OpenSSH (including daemon) for OpenLink

'' This article based on work done by Frontalot on Linkstationwiki.org ''

Background
This project offers OpenSSH (including daemon), precompiled and packaged for the PPC LinkStation. The OpenSSH package is intended for people who want to upgrade from Dropbear to a more full-featured SSH daemon. This way you can use a client like PuTTY or FileZilla for terminal and file transfer. You can even tunnel other protocols like VNC and Samba through SSH to make them secure. This package requires that you have installed the OpenLink or FreeLink firmware. You may download version 3.9p1 from the downloads area here. You may want to use this version "it contains the original tarball plus an installation script (not yet widely tested, but at least from that you can see the requirements)" referred to by Izzy in this forum. Or, get version 4.3p2 from here.

Programs included
The OpenSSH suite includes the following tools:
 * ssh, a replacement for rlogin and telnet:


 * scp, a replacement for rcp:


 * sftp, a replacement for ftp:


 * sshd, the SSH daemon:


 * ssh-keygen, a tool to generate the RSA and DSA keys that are used for user and host authentication:


 * ssh-agent, a small daemon that can hold copies of public keys and use them to sign authentication challenges, avoiding the need to enter passphrases every time they are used:


 * ssh-add, a tool to load keys into, or delete keys from a running ssh-agent:


 * ssh-keyscan, which scans a list of hosts and collects their public keys:


 * sftp-server, the sftp server subsystem (normally run directly by sshd)
 * ssh-keysign, a setuid helper program that signs "hostbased" authentication challenges using the host's private keys (normally executed directly by ssh)

FreeLink (Debian)
apt-get install ssh
 * Install the OpenSSH package using apt-get. If prompted, select SSH version 2. Use the command:


 * You can configure SSH through Webmin (see Webmin to remotely administer your LinkStation)

OpenLink (PowerPC)
A complete OpenSSH-4.3p2-package was available at mindbenders-page, but the link is unvalid at the moment:

cd / wget http://www.unet.univie.ac.at/~a0025690/ppc-binaries/OpenSSH-4.3p2_ppc.tar.gz tar xzvf OpenSSH-4.3p2_ppc.tar.gz /usr/local/etc/create_keys.sh

Startscript (/etc/init.d/sshd)
1) The /etc/init.d/sshd needs to be modified by adding the following lines to startup block. if [ ! -d /var/empty ]; then mkdir /var/empty fi  If the modification is not done, every time SSH is stopped and restarted, it will complain the the /var/empty directory already exists.

2) One must also remember to create user named "sshd". mkdir /var/empty chown root:sys /var/empty chmod 755 /var/empty groupadd sshd useradd sshd -g sshd -c 'sshd privsep' -d /var/empty chown root:root /usr/local/sbin/sshd ln -s /etc/init.d/sshd /etc/rc.d/rc2.d/S07sshd 3) You should be able to connect via ssh after reboot or if you start /etc/init.d/sshd "start" manually.

OpenLink (MIPSel)
This is generic and probably would work for any flavor LinkStation

to be able to compile you have to meet the following prerequisites:
 * 1) Flashed your LinkStation with OpenLink
 * 2) Installed the mipsel-development-tools (for the MIPSel LinkStation)

then compiling works that way:

download the source of OpenSSH to a seperate folder that you will use for compiling

the ftp site below seems unreliable, another is here: ftp://ftp.plig.org/pub/OpenBSD/OpenSSH/portable/ 

useradd sshd cd  wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.3p2.tar.gz tar xzvf openssh-4.3p2.tar.gz  cd openssh-4.3p2 ./configure --without-zlib-version-check make make install

the ssh-keys are generated automatically in the installation process.

If you run into problems with not having the sort command available, see here: http://buffalo.nas-central.org/wiki/Sort_is_missing_in_OpenLink-mipsel

there are two things that have to done additionally.

Startscript (/etc/init.d/sshd)
1) you have to manually create a startscript for OpenSSH which is stored at      /etc/init.d/sshd or you use this one (/var/empty has to be created each time at start): export USER="root" NAME=ssh start {     if [ ! -d /var/empty ]; then         mkdir /var/empty     fi       su - $USER -c"/usr/local/sbin/sshd" } stop {     su - $USER -c"killall sshd" } case "$1" in     start) echo -n "Starting sshd: " start ;;    stop)         echo -n "Stopping sshd "         stop         ;;     restart) echo -n "Restarting sshd " stop start ;;    *)         echo "Usage: /etc/init.d/$NAME {start|stop|restart}"         exit 1         ;; esac exit 0
 * 1) ! /bin/sh

2) you have to make sshd is started automatically after shutdown/reboot. do this by executing

ln -s /etc/init.d/sshd /etc/rc.d/rc2.d/S07sshd

afterwards OpenSSH is ready for action.

TeraStation (PowerPC)
A complete OpenSSH-4.3p2-package is available at mindbenders-page, install it by: cd / wget http://www.unet.univie.ac.at/~a0025690/ppc-binaries/OpenSSH-4.3p2_ppc.tar.gz tar xzvf OpenSSH-4.3p2_ppc.tar.gz /usr/local/etc/create_keys.sh

Check for missing 'groups' file
Check to see if you have the groups command available as it is needed. It will typically be under /usr/local/bin, but the easiest way to check for it is to simply issue the command groups bash: groups: command not found and see if you get an error as in the above example or not. If it does not exist on your system, then you can extract it from the coreutils package available at http://downloads.nas-central.org/ALL_PPC/ (it is not necessary to install the full coreutils package unless you really want to).

Startscript (/etc/init.d/sshd)
1) The /etc/init.d/sshd needs to be modified by adding the following lines to startup block. if [ ! -d /var/empty ]; then   mkdir /var/empty   chown root:sys /var/empty   chmod 755 /var/empty fi  If the modification is not done, every time SSH is stopped and restarted, it will complain the the /var/empty directory already exists.

2) One must do a final step to create the link for auto-starting the sshd daemon on system boot: ln -s /etc/init.d/sshd /etc/rc.d/rc3.d/S07sshd

3) You should be able to connect via ssh after reboot or if you start /etc/init.d/sshd "start" manually.   At this point you can connect using your favorite ssh client (e.g. putty).

Disabling standard telnet
Once you are happy that you have ssh working you are likely to want to disable standard telnet. To do this comment out the the line in /etc/inetd.conf that starts telnet by inserting a # at the front: You can then always re-enable standard (unencrypted) telnet by uncommenting this line.
 * 1) telnet	stream tcp     nowait  root    /usr/sbin/tcpd	in.telnetd