Hi,
This is a guide on compiling the latest (as of 2015-06-24) dropbear SSH daemon (2015.67) for the Nexus 7 2013 but should also work for other ARM architecture Android devices. The guide is mainly based off the work from the blog http://blog.xulforum.org/index.php?post/2013/12/19/Compiling-Dropbear-for-a-Nexus-7-tablet which is an excellent guide to getting an older version of dropbear running on ARM Android devices.
I've modified the patch made by the original author to work on the latest dropbear version. There are not much changes from ver 2013.58 to 2015.67. The main difference seems to be the support for Elliptical Curve encryption.
** START DISCLAIMER **
I did not write the original codes/patch myself and have not scrutinized it for any security issues. USE IT AT YOUR OWN RISK.
** END DISCLAIMER **
Here's the list of requirements :-
1) Dropbear 2015.67 source code - dropbear-2015.67.tar.bz2 (https://matt.ucc.asn.au/dropbear/releases/dropbear-2015.67.tar.bz2)
2) Patch to compile for Android - dropbear-v67-android-patch-20150630 (https://goo.gl/Obo6kT) OR alternatively, you can use the patch from user serasihay (https://goo.gl/ip6Tkb).
3) A recent Linux distro (I use Ubuntu 14.04.2 LTS).
4) Development tools i.e. C compiler, linker, etc... all the necessary tools to run configure, make, etc..
5) Android NDK (I'm using rev 10e) installed & setup on Linux.
Steps :-
(1) Extract the source code to a directory of its own :-
(2) Patch the source :-
(3) Run configure :-
(4) Edit config.h, search for USE_DEV_PTMX and add the following line after that :-
(5) Run make :-
(6) You should end up with a single static binary "dropbearmulti" which you should link dropbear, dbclient/ssh, dropbearkey and scp to.
I will assume you know what to do with the binary file generated so will not elaborate on the process.
Hope it works for you guys. I'll be happy to help out anyone who needs more details.
NOTE: I have posted a similar guide for building dropbear for an x86 Android device in the Zenfone 2 forum (http://xdaforums.com/zenfone2/general/compiling-dropbear-2015-67-zenfone-2-t3142222). The steps are mostly similar.
Cheers.
UPDATE: 2015-06-29
- I've updated the patch to fix dbclient/ssh client using password authentication.
UPDATE: 2015-06-30
- Reverted the patch for the dbclient fix as NDK does not have getpass() function. Looks like dbclient with password auth will seg fault until we can find an alternative to getpass().
UPDATE: 2015-06-30 (2)
- Uploaded yet another update to the patch to include a version of getpass(). Hopefully it works
UPDATE: 2015-07-02
- Added alternate dropbear patch by serasihay (Thanks!). Details of changes can be found here :- http://xdaforums.com/showpost.php?p=61649194&postcount=14
This is a guide on compiling the latest (as of 2015-06-24) dropbear SSH daemon (2015.67) for the Nexus 7 2013 but should also work for other ARM architecture Android devices. The guide is mainly based off the work from the blog http://blog.xulforum.org/index.php?post/2013/12/19/Compiling-Dropbear-for-a-Nexus-7-tablet which is an excellent guide to getting an older version of dropbear running on ARM Android devices.
I've modified the patch made by the original author to work on the latest dropbear version. There are not much changes from ver 2013.58 to 2015.67. The main difference seems to be the support for Elliptical Curve encryption.
** START DISCLAIMER **
I did not write the original codes/patch myself and have not scrutinized it for any security issues. USE IT AT YOUR OWN RISK.
** END DISCLAIMER **
Here's the list of requirements :-
1) Dropbear 2015.67 source code - dropbear-2015.67.tar.bz2 (https://matt.ucc.asn.au/dropbear/releases/dropbear-2015.67.tar.bz2)
2) Patch to compile for Android - dropbear-v67-android-patch-20150630 (https://goo.gl/Obo6kT) OR alternatively, you can use the patch from user serasihay (https://goo.gl/ip6Tkb).
3) A recent Linux distro (I use Ubuntu 14.04.2 LTS).
4) Development tools i.e. C compiler, linker, etc... all the necessary tools to run configure, make, etc..
5) Android NDK (I'm using rev 10e) installed & setup on Linux.
Steps :-
(1) Extract the source code to a directory of its own :-
Code:
tar xjf dropbear-2015.67.tar.bz2
cd dropbear-2015.67
Code:
patch -p1 < dropbear-v67-android-patch-20150630
Code:
./configure --build=x86_64-unknown-linux-gnu --host=arm-linux-androideabi \
--disable-zlib --disable-largefile --disable-loginfunc \
--disable-shadow --disable-utmp --disable-utmpx --disable-wtmp \
--disable-wtmpx --disable-pututline --disable-pututxline --disable-lastlog
Code:
#define USE_DEV_PTMX 1
Code:
STATIC=1 MULTI=1 SCPPROGRESS=0 PROGRAMS="dropbear dropbearkey scp dbclient" make strip
Code:
./dropbear -h
Dropbear server v2015.67 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: ./dropbear [options]
-A Android Mode, specify a user explicitly
-N Android Mode, user name
-C Android Mode, password
-R Android Mode, public key file (authorized_keys)
-U Android Mode, UID
-G Android Mode, GID
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-r keyfile Specify hostkeys (repeatable)
defaults:
dss /etc/dropbear/dropbear_dss_host_key
rsa /etc/dropbear/dropbear_rsa_host_key
ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-F Don't fork into background
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive> (0 is never, default 0, in seconds)
-I <idle_timeout> (0 is never, default 0, in seconds)
-V Version
Hope it works for you guys. I'll be happy to help out anyone who needs more details.
NOTE: I have posted a similar guide for building dropbear for an x86 Android device in the Zenfone 2 forum (http://xdaforums.com/zenfone2/general/compiling-dropbear-2015-67-zenfone-2-t3142222). The steps are mostly similar.
Cheers.
UPDATE: 2015-06-29
- I've updated the patch to fix dbclient/ssh client using password authentication.
UPDATE: 2015-06-30
- Reverted the patch for the dbclient fix as NDK does not have getpass() function. Looks like dbclient with password auth will seg fault until we can find an alternative to getpass().
UPDATE: 2015-06-30 (2)
- Uploaded yet another update to the patch to include a version of getpass(). Hopefully it works
UPDATE: 2015-07-02
- Added alternate dropbear patch by serasihay (Thanks!). Details of changes can be found here :- http://xdaforums.com/showpost.php?p=61649194&postcount=14
Last edited: