I tested it on my TS-870 Pro and it works flawlessly but I cannot guarantee that it will work on any QNAP NAS.
You can execute the script in any directory. Just make sure the directory can hold ~200MB (i.e. don't execute it for example in /tmp) or execute the lines manually one by one.
Code: Select all
#!/bin/sh
## install Optware QPKG and required packages
ipkg install gcc make perl sed gawk tar gzip bzip2 zlib mktemp
export PATH=/opt/bin:/opt/sbin:$PATH
## grab the source
wget --no-check-certificate https://www.openssl.org/source/openssl-1.0.1i.tar.gz # < heartbleed free
wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
wget --no-check-certificate https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.8.tar.bz2
## make temporary dir for dependencies (libpam headers and openssl)
## openssl will be compiled statically so you can remove this directory afterwards
DEPDIR=`pwd`/dist
mkdir -p $DEPDIR/usr/include
## we need only the PAM headers, we use QNAP's libpam.so
tar xjf Linux-PAM-1.1.8.tar.bz2
ln -s libpam.so.0 /lib/libpam.so
cp -r Linux-PAM-1.1.8/libpam/include/security/ $DEPDIR/usr/include || exit
## install openssl to DEPDIR
tar xzf openssl-1.0.1i.tar.gz
pushd openssl-1.0.1i
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib zlib linux-elf "-Wa,--noexecstack" || exit
make depend || exit
make || exit
make INSTALL_PREFIX=$DEPDIR MANDIR=/usr/share/man MANSUFFIX=ssl install || exit
popd
## build openssh
tar xzf openssh-6.6p1.tar.gz
pushd openssh-6.6p1
./configure --prefix=/usr --sbindir=/usr/sbin --libexecdir=/usr/libexec --sysconfdir=/etc/ssh\
--with-ssl-engine --with-pam --with-md5-passwords --with-pid-dir=/var/run\
--with-ldflags=-L$DEPDIR/usr/lib --with-cflags=-I$DEPDIR/usr/include || exit
make || exit
popd
## optionally install whole ssh to some dir
#mkdir "$HOME/myssh"
#make DESTDIR="$HOME/myssh" install
## or just copy sshd binary
cp openssh-6.6p1/sshd ~
## optionally cleanup
#rm -fr Linux-PAM-1.1.8* openssh-6.6p1* openssl-1.0.1i* $DEPDIR
This executable does not depend on any other libraries which are not already available in the OS.
The only dependency that is different, openssl 1.0.1i (heartbleed free), is build statically into openssh. So you can remove all generated directories, even the DEPDIR.
You can execute sshd right away or install it permanently using a corresponding script executed via autorun.sh.
I use the following script
Code: Select all
#!/bin/sh
# stop QNAP sshd
/sbin/daemon_mgr sshd stop /usr/sbin/sshd
/usr/bin/killall sshd
rm -f /var/lock/subsys/sshd
# bring our sshd in place
cp -f /mnt/HDA_ROOT/.config/ssh/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd_orig
cp /share/CACHEDEV1_DATA/sshd /usr/sbin/sshd
# our sshd needs this directory for priviledge separation
mkdir /var/empty
# replace sftp-server by internal-sftp in login.sh
sed -i 's|/usr/libexec/sftp-server|Subsystem.*internal-sftp|g;
/Subsystem/s|\/usr\/libexec\/sftp-server|internal-sftp|g;
s|/\/usr\/libexec\/sftp-server/d|/Subsystem.*internal-sftp/d|g
' /etc/init.d/login.sh > /dev/null
# start the sshd
SSH_PORT=`/sbin/getcfg LOGIN "SSH Port" -d 22`
/sbin/daemon_mgr sshd start "/usr/sbin/sshd -f /etc/ssh/sshd_config -p $SSH_PORT"