SSH required in ARM TI EVM board........

Hi Titus,

We use "dropbear" on our DM365 board - dropbear is a version of ssh which is more suitable for embedded boards. Download it from here: http://matt.ucc.asn.au/dropbear/dropbear.html

Once it's downloaded, configure it with this command:

./configure --disable-zlib --host=arm-none-linux-gnueabi --target=arm-none-linux-gnueabi

Compile it by typing "make", then you can tar up the resultant programs like this:

tar -cvf dropbear-usrbin.tar dropbear dbclient dropbearkey dropbearconvert scp

The resulting tarfile should be unpacked into your root filesystem's /usr/bin directory - we do this on the Ubuntu host before making the install SD card. You can run dropbear from /etc/inittab with a line like this, which will enable you to log in to your board remotely and do scp file copies:

db:5:respawn:/usr/bin/dropbear -F

I hope this helps!

Peter.

Hi Peter,

Thanks for ur reply.

i hv done it but i could not run those commands(i dnt kw how to work with those commands),

if i run dropbear 10.10.30.56 then , i could not see anything...

pl do the needful

Regards,

S.Titus

Ah yes, I forgot to mention that the commands I gave above were to be run on an Ubuntu 10.04 host PC, the same one that you have DVSDK installed on. It is a simple download, cross-compile and copy operation and it shouldn't give you any problems. If it's still not working for you, let me know exactly what you're doing, what OS you're using and what errors you see.

Hi Peter,

I m using linux ubnutu10.04 and pl refer my host and target logs

HOST MACHINE:

titus@titus-desktop:~/Desktop/dropbear-2012.55$ ./configure --disable-zlib --host=arm-none-linux-gnueabi --target=arm-none-linux-gnueabi
configure: WARNING: If you wanted to set the --build type, don't use --host.
    If a cross compiler is detected then cross compile mode will be used.
checking for arm-none-linux-gnueabi-gcc... arm-none-linux-gnueabi-gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... yes
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether arm-none-linux-gnueabi-gcc accepts -g... yes
checking for arm-none-linux-gnueabi-gcc option to accept ISO C89... none needed
checking whether make sets $(MAKE)... yes
configure: No $CFLAGS set... using "-Os -W -Wall" for GCC
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
checking build system type... i686-pc-linux-gnu
checking host system type... arm-none-linux-gnueabi
checking for arm-none-linux-gnueabi-ar... arm-none-linux-gnueabi-ar
checking for arm-none-linux-gnueabi-ranlib... arm-none-linux-gnueabi-ranlib
checking for arm-none-linux-gnueabi-strip... arm-none-linux-gnueabi-strip
checking for arm-none-linux-gnueabi-install... no
checking for install... install
configure: WARNING: In the future, Autoconf will not detect cross-tools
whose name does not start with the host triplet.  If you think this
configuration is useful to you, please write to autoconf@gnu.org.
checking how to run the C preprocessor... arm-none-linux-gnueabi-gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether __UCLIBC__ is declared... no
checking for crypt in -lcrypt... yes
configure: Disabling zlib
configure: Disabling PAM
configure: Using openpty if available
checking for library containing openpty... -lutil
configure: Enabling syslog
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
configure: Using shadow passwords if available
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking netinet/tcp.h usability... yes
checking netinet/tcp.h presence... yes
checking for netinet/tcp.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking termios.h usability... yes
checking termios.h presence... yes
checking for termios.h... yes
checking for unistd.h... (cached) yes
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking pty.h usability... yes
checking pty.h presence... yes
checking for pty.h... yes
checking ioctl.h usability... no
checking ioctl.h presence... no
checking for ioctl.h... no
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking libgen.h usability... yes
checking libgen.h presence... yes
checking for libgen.h... yes
checking for inttypes.h... (cached) yes
checking stropts.h usability... yes
checking stropts.h presence... yes
checking for stropts.h... yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking utmpx.h usability... yes
checking utmpx.h presence... yes
checking for utmpx.h... yes
checking lastlog.h usability... yes
checking lastlog.h presence... yes
checking for lastlog.h... yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking util.h usability... no
checking util.h presence... no
checking for util.h... no
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking security/pam_appl.h usability... no
checking security/pam_appl.h presence... no
checking for security/pam_appl.h... no
checking pam/pam_appl.h usability... no
checking pam/pam_appl.h presence... no
checking for pam/pam_appl.h... no
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking for an ANSI C-conforming const... yes
checking for uid_t in sys/types.h... yes
checking for mode_t... yes
checking for pid_t... yes
checking for size_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking for uint16_t... yes
checking for u_int16_t... yes
checking for struct sockaddr_storage... no
checking for socklen_t... yes
checking for struct sockaddr_storage... yes
checking for struct sockaddr_in6... yes
checking for struct in6_addr... yes
checking for struct addrinfo... yes
checking for gai_strerror... yes
checking for struct utmp.ut_host... yes
checking for struct utmp.ut_pid... yes
checking for struct utmp.ut_type... yes
checking for struct utmp.ut_tv... yes
checking for struct utmp.ut_id... yes
checking for struct utmp.ut_addr... yes
checking for struct utmp.ut_addr_v6... yes
checking for struct utmp.ut_exit... yes
checking for struct utmp.ut_time... yes
checking for struct utmpx.ut_host... yes
checking for struct utmpx.ut_syslen... no
checking for struct utmpx.ut_type... yes
checking for struct utmpx.ut_id... yes
checking for struct utmpx.ut_addr... no
checking for struct utmpx.ut_addr_v6... yes
checking for struct utmpx.ut_time... no
checking for struct utmpx.ut_tv... yes
checking for struct sockaddr_storage.ss_family... yes
checking for endutent... yes
checking for getutent... yes
checking for getutid... yes
checking for getutline... yes
checking for pututline... yes
checking for setutent... yes
checking for utmpname... yes
checking for endutxent... yes
checking for getutxent... yes
checking for getutxid... yes
checking for getutxline... yes
checking for pututxline... yes
checking for setutxent... yes
checking for utmpxname... yes
checking for logout... yes
checking for updwtmp... yes
checking for logwtmp... yes
checking for register_cipher in -ltomcrypt... no
checking for mp_exptmod in -ltommath... no
checking for library containing login... none required
checking for logout... (cached) yes
checking for updwtmp... (cached) yes
checking for logwtmp... (cached) yes
checking if your system defines LASTLOG_FILE... no
checking if your system defines _PATH_LASTLOG... yes
checking if your system defines UTMP_FILE... yes
checking if your system defines WTMP_FILE... yes
checking if your system defines UTMPX_FILE... no
checking if your system defines WTMPX_FILE... no
checking whether arm-none-linux-gnueabi-gcc needs -traditional... no
checking for working memcmp... no
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking for sys/socket.h... (cached) yes
checking types of arguments for select... int,fd_set *,struct timeval *
checking return type of signal handlers... void
checking for dup2... yes
checking for getspnam... yes
checking for getusershell... yes
checking for memset... yes
checking for putenv... yes
checking for select... yes
checking for socket... yes
checking for strdup... yes
checking for clearenv... yes
checking for strlcpy... no
checking for strlcat... no
checking for daemon... yes
checking for basename... yes
checking for _getpty... no
checking for getaddrinfo... yes
checking for freeaddrinfo... yes
checking for getnameinfo... yes
checking for library containing basename... none required
configure: Not checking for /dev/ptc & /dev/pts since we're cross-compiling
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
configure: creating ./config.status
config.status: creating Makefile
config.status: creating libtomcrypt/Makefile
config.status: creating config.h
config.status: config.h is unchanged
configure: creating ./config.status
config.status: creating Makefile
config.status: creating libtomcrypt/Makefile
config.status: creating libtommath/Makefile
config.status: creating config.h
config.status: config.h is unchanged
configure:
configure: Using bundled libtomcrypt and libtommath
configure:
configure: Now edit options.h to choose features.
titus@titus-desktop:~/Desktop/dropbear-2012.55$ db:5:respawn:/usr/bin/dropbear -F^C
titus@titus-desktop:~/Desktop/dropbear-2012.55$ make
arm-none-linux-gnueabi-gcc  -o dropbear dbutil.o buffer.o dss.o bignum.o signkey.o rsa.o random.o queue.o atomicio.o compat.o  fake-rfc2553.o  common-session.o packet.o common-algo.o common-kex.o common-channel.o common-chansession.o termcodes.o loginrec.o tcp-accept.o listener.o process-packet.o common-runopts.o circbuffer.o svr-kex.o svr-algo.o svr-auth.o sshpty.o svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o svr-tcpfwd.o svr-authpam.o -lcrypt  libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil
arm-none-linux-gnueabi-gcc  -o dbclient dbutil.o buffer.o dss.o bignum.o signkey.o rsa.o random.o queue.o atomicio.o compat.o  fake-rfc2553.o  common-session.o packet.o common-algo.o common-kex.o common-channel.o common-chansession.o termcodes.o loginrec.o tcp-accept.o listener.o process-packet.o common-runopts.o circbuffer.o cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o cli-session.o cli-service.o cli-runopts.o cli-chansession.o cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o cli-agentfwd.o list.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil
arm-none-linux-gnueabi-gcc  -o dropbearkey dbutil.o buffer.o dss.o bignum.o signkey.o rsa.o random.o queue.o atomicio.o compat.o  fake-rfc2553.o  dropbearkey.o gendss.o genrsa.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil
arm-none-linux-gnueabi-gcc  -o dropbearconvert dbutil.o buffer.o dss.o bignum.o signkey.o rsa.o random.o queue.o atomicio.o compat.o  fake-rfc2553.o  dropbearconvert.o keyimport.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil
titus@titus-desktop:~/Desktop/dropbear-2012.55$ tar -cvf dropbear-usrbin.tar dropbear dbclient dropbearkey dropbearconvert scp
dropbear
dbclient
dropbearkey
dropbearconvert
tar: scp: Cannot stat: No such file or directory
tar: Exiting with failure status due to previous errors
titus@titus-desktop:~/Desktop/dropbear-2012.55$ tar -cvf dropbear-usrbin.tar dropbear dbclient dropbearkey dropbearconvert
dropbear
dbclient
dropbearkey
dropbearconvert
titus@titus-desktop:~/Desktop/dropbear-2012.55$
titus@titus-desktop:~/Desktop/dropbear-2012.55$

