HOW TO: Native SSHd on Android
- Thread starter staulkor
- Start date
I was trying to copy a file from my server to my phone the command was
scp somefile root@phoneip:/sdcard
it prompts me for the password logs in then the error is shown
Can you run dropbear with -F -E and post the output?
To make dropbear work on cyanogen 4.0.4 with root password you need to:
1) Compile dropbear (statically linked with uClibc: this is needed because the native dropbear binary included in CyanogenMod 4.0.4
seems not to support correctly password protected logins, in the sense that you can login even when providing a wrong password!!!)
2) Copy the new dropbear binary to the phone
Then as root to run your own compiled version call it with the full path:
or add this line to your userinit.sh if you want to run it always.
Finally you can log in over wifi (or maybe over the internet):
To test that everything is setup correctly try to login with a wrong password to see if your attempt is correctly denied:
Enjoy
1) Compile dropbear (statically linked with uClibc: this is needed because the native dropbear binary included in CyanogenMod 4.0.4
seems not to support correctly password protected logins, in the sense that you can login even when providing a wrong password!!!)
2) Copy the new dropbear binary to the phone
Code:
adb push dropbear /sdcard/dropbear
adb push dropbearkey /sdcard/dropbearkey
Code:
$ su
# mkdir /data/local/bin
# cp /sdcard/dropbear /data/local/bin/dropbear
# cp /sdcard/dropbear /data/local/bin/dropbearkey
# chmod 755 /data/local/bin/dropbear
# chmod 755 /data/local/bin/dropbearkey
# chown root.root /data/local/bin/dropbear
# chown root.root /data/local/bin/dropbearkey
# busybox mount -o remount,rw /dev/block/mtdblock3 /system
# echo "root:x:0:0::/:/system/bin/sh" > /etc/passwd
# echo "root::14531:0:99999:7:::" > /etc/shadow
# echo "root:x:0:" > /etc/group
# echo "root:!::" > /etc/gshadow
# echo "/system/bin/sh" > /etc/shells
# echo "PATH=\"/usr/bin:/usr/sbin:/bin:/sbin:/system/sbin:/system/bin:/system/xbin:/system/xbin/bb:/data/local/bin\"" > /etc/profile
# echo "export PATH" >> /etc/profile
# busybox passwd
Changing password for root
New password:
Bad password: too weak
Retype password:
Password for root changed by root
# mkdir /data/dropbear
# /data/local/bin/dropbearkey -t rsa -f /data/dropbear/dropbear_rsa_host_key
# /data/local/bin/dropbearkey -t dss -f /data/dropbear/dropbear_dss_host_key
# ln -s /data/dropbear /system/etc/dropbear
# busybox mount -o remount,ro /dev/block/mtdblock3 /systemThen as root to run your own compiled version call it with the full path:
Code:
/data/local/bin/dropbearor add this line to your userinit.sh if you want to run it always.
Finally you can log in over wifi (or maybe over the internet):
Code:
debian:~$ ssh root@xxx.xxx.xxx.xxx
root@xxx.xxx.xxx.xxx's password:
/data/dropbear #To test that everything is setup correctly try to login with a wrong password to see if your attempt is correctly denied:
Code:
ssh root@xxx.xxx.xxx.xxx
root@xxx.xxx.xxx.xxx's password:
Permission denied, please try again.Enjoy
Last edited:
I'm trying all this on my MT3G with Cyanogen 4.2.3, and all was going fine until i try changing the password with "busybox passwd", to which i get the following error...
I'm not even sure how to proceed from here, any ideas?
Code:
passwd: applet not foundI'm not even sure how to proceed from here, any ideas?
Yes you need a version of busybox with password management built in
as the one attached. Put it somewhere on your phone.
Code:
adb push busybox.bin /data/local/bin/busybox
adb shell
chown root.root /data/local/bin/busybox
chmod 4755 /data/local/bin/busyboxand call it as
Code:
/data/local/bin/busybox passwd
You have to create a ssh key, I found this:
http://wiki.cyanogenmod.com/index.php/Connect_to_Your_Android_Device_with_SSH
http://wiki.cyanogenmod.com/index.php/Connect_to_Your_Android_Device_with_SSH
Yay, thanks a lot, this one works nice.
One thing that maybe isn´t clear at first is that you need to generate the rsa.secret file using this:
dropbearkey -t rsa -f /data/local/rsa/rsa.secret
and so you start the daemon with any password, lets say, "alpine" with this:
dropbear -A -N root -U 0 -G 0 -C alpine -r /data/local/rsa/rsa.secret -p 0.0.0.0:22
But manually issue that command everytime you boot your device is a pain. Any hint about how to make it start automatically? Sorry for this question, but i´m new to this. Comming from "unofficial" iPhone dev scene... Thanks
you can make life a little easier
Code:
echo "dropbear -A -N root -U 0 -G 0 -C alpine -r /data/local/rsa/rsa.secret -p 0.0.0.0:22" >> /sdcard/startdropbear.shnow all you have to do is
Code:
sh /sdcard/startdropbear.shnormally I would say put in init.d , but this ROM ( Cannon complete ) doesn't seem to have one !
