轻量级SSH Dropbear移植

前言

Dropbear 是一款面向嵌入式系统的轻量级 SSH 实现，相比 OpenSSH 具有以下优势：

• 体积小、依赖少
• 启动快、内存占用低
• 支持 SSH 登录、端口转发

但需要注意：

• Dropbear 默认不包含 scp，如需支持 scp，需在源码目录执行 make scp 编译生成；

1. 源码获取

Zlib 源码下载：
发行版 v1.2.11 · madler/zlib

Dropbear 源码下载：
Index of /dropbear/releases

2.交叉编译

#SS928V100 hi3519dv500
CHIP ?= hi3519dv500

ifeq ($(CHIP), SS928V100)
ARCH := aarch64
CROSS_COMPILE := aarch64-mix210-linux-
CROSS_HOST      := aarch64-mix210-linux
else ifeq ($(CHIP), hi3519dv500)
ARCH := aarch64
CROSS_COMPILE := aarch64-v01c01-linux-gnu-
CROSS_HOST      := aarch64-v01c01-linux-gnu
endif

CUR_MK := $(abspath $(lastword $(MAKEFILE_LIST)))
TOP_DIR := $(shell dirname $(CUR_MK))

ZLIB_TAR          := zlib-1.2.11.tar.gz
DROPBEAR_TAR      := dropbear-2025.89.tar.bz2

ZLIB_DIR          := $(TOP_DIR)/zlib
DROPBEAR_DIR      := $(TOP_DIR)/dropbear

MODULES           := ZLIB DROPBEAR
PATCH_MODULES     :=
UNPACK_TARS       := $(foreach mod,$(MODULES),$($(mod)_TAR))
UNPACK_DIRS       := $(foreach mod,$(MODULES),$($(mod)_DIR))

OUTPUT_DIR        := $(TOP_DIR)/output/
OUTPUT_BUILD_DIR  := $(OUTPUT_DIR)/build
OUTPUT_BIN_DIR    := $(OUTPUT_DIR)/bin

export PKG_CONFIG_LIBDIR=$(OUTPUT_BUILD_DIR)/lib/pkgconfig

NO_COLOR=\033[0m
OK_COLOR=\033[32;01m

CPU_NUM := $(shell cat /proc/stat | grep cpu[0-16] -c)

# build targets
BUILD_TARGETS := zlib dropbear
CLEAN_TARGETS := zlib_clean dropbear_clean

.PHONY: unpack zlib dropbear unpack_clean zlib_clean dropbear_clean install

all: prepare unpack $(BUILD_TARGETS) install

clean: unpack_clean #$(CLEAN_TARGETS)
    @rm -rf $(OUTPUT_DIR)

prepare:
    @mkdir -p $(OUTPUT_BIN_DIR)
    @mkdir -p $(OUTPUT_BUILD_DIR)

zlib:
    @set -e; \
    pushd $(ZLIB_DIR); \
        CC=$(CROSS_COMPILE)gcc prefix=$(OUTPUT_BUILD_DIR) CFLAGS="-fstack-protector-all -fPIC" \
        LDFLAGS="-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack" ./configure; \
        make -j$(CPU_NUM); \
        make install -j${CPU_NUM}; \
    popd
    @printf "${OK_COLOR}========== zlib build OK! ==========${NO_COLOR}\n"

dropbear: zlib
    @set -e; \
    pushd $(DROPBEAR_DIR); \
        ./configure CC=$(CROSS_COMPILE)gcc AR=$(CROSS_COMPILE)ar --host=$(CROSS_HOST) --prefix=$(OUTPUT_BUILD_DIR) \
        --with-zlib=$(OUTPUT_BUILD_DIR) \
        --enable-static;\
        make -j$(CPU_NUM); \
        make install -j${CPU_NUM}; \
        make scp; \
    popd
    @printf "${OK_COLOR}========== dropbear build OK! ==========${NO_COLOR}\n"

install:
    @cp ${OUTPUT_BUILD_DIR}/bin/dbclient ${OUTPUT_BIN_DIR}/
    @cp ${OUTPUT_BUILD_DIR}/bin/dropbearconvert ${OUTPUT_BIN_DIR}/
    @cp ${OUTPUT_BUILD_DIR}/bin/dropbearkey ${OUTPUT_BIN_DIR}/
    @cp ${OUTPUT_BUILD_DIR}/sbin/dropbear ${OUTPUT_BIN_DIR}/
    @cp ${DROPBEAR_DIR}/scp ${OUTPUT_BIN_DIR}/
    @${CROSS_COMPILE}strip ${OUTPUT_BIN_DIR}/dbclient --strip-unneeded
    @${CROSS_COMPILE}strip ${OUTPUT_BIN_DIR}/dropbearconvert --strip-unneeded
    @${CROSS_COMPILE}strip ${OUTPUT_BIN_DIR}/dropbearkey --strip-unneeded
    @${CROSS_COMPILE}strip ${OUTPUT_BIN_DIR}/dropbear --strip-unneeded
    @${CROSS_COMPILE}strip ${OUTPUT_BIN_DIR}/scp --strip-unneeded