TARGET

root@dm355-evm:/#
root@dm355-evm:/#
root@dm355-evm:/# ls
08setupdns               dropbear-2012.55         pap-secrets
200Hz.wav                dropbear-2012.55.tar.gz  proc
92removedns              dropbear-usrbin.tar      root
Finalmix.wav             etc                      rtc
alsa-state               filters                  sbin
alsaconf                 home                     script
alsactl                  lib                      srv
app                      linuxrc                  sys
audiotest.wav            main.ko                  tmp
bin                      media                    usr
boot                     mnt                      var
chap-secrets             mod                      welcome.wav
dev                      opt
dm3xx_sd_boot-6.1 (2)    options
root@dm355-evm:/# mv dropbear-usrbin.tar /usr/bin/
root@dm355-evm:/#
root@dm355-evm:/#
root@dm355-evm:/#
root@dm355-evm:/# cd usr/bin/
root@dm355-evm:/usr/bin#
root@dm355-evm:/usr/bin#
root@dm355-evm:/usr/bin# tar -xvf dropbear-usrbin.tar
dropbear
dbclient
dropbearkey
dropbearconvert
root@dm355-evm:/usr/bin# dropbear 10.10.30.81
root@dm355-evm:/usr/bin#

root@dm355-evm:/# /usr/bin/dropbear -F
root@dm355-evm:/#
root@dm355-evm:/#
root@dm355-evm:/#
root@dm355-evm:/# dropbear 10.10.30.81
root@dm355-evm:/#
root@dm355-evm:/#
root@dm355-evm:/#

If you check the messages you can see that scp hasn't built, for some reason. But that's not a problem, you still have the dropbear server built fine. Once /usr/bin/dropbear is running on your EVM you will be able to ssh into it.

I can take ssh my host machine(PC) but i could not take ssh my target....

pl provide any solution.......

Titus.

Hello, Titus!

Build dropbear from sources:
dropbear:
    [ -d $(DROPBEAR) ] || \
        tar --extract --auto-compress --file $(CONTRIBS_DIR)/$(DROPBEAR).tar.bz2
    [ -f $(DROPBEAR)/Makefile ] || \
        (cd $(DROPBEAR) && \
            ./configure --prefix=/tmp/dropbear --host=arm --disable-largefile \
                --disable-zlib CC=$(CROSS)gcc)
    [ -f $(DROPBEAR)/.patch ] || \
        (patch --directory=$(DROPBEAR) \
            --strip=1 < $(PATCHES_DIR)/$@/options.h.patch && \
            touch $(DROPBEAR)/.patch)
    make PROGRAMS="dropbear dropbearkey" --directory=$(DROPBEAR)
    mkdir --parents $(NFS_DIR)/usr/sbin
    for i in dropbear dropbearkey; do \
        $(CROSS)strip --strip-all -o $(NFS_DIR)/usr/sbin/$$i $(DROPBEAR)/$$i; \
    done

/etc/init.d/ssh.sh
#!/bin/sh

DAEMON=/usr/sbin/dropbear
KEYGEN=/usr/sbin/dropbearkey

[ -x $DAEMON -a -x $KEYGEN ] || exit 1

[ -f /etc/default/ssh ] && source /etc/default/ssh

keygen()
{
        [ -f $RSA_KEY ] || $KEYGEN -t rsa -f $RSA_KEY
        [ -f $DSS_KEY ] || $KEYGEN -t dss -f $DSS_KEY
}

start()
{
        keygen
        start-stop-daemon--quiet --pidfile $PID --background \
                -S --exec $DAEMON -- -mjk -P $PID
}

stop()
{
        start-stop-daemon --quiet --pidfile $PID -K --signal TERM
}

restart()
{
        stop
        sleep 3
        start   
}

status()
{
        start-stop-daemon --quiet --pidfile $PID -K --test
        if [ $? -eq 0 ]; then
                pid=`cat $PID`
                echo "Daemon $DAEMON is running, pid $pid"
        else
                echo "Daemon $DAEMON is stopped"
        fi
}

case "$1" in
        start) start;;
        stop) stop;;
        restart) restart;;
        status) status;;
        *)
                echo "Usage $0 {start|stop|restart|status}";;
esac

exit $?