grrr, already had to fix busybox links, now I may have to look deeper...
but have a read of files found in /system/etc/init.d
they may give you some clue as to where you can put things for auto run ;~) ,
often a file called userinit.conf in either /system/sd/ or /data/ can't quite remember, init.d files, if well commented will help
Edit :
you can also put the startdropbear.sh in /system/bin
and make it executable, so you can just type startdropbear.sh
Code:
busybox mount -o rw,remount /system
cp /sdcard/startdropbear.sh /system/bin/
chmod 4755 /system/bin/startdropbear.sh
busybox mount -o ro,remount /system
Last edited:
Hi Firehat
Thanks for the heads up on this. I actually took some time researching before posting this.
I actually have a nexus one here, and searched the entire filesystem for a place or file to be edited in order to have this command running automatically on boot or something.
Still no luck here, since this seems to be a tiny linux thing running, and a lot of things were left out. So there´s no init.d, or system/etc/init.d or anything i could find that seems closer to it.
Also did a .sh and gave it the execute permission for any user, also setting it´s group and ownership the same as some scripts i found in the filesystem, and placed this script into the same directories the other scripts are placed, but still no go about having it being auto executed.
Thanks for the heads up on this. I actually took some time researching before posting this.
I actually have a nexus one here, and searched the entire filesystem for a place or file to be edited in order to have this command running automatically on boot or something.
Still no luck here, since this seems to be a tiny linux thing running, and a lot of things were left out. So there´s no init.d, or system/etc/init.d or anything i could find that seems closer to it.
Also did a .sh and gave it the execute permission for any user, also setting it´s group and ownership the same as some scripts i found in the filesystem, and placed this script into the same directories the other scripts are placed, but still no go about having it being auto executed.
Ask the developer of the ROM you are using. Many of them include a provision to run a userinit.sh or there is some other way to add things to the startup. Most donut ROMs seem to look for /system/sd/userinit.sh. OpenEclair has this as well, and has the init.d directory. It is ROM specific though. Personally, I just use GScript and enable SSHd when I want it. I don't want it running all the time.
Thanks for the clarification. I noticed there´s a file called init.rc, which is used by init binary, right after the kernel boot process. This rc file has a bunch of commands to be issued. So, i pulled it from the phone, added the line i want, mounted the filesystem with rw permission and put the modified rc file back, but after a reboot, the init.rc file gets overwritten and everything goes back to how it was before the mod i did. Well, i guess i´ll have to live with this .sh i did and start it manually whenever i need through a terminal window.
Last edited:
error after connecting
Hi I am using the files from this thread and the general information to run it on a DSTL1 with a donut rom.
dropbear starts ok with
The trouble is when I connect with an ssh client, I authenticate and receive:
Then I am able to enter cd and pwd
but no other commands work including ls (so it is not a usable shell like this)
Could somebody point me in the right direction regarding what needs to be in place for the shell to work properly?
Hi I am using the files from this thread and the general information to run it on a DSTL1 with a donut rom.
dropbear starts ok with
Code:
if [ ! -d /etc/dropbear/ ]
then
/system/bin/mkdir /etc/dropbear/
fi
if [ ! -f /etc/dropbear/dropbear_rsa_host_key ]
then
/system/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
fi
if [ ! -f /etc/dropbear/dropbear_dss_host_key ]
then
/system/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
fi
/system/bin/logwrapper /system/bin/dropbear -A -N root -U 0 -G 0 -C cocacola &The trouble is when I connect with an ssh client, I authenticate and receive:
Code:
sh: can't access tty; job control turned offThen I am able to enter cd and pwd
but no other commands work including ls (so it is not a usable shell like this)
Could somebody point me in the right direction regarding what needs to be in place for the shell to work properly?
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
1After many hours of yelling and screaming at my linux dev box, I finally got everything working so I can cross compile and port in theory any application to Android. Obviously the first step was to get SSHd working on the phone, specifically dropbear since it is much simpler than openssh.
Follow these exactly and you should have a running dropbear daemon.
If you have already rooted your phone and have busybox on your phone, I HIGHLY recommend walking through this to make sure you have done everything that is listed. There are a few things you must do for dropbear to work correctly
NOTE: I have not been able to login yet! I have been unable to find the password data for the phone. It is asking for a password when you login with root. And yes, I have tried no password and also common ones along with "android". All result in me still being locked out.
With that out of the way, lets begin. I am assuming you have a virgin G1. I will walk you through the entire procedure.
PART 1 - ROOTING YOUR PHONE
1. Download pTerminal from the marketplace or from http://android-dls.com/files/src.com.poidio.terminal.apk. If you choose to download the file from the link provided, download it on the phone by going to this forum post and long holding the link.
2. Run pTerminal and type
Code:cd /system/bin
and then
Code:telnetd
3. Connect the phone to your wifi and go back to pTerminal and run:
Code:netstat
This will show you the local ip of the G1.
