定制linux内核+Busybox+dropbear实现远程登录

432qw · 发表于 2016-8-15 10:19:32

简单介绍下各阶段工作流程：
POST：开机后，加载BIOS信息（里面包含各硬件的相关信息）
BIOS（boot sequence）：选择（设备）启动项，然后读取MBR信息
Boot Loader：初始化硬件、建立内存空间映射，读取grub配置文件
Initrd：加载内核（硬件检测及初始化、挂载根文件系统）0→启动第一个进程init→该程序读出/etc/inittab、/etc/rc.d/rc.sysinit、/etc/rc.d/rc.local文件
Shell：启动/bin/login程序，进入登录界面

进入实验部分：
一、环境搭建
1、虚拟机（server1）上添加一个硬盘

2、在系统中给该磁盘进行分区

1	[iyunv@localhost ~]# fdisk /dev/sdb

3、格式化

1
2
3

[iyunv@localhost ~]# mke2fs -t ext4 /dev/sdb1
[iyunv@localhost ~]# mke2fs -t ext4 /dev/sdb2
[iyunv@localhost ~]# mkswap /dev/sdb3

4、挂载

1
2
3

[iyunv@localhost ~]# mkdir /mnt/{sysroot,boot} #创建挂载目录
[iyunv@localhost ~]# mount /dev/sdb1 /mnt/boot/
[iyunv@localhost ~]# mount /dev/sdb2 /mnt/sysroot/

5、安装grub

1	[iyunv@localhost ~]# grub-install --root-directory=/mnt /dev/sdb

6、创建linux各目录

1 2	[iyunv@localhost ~]# cd /mnt/sysroot/ [iyunv@localhost ~]# mkdir -pv etc/rc.d var/log root proc sys srv boot mnt tmp home dev lib lib64

二、编译内核

1
2
3
4
5
6
7

[iyunv@localhost ~]# tar xf linux-3.13.6.tar.xz -C /usr/src/ #解压
[iyunv@localhost ~]# cd /usr/src/
[iyunv@localhost src]# ln -s linux-3.13.6 linux #创建软链接
[iyunv@localhost src]# cd linux
[iyunv@localhost linux]# yum groupinstall "Development Tools" -y #安装开发包组
[iyunv@localhost linux]# make allnoconfig #重置配置选项
[iyunv@localhost linux]# make menuconfig

如果make menuconfig时报错：

提示：缺少ncurses-devel库文件

1 2	[iyunv@localhost linux]# yum -y install ncurses-devel [iyunv@localhost linux]# make menuconfig #再次进行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

64 bit kernel #64位支持

gerernal setup
() local version - append to kernel release #版本号

Enable loadable modual support #允许模块加载
-> Progressor type and features
Processor Family(Core 2/newer Xeon) #自行选择处理器类型

Symmetric multi-processing support #支持多核
-> Bus Options(PCI etc.)

PCI support #支持PCI总线
-> File system

The Extended 4 (ext) filesystem #支持ext4文件系统
-> Executable file formats / Emulations #可执行文件系统

Kernel support for ELF binaries #支持ELF二进制程序

Kernel support for scripts starting with #! #支持脚本

Networking support
-> Networking options

Unix domain sockets

UNIX: socket monitoring interface

TCP/IP networking

IP: multicasting #ip多播协议

IP: advanced router #高级路由协议

IP: kernel level autoconfiguration #内核级别配置

IP: DHCP support #DHCP服务

IP: BOOTP support

IP: RARP Support #RARP协议

IP: TCP syncookie support #tcp同步状态

-> Device Drivers
-> Gernal Driver Options

Maintain a devtmpfs filesystem to mount at /dev #使用devtmpfs机制挂载设备文件

Automount devtmpfs at /dev, after the kernel mounted the rootfs #自动挂载

-> SCSI device support

SCSI deveice support

SCSI disk support

Fusion MPT device support #支持虚拟磁盘

Fusion MPT ScsiHost drivers for SPI #虚拟磁盘

Fusion MPT misc device (ioctl) driver #磁盘初始化

Network device support

Network core driver support #网络核心驱动

Ethernet driver support #以太网卡驱动

Intel devices (NEW)

Intel(R) PRO/1000 Gigabit Ethernet support

Intel(R) PRO/1000 PCI-Express Gigabit Ethernet support
-> Input Device support

Mouse interface

Keyboards #键盘

Mice #ps/2

USB support

Support for Host-side USB

xHCI HCD (USB 2.0) support

EHCI HCD (USB 3.0) support

OHCI HCD (USB 1.1) support

1 2	[iyunv@localhost linux]# make bzImage -j 3 #只编译内核，并且使用3个线程 [iyunv@localhost linux]# cp arch/x86_64/boot/bzImage /mnt/boot/ #拷贝内核

三、安装busybox
安装busybox需要依赖glibc-static
安装glibc-static 包在DVD2中，如何没有DVD2比如我..,自己搭建网络yum源安装

1
2
3
4
5
6

root@localhost ~]# wget http://mirrors.163.com/.help/CentOS6-Base-163.repo 这是网易yum源的配置文件
[iyunv@localhost ~]# yum clean all /#生效刚刚加载的yum仓库
[iyunv@localhost ~]# yum -y install glibc-static
[iyunv@localhost ~]# tar xf busybox-1.22.1.tar.bz2
[iyunv@localhost ~]# cd busybox-1.22.1
[iyunv@localhost busybox-1.22.1]# make menuconfig

1
2
3

-> Busybox Settings
-> Build Options

Build BusyBox as a static binary (no shared libs)

1 2	[iyunv@localhost busybox-1.22.1]# make && make install [iyunv@localhost busybox-1.22.1]# cp -a _install/* /mnt/sysroot/

提供grub.conf文件：

1
2
3
4
5
6
7

[iyunv@localhost ~]# vim /mnt/boot/grub/grub.conf
default=0
timeout=5
title Linux (3.13.6)
root (hd0,0)
kernel /bzImage ro root=/dev/sda2 init=/sbin/init
[iyunv@localhost ~]# sync #把内存缓冲区的数据立即写入磁盘中

测试：
添加新的虚拟机（server2）注意选择磁盘时要选择之前创建的磁盘

添加完成后，把server1挂起或关机,然后server2开机

启动正常，但提示没有初始化文件

四、提供初始化文件（etc/fstab etc/inittab etc/rc.d/rc.sysinit）

1
2
3
4
5
6

[iyunv@localhost sysroot]# vim etc/fstab
/dev/sdb1    /boot ext4 defaults       0 0
/dev/sdb2    /    ext4 defaults       0 0
/dev/sdb3    swap swap defaults       0 0
proc          /proc proc defaults       0 0
sysfs          /sys sysfs defaults       0 0

1
2
3
4
5
6
7
8
9
10

[iyunv@localhost sysroot]# vim etc/inittab
::sysinit:/etc/rc.d/rc.sysinit
::respawn:/sbin/getty 19200 tty1
::respawn:/sbin/getty 19200 tty2
::respawn:/sbin/getty 19200 tty3
::respawn:/sbin/getty 19200 tty4
::respawn:/sbin/getty 19200 tty5
::respawn:/sbin/getty 19200 tty6
::ctrlaltdel:/sbin/reboot
::shutdown:/bin/umount -a -r

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

[iyunv@localhost sysroot]# vim etc/rc.d/rc.sysinit
#!/bin/sh
#
echo -e "\tWelcome to \033[36mLinux\033[0m"
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
[ -z "$HOSTNAME" -o "$HOSTNAME" == "(none)" ] && HOSTNAME=localhost
/bin/hostname $HOSTNAME
mount -a#基于/etc/fstab文件挂载设备
mdev -s#挂载内核所需设备文件
mount -o remount -rw / #把根挂载成可读写
ifconfig lo 127.0.0.1#配置网卡信息
ifconfig eth0 192.168.199.222 #配置网卡信息
export PS1="[\u@\h \w]$ " #导出PS1路径
export PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" #修改环境变量
[iyunv@localhost sysroot]# chmod +x etc/rc.d/rc.sysinit