/etc/default/ssh:
RSA_KEY=CHANGE_RSA_KEY
DSS_KEY=CHANGE_DSS_KEY
PID=CHANGE_PID_FILE

Hi Kirill,

Thanks for ur response...

I hv changes done in /etc/default/ssh and /etc/init.d/ssh files.

but i m getting error

root@dm355-evm#
root@dm355-evm#
root@dm355-evm# /etc/init.d/ssh start
Will output 1024 bit rsa secret key to 'CHANGE_RSA_KEY'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgn/mrK2ZWBS0XziYbtJuoWTbmKAC2S395OoDE0D6YlU8gGL/XkMMhBmrHDl2dQhmzMN5eSzdogoMYaKfHTOtMR+SJ
vLDfqSYQerUUsD1IGlDPwrfbMc/oIXsptbgqf8vNQuCWnptYVmqcjZKpEgTgmEy5aSxMI54FT31sc0ROpOYvk8= root@dm355-evm
Fingerprint: md5 36:1c:05:03:e3:29:a9:cb:1b:1b:5d:b9:57:41:ea:cf
Will output 1024 bit dss secret key to 'CHANGE_DSS_KEY'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAPNoIzLDoNIp1sdZjP+68lKfXBo77We/L7r3rEKNKRBi9t/trvMQADjpcAF/dtrHJaT3/iPrpm8Ujz3FQkVBDii4/L4+U0y0f
Ipe8feHXH26sfhbYHzmv9UDUP+0m2RDRVA1ds9AMJg8riHWEpn8IrIitQkJGX/CAMPF0wc+kqdzAAAAFQD3+fc+F0+gfGSfWwDX7fivBTEI1wAAAIB0EGFvGAZK0f
yjpSc53x2SoEdpaVRJuHDT2Y066tdCKVdm5u4x2r0/Ls7zq16qG2ip1TC8h9w7rN6ftQr/4SzB7HQuK1EWzjcK/GdvMGQq5KzTCW/teBj5Gk9M4tyv1jrc1WclNYw
U/qyaDKOULvScbOgFTlmoAj4Sb53GayrR3wAAAIAn/i15o4Z1/F7B3nptTItw4jdFwdTYX64WEiNwsX6xv6GIUNQOZtCWNo/2JragIDkk64GeUZz0sLxihea0QBxY
yghtty2gEJgrrawVeBcDmckECx2QG3lBbC5zL2mHnw5XlDAS8QIej2kL0l4UNhRW4ffAkHUm3oGC7qYN5YCJAw== root@dm355-evm
Fingerprint: md5 03:af:e3:be:d2:d1:23:3c:1d:86:91:6a:a5:74:70:8e
/etc/init.d/ssh: line 19: start-stop-daemon--quiet: command not found
root@dm355-evm#

and plz give  me easy procedure to build dropbear source...bcz i could not understand commands above mentioned by u

Hello, Titus!

Quiet is a key for start-stop-daemon, you MUST write it separated.
I post dropbear procedure from my makefile, that causes in you difficulties?

Hi Titus,

Thank you very much for the configuration. I was able to run it successfully. The only problem is mine is a cramfs and I am getting the following message. I have rw file system mounted on /tmp/sd1. Can you please tell me the modifications to get the keys in /tmp/sd1 and use the keys from there?

Thanks

Bhupathi

Sorry forgot to add the message. Here it is

root@(none):/mdvr# /etc/init.d/ssh.sh start
Will output 1024 bit rsa secret key to 'CHANGE_RSA_KEY'
Generating key, this may take a while...
Couldn't create new file CHANGE_RSA_KEY
Reason: Read-only file system
Will output 1024 bit dss secret key to 'CHANGE_DSS_KEY'
Generating key, this may take a while...
Couldn't create new file CHANGE_DSS_KEY
Reason: Read-only file system

Thanks

Bhupathi

Thanks for everyone for ur replies,

I have done one mistake,

i have did everything fine but i got stuck when i try to take ssh with some ip address,

then, i have analyzed that i didnt enabled pts support in kernel,

later i have enabled pts support through "make menuconfig"

now i can able to work with ssh,

Regards,

S.Titus.