    @printf "${OK_COLOR}========== install OK! ==========${NO_COLOR}\n"

zlib_clean:
    @cd ${ZLIB_DIR}/ && make CC=$(CROSS_COMPILE)gcc clean

dropbear_clean:
    @cd ${DROPBEAR_DIR}/ && make CC=$(CROSS_COMPILE)gcc clean

unpack: unpack_clean
    @set -e; \
    i=0; \
    for tar in $(UNPACK_TARS); do \
        mod=$$(echo $(MODULES) | cut -d' ' -f$$((i+1))); \
        dir=$$(echo $(UNPACK_DIRS) | cut -d' ' -f$$((i+1))); \
        echo "Unpacking $$tar to $$dir"; \
        mkdir -p $$dir; \
        tar -xf $$tar -C $$dir --strip-components=1; \
        if echo "$(PATCH_MODULES)" | grep -wq "$$mod"; then \
            patchfile="$(TOP_DIR)/$$(echo $$tar | sed -e 's/\.tar.*//').patch"; \
            if [ -f "$$patchfile" ]; then \
                echo "Patching $$mod with $$patchfile"; \
                cd $$dir && patch -p1 < "$$patchfile" || true; \
                cd - >/dev/null; \
            else \
                echo "Patch file $$patchfile not found"; \
            fi; \
        fi; \
        i=$$((i+1)); \
    done
    @printf "${OK_COLOR}========== unpack OK! ==========${NO_COLOR}\n"

unpack_clean:
    @rm -rf $(UNPACK_DIRS)
    @printf "${OK_COLOR}========== unpack_clean OK! ==========${NO_COLOR}\n"

编译

make

• dropbear（sshd）
• dbclient（ssh 客户端）
• dropbearkey（密钥生成工具）
• dropbearconvert（密钥转换）

3. dropbear部署

①.拷贝程序至/usr/bin 和 /sbin目录

/usr/bin/dbclient
/usr/bin/dropbearkey
/usr/bin/dropbearconvert
/usr/bin/scp

/usr/sbin/dropbear

#记得给权限
chmod +x /usr/bin/dbclient
chmod +x /usr/bin/dropbearkey
chmod +x /usr/bin/dropbearconvert
chmod +x /usr/bin/scp
chmod +x /usr/sbin/dropbear

②.设置密码

③.创建必要目录

mkdir /etc/dropbear
mkdir /var/log

④.生成主机密钥，创建ssh-keycheck.sh

#!/bin/sh
# $1 = dropbearkey 路径（可选）
# $2 = 密钥目录（可选）

DROPBEARKEY=${1:-dropbearkey}
KEY_DIR=${2:-/etc/dropbear} 

umask 077
mkdir -p "$KEY_DIR"

gen_key() {
    type=$1
    key="$KEY_DIR/dropbear_${type}_host_key"

    # 已存在且可解析，直接跳过
    if [ -s "$key" ] && "$DROPBEARKEY" -y -f "$key" >/dev/null 2>&1; then
        return
    fi

    echo "Generating Dropbear $type host key..."
    "$DROPBEARKEY" -t "$type" -f "$key"
    sync
}

gen_key rsa
gen_key ecdsa
gen_key ed25519

chmod +x ssh-keycheck.sh

⑤.自启动 Dropbear，创建S89nettools

#!/bin/sh

for dir in \
    /var/log
do
    [ -d "$dir" ] || mkdir -p "$dir"
done

opt/bin/ssh-keycheck.sh /usr/bin/dropbearkey /etc/dropbear

/usr/sbin/dropbear

⑥.重启验证

scp文件传输测试：

若要使用SFTP传输，需要使用 openssh 编译出的 sftp-server 放置在 /usr/libexec 目录下，这样就能使用 sftp上传与下载文件。

4.资源下载

https://www.ebaina.com/down/240000039004