提供账号和密码文件：

1
2
3
4
5

[iyunv@localhost sysroot]# head -1 /etc/passwd > etc/passwd
[iyunv@localhost sysroot]# vim etc/passwd
[iyunv@localhost sysroot]# head -1 /etc/group > etc/group
[iyunv@localhost sysroot]# head -1 /etc/shadow > etc/shadow
[iyunv@localhost sysroot]# chmod 400 etc/shadow

提供认证库文件：

1
2
3
4
5
6
7

[iyunv@localhost ~]# cp -d /lib64/libnss_files* /mnt/sysroot/lib64/
[iyunv@localhost ~]# cp -d /usr/lib64/libnss3.so /mnt/sysroot/usr/lib64/
[iyunv@localhost ~]# mkdir /mnt/sysroot/usr/lib64
[iyunv@localhost ~]# cp -d /usr/lib64/libnss3.so /mnt/sysroot/usr/lib64/
[iyunv@localhost~]#cp -d /usr/lib64/libnss_files.so /mnt/sysroot/usr/lib64/
[iyunv@localhost ~]# cp /etc/nsswitch.conf /mnt/sysroot/etc/
[iyunv@localhost ~]# cp /etc/shells /mnt/sysroot/etc/

提供主机名：

1
2
3
4

[iyunv@localhost sysroot]# mkdir etc/sysconfig
[iyunv@localhost sysroot]# vim etc/sysconfig/network
HOSTNAME=biao.com
[iyunv@localhost sysroot]# sync

测试：

本地登陆成功！

五、提供ssh服务

1
2
3

[iyunv@localhost ~]# tar xf dropbear-2016.73.tar.bz2
[iyunv@localhost ~]# cd dropbear-2016.73
[iyunv@localhost dropbear-2016.73]# ./configure

预编译时如果报如下错误：

1
2
3
4

#yum -y install zlib-devel #安装缺少的库
#./configure #再次预编译
[iyunv@localhost dropbear-2016.73]# make PROGRAMS="dropbear dbclient dropbearkey scp"
[iyunv@localhost dropbear-2016.73]# make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install

命令移植脚本：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

#!/bin/bash
aimDir=/mnt/sysroot
cmdInput() {
if which $cmd &> /dev/null;then
      cmdPath=`which --skip-alias $cmd`
else
      echo "No such command."
      return 5
fi
}
cpCmd() {
cmdDir=`dirname $cmdPath`
[ -d ${aimDir}${cmdDir} ] || mkdir -p ${aimDir}${cmdDir}
[ -f $cmdPath ] && cp $cmdPath ${aimDir}${cmdDir}
}
cpLib() {
for libPath in `ldd $cmdPath | grep -o "/[^[:space:]]\{1,\}"`;do
      libDir=`dirname $libPath`
      [ -d ${aimDir}${libDir} ] || mkdir -p ${aimDir}${libDir}
      [ -f $libPath ] && cp $libPath ${aimDir}${libDir}
done
}
echo "You can input [q|Q] quit."
while true;do
  read -p "Enter a command: " cmd
  if [[ "$cmd" =~ $|q|Q|$ ]];then
echo "You choose quit."
exit 0
  fi
cmdInput
[ $? -eq 5 ] && continue
cpCmd
cpLib
[ $? -eq 0 ] && echo -e "\033[36mCopy successful.\033[0m"
Done

移植所需的命令：

1
2
3
4
5
6
7
8

[iyunv@localhost ~]# bash cp.sh
You can input [q|Q] quit.
Enter a command: dropbear
Copy successful.
Enter a command: dropbearkey
Copy successful.
Enter a command: q
You choose quit.

生成密钥：

1
2
3

[iyunv@localhost ~]# mkdir /mnt/sysroot/etc/dropbear
[iyunv@localhost ~]# dropbearkey -t rsa -f /mnt/sysroot/etc/dropbear/dropbear_rsa_host_key -s 2048
[iyunv@localhost ~]# dropbearkey -t dss -f /mnt/sysroot/etc/dropbear/dropbear_dss_host_key

创建pid文件存放目录：

1	[iyunv@localhost ~]# mkdir /mnt/sysroot/var/run

挂载pts：

1
2
3
4

[iyunv@localhost sysroot]# mkdir dev/pts
[iyunv@localhost sysroot]# vim etc/fstab
........ #上面省略
devpts /dev/pts devpts defaults 0 0

