openssh static build - mission impossible?

Mr Dash Four mr.dash.four at googlemail.com
Mon Mar 12 04:08:43 EST 2012 

>     What I did was to build a new toolchain for my target arch, based
>     on uclibc and then recompile the whole dependency tree, starting
>     from zlib, openssl etc. Quite a few tweaks and a few
>     newly-discovered distro-specific OpenSSH bugs later (which I'll
>     report on bugzilla in the coming days) I have brand new
>     statically-linked openssh rpm packages (strictly speaking I did
>     not need openssh to be packaged in rpm, but I am so used to rpmbuild).
>
>  
> *OUCH*. As an admin who does quite a bit of RHEL support, I'll be 
> fascinated to see your bug reports.
I will be reporting them over the coming days - none of them are very 
serious, though quite annoying they are, and from what I remember they 
most come from the Fedora patches applied to the source tree (quite 
frustrating that was, since I was able to build a "vanilla" openssh at 
the first time of asking).
 
> Can you test the "ssh", "scp", "sftp", and "sshd" binaries separately 
> and confirm whether they work well even connecting to other systems?
So far I have tested all of those plus the keygen facilites, but except 
ssh - that will have to wait a bit until I get my other machine properly 
set up.
 
>
>     The newly-built sshd is running fine, though since I do not have
>     shadow passwords or any nss running on the target device, I had to
>     "improvise" and create these files manually so that ssh(d) could
>     run - otherwise I was getting a message saying ssh does not
>     recognise me, asking me to "go away" (ha!).
>
> Interesting. I assume your /etc/shadow was created correctly? I've 
> seen fascinating problems when someone manually put entries in 
> /etc/passswd without matching entries in /etc/shadow.
Nothing was created at all as my device do not use/have shadow or 
anything like that (etc/passwd, /etc/shadow, /etc/group, /etc/gshadow, 
/etc/shells and /etc/profile were all missing). I did something very 
similar to the following sequence of commands:

echo "root:x:0:0::/usr/local/root_ssh_home:/system/xbin/bash" > /etc/passwd
echo "root::14531:0:99999:7:::" > /etc/shadow
echo "root:x:0:" > /etc/group
echo "root:!::" > /etc/gshadow
echo "/system/xbin/bash" > /etc/shells
echo "PATH=\"/bin:/usr/bin:/usr/local/bin:/system/bin:/system/xbin\"" > 
/etc/profile
echo "export PATH" >> /etc/profile

I did *not* register password for root as I do not plan to login with 
passwords using ssh - only public keys, nothing else.  Besides, I do not 
have passwd or useradd/usermod, groupadd/groupmod either.

>     I've also disabled the privilege separation in sshd_config. Any
>     ideas what might cause this segfault error I am getting?
>
> Looks like time to run strace and non-daemon mode for sshd. Can you do 
> those on the test environment?
You mean on the device where sshd runs? I don't have strace there, so if 
I have to deploy and use it, I have to cross-compile it and static-build 
it first for the target arch :-\
The logs I posted previously were done when sshd runs in non-daemon mode 
(I run it as "OPTIONS=-ddd /etc/rc.d/init.d/sshd start" - that 
automatically starts sshd in non-daemon mode with the highest level of 
debugging available - level 3 with everything reported on the console).

More information about the openssh-unix-dev mailing list