BYU Brigham Young University [frame piece] Route Y
Department of Electrical and Computer Engineering

<< Under construction >>

Configuring OpenSSL/OpenSSH for a Linux FPGA Platform

Revision Date: 14 July 2005

The protocols ssh and sftp are more secure ways of doing remote access than telnet and ftp.  In our installation we use them exclusively.

Prerequisites:

  1. Have modprobe and install configured in your BusyBox file system.
  2. Have the make command in your BusyBox file system

Procedure

The steps for this process are as follows:

  1. Download the OpenSSL, OpenSSH, and zlib tarballs onto a Linux box

  2. Untar them into a working directory of your choice.

  3. Configure and make install all three programs
  4. Modify the sshd_config file
  5. Add sshd to the /etc/init.d/rcS file

P1. Configure modprobe Into BusyBox

Configure your BusyBox setup by running make menuconfig and under the Linux Module Utilities menu, select modprobe.  Also, under the Coreutils menu, select install.

P2. Download and Install make for the Linux FPGA Platform

 You can get make from:

http://ftp.gnu.org/pub/gnu/make/

Untar it into a directory of your choice.  In the directory where you untarred it do the following:

#   ./configure --prefix=<installPlace> --host=ppc CC=<cross-compiler> AR=<cross-archiver>

#   make

#   make install

The cross-compiler and cross-archiver need to be the full pathnames of your PPC cross compiler and archiver tools.

The ./configure command creates the required makefile and then make and make install do the compilation for you.

The prefix in the first of the 3 commands tells make install where to place the resulting binaries.  If you choose something like /tmp/local for this it will place them there and then you can copy them over to your BusyBox root file system by hand.

Next, download the following:

OpenSSL from http://www.openssl.org/source/

OpenSSH from http://www.openssh.com/portable.html

Zlib from http://www.zlib.net/

For the 2nd download (OpenSSH) we used the USA HTTP download site and got file openssh-4.1p1.tar.gz.  The other two downloads were self-explanatory.

Untar  the 3 files into a directory NOT in the root file system created by BusyBox.  The reason is that if you do so, you will have to repeat these instructions if you re-build the root file system from scratch.

Let's do Zlib first.  Run the configure script.  Give it a prefix to the root file system for the board.  Then you need to alter the Makefile that is generated to use a cross-compiler:

            #  ./configure --prefix=/opt/xup_rootfs/usr/local

            #  vi Makefile

               CC=/opt/powerpc-405-linux/bin/powerpc-405-linux-gnu-gcc

               AR=/opt/powerpc-405-linux/bin/powerpc-405-linux-gnu-ar rc

               CPP=/opt/powerpc-405-linux/bin/powerpc-405-linux-gnu-gcc -E

               LDSHARED=/opt/powerpc-405-linux/bin/powerpc-405-linux-gnu-gcc

 Now you should be ready to make and install it:

            #   make

            #   make install

 The make command makes it in the current directory without touching the actual root file system.  The make install actually copies it over to the root file system.

OpenSSL:     Similar to zlib:

 

            #   ./Configure --prefix=/opt/xup_rootfs  os/compiler:/opt/powerpc-405-linux/bin/powerpc-405-linux-gnu-gcc

            #   vi Makefile

          AR=AR=/opt/montavista/previewkit/ppc/405/bin/ppc_405-ar $(ARFLAGS) r

            #   make

            #   make install

 

OpenSSH:     Similar to the above

             #   ./configure --host=ppc --prefix=/opt/xup_rootfs/usr/local --with-libs \

                  --with-zlib=/opt/xup_rootfs/usr/local --disable-etc-default-login \

                 CC=/opt/powepc-405-linux/bin/powerpc-405-linux-gnu-gcc \

                 AR=/opt/powepc-405-linux/bin/powerpc-405-linux-gnu-ar

            #   vim Makefile

                        exec_prefix=/usr/local

                        STRIP_OPT=

                        LIBS=-lresolv -lcrypto -lutil -lz -lnsl -lcrypt

            #   make

 At this point you have made all you can on the Linux box.  Now you need to boot up and move to the actual FPGA board, change to the OpenSSH directory and finish the installation.  Before doing so, you

            ml300 #   make install

 

4. Modify sshd_config

 

#   cd /home/bab76/rootfs/usr/local/etc/

#   vim sshd_config

            Find this section: #Logging

            It should look like this:

                        #obsoletes QuietMode and FascistLogging

                        #SyslogFacility AUTH

                        #LogLevel INFO

            Change it to this:

                        #obsoletes QuietMode and FascistLogging

                        #SyslogFacility AUTH

                        SyslogFacility AUTHPRIV

                        #LogLevel INFO

            Find this section: # Set this section to 'yes' to enable PAM ...

            It should look like this:

                        #UsePAM no

 

                       

                        #AllowTcpForwarding yes

                        #GatewayPorts no

                        #X11Forwarding yes

            Change it to this:

                        #UsePAM no

 

                       

                        #AllowTcpForwarding yes

                        #GatewayPorts no

                        X11Forwarding yes

 

5. Add sshd to /etc/init.d/rcS

 

Add a line to the rcS file like this:

 

/usr/local/sbin/sshd

 

 

 

That completes the installation of the OpenSSH software.

 

Add into passwds and groups a sshd user (use 74 as user and group id).  /var/empty/nothing /sbin/nologin