提供服务脚本：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

[iyunv@localhost sysroot]# mkdir etc/rc.d/init.d
[iyunv@localhost sysroot]# vim etc/rc.d/init.d/dropbear
#!/bin/bash
#
# description: dropbear ssh daemon
# chkconfig: 2345 66 33
#
dsskey=/etc/dropbear/dropbear_dss_host_key
rsakey=/etc/dropbear/dropbear_rsa_host_key
lockfile=/var/lock/subsys/dropbear
pidfile=/var/run/dropbear.pid
dropbear=/usr/local/sbin/dropbear
dropbearkey=/usr/local/bin/dropbearkey
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/dropbear ] && . /etc/sysconfig/dropbear
keysize=1024
port=22
gendsskey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the dss key: "
$dropbearkey -t dss -f $dsskey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
      success
      echo
      return 0
else
      failure
      echo
      return 1
fi
}
genrsakey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the rsa key: "
$dropbearkey -t rsa -s $keysize -f $rsakey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
      success
      echo
      return 0
else
      failure
      echo
      return 1
fi
}
start() {
[ -e $dsskey ] || gendsskey
[ -e $rsakey ] || genrsakey
if [ -e $lockfile ]; then
      echo -n "dropbear daemon is already running: "
      success
      echo
      exit 0
fi
echo -n "Starting dropbear: "
daemon --pidfile="$pidfile" $dropbear -p $port -d $dsskey -r $rsakey
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
      touch $lockfile

      return 0
else
      rm -f $lockfile $pidfile
      return 1
fi
}
stop() {
if [ ! -e $lockfile ]; then
      echo -n "dropbear service is stopped: "
      success
      echo
      exit 1
fi
echo -n "Stopping dropbear daemon: "
killproc dropbear
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
      rm -f $lockfile $pidfile
      return 0
else
      return 1
fi
}
status() {
if [ -e $lockfile ]; then
      echo "dropbear is running..."
else
      echo "dropbear is stopped..."
fi
}
usage() {
echo "Usage: dropbear {start|stop|restart|status|gendsskey|genrsakey}"
}
case $1 in
start)
      start ;;
stop)
      stop ;;
restart)
      stop
      start
      ;;
status)
      status
      ;;
gendsskey)
      gendsskey
      ;;
genrsakey)
      genrsakey
      ;;
*)
      usage
      ;;
esac
[iyunv@localhost sysroot]# chmod +x etc/rc.d/init.d/dropbear
[iyunv@localhost sysroot]# cp /etc/rc.d/init.d/functions etc/rc.d/init.d/
[iyunv@localhost sysroot]# cd etc/rc.d/
[iyunv@localhost rc.d]# ln -s init.d/dropbear dropbear.start
[iyunv@localhost rc.d]# ln -s init.d/dropbear dropbear.stop
[iyunv@localhost rc.d]# echo "/etc/rc.d/*.start start" >> rc.sysinit

关机脚本

1
2
3
4
5
6
7
8
9
10

[iyunv@localhost rc.d]# vim rc.sysdown
#!/bin/sh
#
sync #把内存缓冲区的数据立即写入磁盘中
sleep 3 #给系统3秒的写入时间
/etc/rc.d/*.stop stop
umount -a -r
Poweroff
[iyunv@localhost rc.d] vim /mnt/sysroot/etc/inittab
::shutdown:/etc/rc.d/rc.sysdown #最后一行修改成这样

测试：
服务开机启动

ssh远程登录成功：

以上实验全部完成！！！！！！！！！

账号		自动登录	找回密码
密码			立即注册

大疆运维招人啦，

C++ :try 语句块和异常处理

C++的多态

Red Hat RHCE 8 (EX294) Cert Guide

Java/C++ 区别：看完这一篇，就够用！

别再用过时库了！这 13 个顶级 C++ 库才是

c++ size_t 和 int 的区别

[经验分享] 定制linux内核+Busybox+dropbear实现远程登录

相关帖子

浏览过的版块

扫码加入运维网微信交流群