that you loaded it in. I was using a different TERM window, so it was trying to use GCC there.

[racanu]

Hi fbv2,

Thanks for pointing out the uClibc typo.
I've corrected it in the tutorial together with the kernel headers selection, version 2.6.11.0. I haven't (yet) tried it out though but I reckon you have.

Greets,

Adrian.

---

(10-03-2008 10:12 AM)bonym Wrote:  HI,
It is wery nice to compile dorpbear, BUT i don't want to do this.
SO, would you be so kind to share the compiled dropbearmulti!
Now i have the not-multi dropbear on my PCH: from http://groll.troll.free.fr/wiki/index.ph...e=Dropbear
But it has no scp and i want to copy files using scp.
Please help me, and share it!
thanks
bonym

Hi bonym,

In case you still need the binary, you can get it from here (temporarily): http://www.my-space-on-the.net/_share/dropbearmulti

Greets,

Adrian.

[bonym]

Hi racanu,
Thank You!
I'll try it soon.
thx
bonym

[garp99]

(10-05-2008 08:55 PM)racanu Wrote:  In case you still need the binary, you can get it from here (temporarily): http://www.my-space-on-the.net/_share/dropbearmulti

Thank you