4. Using your favorite telnet client, connect to your phone on the default telnet port 23.
PART 2 - BUSYBOX
5. Welcome to root access We now need to get busybox on the phone. Again, pull up this thread on your phone and long hold the following link: http://staulkor.com/android/busybox.xxx. Dont mind the .xxx extension. Browser wont let you download certain extension types. The xxx will be renamed to asc automatically.
6. We now need to remount /system because it is currently read only. After that we will copy busybox off the sdcard and put it in the bin directory and then make it executable. Go to your telnet app and type:
Code:mount -o remount,rw /dev/block/mtdblock3 /system dd if=/sdcard/download/busybox.asc of=/system/bin/busybox chmod 4755 /system/bin/busybox cd /system/bin busybox cp -s busybox cp
You now have access to the cp command. You can use that syntax to make a symlink to any of the busybox commands. MAKE SURE you do NOT overwrite the default symlinks. They have special syntaxes and you will most likely break things.
PART 3 - DROPBEAR
7. Now that you have busybox and the cp command (you MUST have the cp command), we need to create a directory.
Code:mkdir /system/etc/dropbear
This is where the encryption keys will be kept.
8. Now you have the required directory, you can download dropbear and dropbearkey.
Dropbear - http://www.staulkor.com/android/android-dropbear-0.51.rev1.xxx
Dropbearkey - http://www.staulkor.com/android/android-dropbearkey-0.51.rev1.xxx
Again, download them on the phone by long pressing each link and saving it.
I am using version 0.51 of dropbear. The rev1 is so you know what revision of the android port it is. Changes may have to be made and recompiled and I want to make sure you guys can tell the versions apart short of an md5 hash
9. Now that they are downloaded, they again change the .xxx extension to .asc automatically. We need to move them to /system/bin and make them executable.
Code:cp /sdcard/download/android-dropbear-0.51.rev1.asc /system/bin/dropbear cp /sdcard/download/android-dropbearkey-0.51.rev1.asc /system/bin/dropbearkey chmod 4755 /system/bin/dropbear chmod 4755 /system/bin/dropbearkey
10. Now we have to create the encryption keys. If you do not create them, dropbear will not run at all.
Code:dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
11. Now dropbear is totally installed. You can run it by typing:
Code:dropbear
To check if it is running, type:
Code:ps
and to make sure it is listening, type:
Code:netstat
and look for the 0.0.0.0:22 LISTENING
At any point if you have to kill dropbear, you will need to run ps, find the PID and then do "kill <pid>" without the brackets of course.
12. Now we can try to login to the phone. I run Vista on my main box, so I use putty for my ssh/telnet client. If you use linux/osx and type:
Code:ssh root@<ip address of G1>
You should be able to connect to the phone and it will ask for a password.
13. ?????????? -- We need to be able to login. I cant find any password data on the phone. I am looking for that data to see if there is even a password, or if it would be possible to create a password, or a new user, or something.
Enjoy!
Credits:
Rooting the phone - http://android-dls.com/forum/index.php?f=15&t=151&rb_v=viewtopic
Busybox - http://android-dls.com/forum/index.php?f=15&t=153&rb_v=viewtopic
And big thanks to DarkriftX for making those tutorials and helping the cause1Looks like somebody beat you to it!
http://www.upche.org/doku.php?id=wiki:android4
This is only confirmed on the emulator. I guess install dropbear on the emulator (watch out, when you close the emulator, you will have to reinstall everything again the next time it boots up) and then try this out and see if you can login.1Binaries
Hey guys,
This thread hasn't had any activity since last month, but since no one else posted them, I thought I should put some dropbear binaries up for people to use.
I did not compile these, instead I shamelessly extracted them from someone else's rom. They look to be compiled without any changes, so it's probably cool, but if he contacts me, i'll pull them.
I don't know how to put them into an update.zip for flashing, so you'll have to copy them to your phone manually. I REPEAT, YOU CANNOT FLASH THE ATTACHED ZIP, AND HAVE TO EXTRACT IT AND COPY THE FILES OVER MANUALLY. I've included instructions below.
If you push the 95dropbear file, it will start on boot. I have not noticed any battery loss associated with leaving dropbear running, waiting for connections.
Login as root, pw is password. you can change the password by editing the 95dropbear file (replace -Y with -C if you want to use a cleartext password)
Terminal Emulator:
Code:mount -o remount,rw /system cp /sdcard/dropbear /system/bin/dropbear cp /sdcard/dropbearkey /system/bin/dropbearkey cp /sdcard/95dropbear /system/etc/init.d/95dropbear chmod 755 /system/bin/dropbear /system/bin/dropbearkey /system/etc/init.d/95dropbear
ADB:
Code:adb remount adb push dropbear /system/bin/dropbear adb push dropbearkey /system/bin/dropbearkey adb push 95dropbear /system/etc/init.d/95dropbear adb shell chmod 755 /system/bin/dropbear /system/bin/dropbearkey /system/etc/init.d/95dropbear
