sshd

[Guest Smilgs]

Trying it out. Have some issues.

1. Noticed that dropbear process multiplies, most of the time at least two instances are running. This would be avoided by a line earlier in this post, i.e.

killall -9 dropbear

2. I would like to be able to override some of the parameters used to run it.

(i.e. by placing a configuration file in the sd card)

3. edit: by looking at the dropbear.sh mentioned in the post, I suggest to add the following to the run command:

-R /data/dropbear/.ssh/authorized_keys - that was the reason I can not access it with my keys :)

Dropbear is now running at startup as of 2.7! :(

P

Edited October 22, 2009 by Smilgs

[Guest Paul]

- A DSS key exists (and is loaded from) /data/dropbear.

- Hmmm, not seen that!

- Dropbear is loaded by a script at /system/bin/dropear (do an adb remount if you want to upload a changed version)

:)

P

[Guest Smilgs]

So, I have modified the startup script (dropbear.sh) a little bit:

killall -9 dropbear

dropbear -A -N root -U 0 -G 0 -C "$passwd" -d /data/dropbear/dss_host_key -r /data/dropbear/rsa_host_key -p 2222 -R /data/dropbear/.ssh/authorized_keys

the difference is that it should not be duplicated anymore, and in the file /data/dropbear/.ssh/authorized_keys i can place my keys that I want to use for authentication (-d and -r specify the server keys imho)

( I don't know where anymore but somewehere I found once a man page for dropbear build for android - but this is the source for the patch http://jblomer.web.cern.ch/jblomer/android.htm)

! just to add something which I find useful - forward the ssh port to your pc when connected locally, using 'adb forward tcp:2222 tcp:2222'

- A DSS key exists (and is loaded from) /data/dropbear.

- Hmmm, not seen that!

- Dropbear is loaded by a script at /system/bin/dropear (do an adb remount if you want to upload a changed version)

:)

P

Edited October 22, 2009 by Smilgs

[Guest kendon]

So, I have modified the startup script (dropbear.sh) a little bit:

killall -9 dropbear

dropbear -A -N root -U 0 -G 0 -C "$passwd" -d /data/dropbear/dss_host_key -r /data/dropbear/rsa_host_key -p 2222 -R /data/dropbear/.ssh/authorized_keys

the difference is that it should not be duplicated anymore, and in the file /data/dropbear/.ssh/authorized_keys i can place my keys that I want to use for authentication (-d and -r specify the server keys imho)

( I don't know where anymore but somewehere I found once a man page for dropbear build for android - but this is the source for the patch http://jblomer.web.cern.ch/jblomer/android.htm)

http://github.com/android/platform_external_dropbear

scroll down to the readme part, not the manpage but quite some information in there.

[Guest Smilgs]

All of a sudden I did remember, but thanks anyway.

# dropbear --help

dropbear --help

Unknown argument --help

Dropbear sshd v0.52

Usage: dropbear [options]

Options are:

-A Android Mode, specify a user explicitly

-N Android Mode, user name

-C Android Mode, password

-R Android Mode, public key file (authorized_keys)

-U Android Mode, UID

-G Android Mode, GID

-b bannerfile Display the contents of bannerfile before user login

(default: none)

-d dsskeyfile Use dsskeyfile for the dss host key

(default: /etc/dropbear/dropbear_dss_host_key)

-r rsakeyfile Use rsakeyfile for the rsa host key

(default: /etc/dropbear/dropbear_rsa_host_key)

-F Don't fork into background

-E Log to stderr rather than syslog

-m Don't display the motd on login

-w Disallow root logins

-s Disable password logins

-g Disable password logins for root

-j Disable local port forwarding

-k Disable remote port forwarding

-a Allow connections to forwarded ports from any host

-p [address:]port

Listen on specified tcp port (and optionally address),

up to 10 can be specified

(default port is 22 if none specified)

-P PidFile Create pid file PidFile

(default /var/run/dropbear.pid)

-i Start for inetd

-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)

-K <keepalive> (0 is never, default 0)

http://github.com/android/platform_external_dropbear

scroll down to the readme part, not the manpage but quite some information in there.

Edited October 23, 2009 by Smilgs

[Guest RandyboY]

What is the pass of the sshd on port 2222?

Ive tried my imei and ive tried to change passwd via connectbot...

[Guest Smilgs]

the password is specified in /data/dropbear/passwd, as has been stated before

What is the pass of the sshd on port 2222?

Ive tried my imei and ive tried to change passwd via connectbot...

[Guest RandyboY]

Oh, ok, thanks.

And with that done how do i _change_ it? (the root-pass)

[Guest Smilgs]

hmm, with a text editor? for example. use "ed" from adb.

Oh, ok, thanks.

And with that done how do i _change_ it? (the root-pass)

[Guest Automaton]

Hi,

sorry for a bit offtopic but could someone explain me why running 'am' command results in segmentation fault when run from ssh shell but not from local connectbot shell?

Thanks.

[Guest RandyboY]

hmm, with a text editor? for example. use "ed" from adb.

I changed it with "echo my_pass > /data/dropbear/passwd" and the file was edited. But when i restarted my phone it was still the pass which was generated for me in the first place...

[Guest RandyboY]

I changed it with "echo my_pass > /data/dropbear/passwd" and the file was edited. But when i restarted my phone it was still the pass which was generated for me in the first place...

I rebooted again and now it is the pass that was set in the file :-)

[Guest phil-t]

I'm having an issue with dropbear and Modaco 2.8/1.7 Tek

Basically, I can't putty or winscp to the phone, it's as if the phone isn't listening..

The WiFi is on, and the phone has the IP 192.168.1.133

From the adb shell, I can see dropbear in the list if I 'ps'.. so it's running..

But using a 'netstat' I don't see a anything that suggests it's listening on port 22, in fact I only have 4 entries at the top of the netstat info, all are 192.168.1.3 addresses, and all say 'ESTABLISHED'..

So I think that Dropbear isn't actually listening on port 22..

Any ideas?

[Guest kendon]

So I think that Dropbear isn't actually listening on port 22..

me neither:

Changelog

...

Dropbear SSH running by default, check 'About' screen for password (port 2222)

...

[Guest phil-t]

me neither:

Ahh.. erm.... :D

Will go check...

;)

And of course.. it now works!!!! Thanks for being kind to a noob.. :P

Edited October 31, 2009 by phil-t

[Guest Salski]

This might be stupid question but isn't it a bit risky to put SSH password to the build number (see "about phone" screen)? Isn't the build number recoverable by some app therefore revealing the password to the app developer?

Please, correct me if I'm wrong.

-salski

[Guest kendon]

This might be stupid question but isn't it a bit risky to put SSH password to the build number (see "about phone" screen)? Isn't the build number recoverable by some app therefore revealing the password to the app developer?

Please, correct me if I'm wrong.

-salski

idk whether this can be read by apps or not, but i change my passwd file to my own password (actually not sure either, as it is not encrypted or anything), and i also alter build.prop not to show the password.

[Guest Smilgs]

Hello. First of all, thanks for the great work on the MoDaCo ROM - its really appreciated.

It would be great add to the startup script of dropbear (/system/bin/dropbear.sh) the following -

-R /data/dropbear/.ssh/authorized_keys

What the -r option does (which is included in the current script) is establish a server certificate. That option is not to set the authorized keys that you can use to connect.

And even if it does not find the file where expected, it still will just ask for the password, just like without -R.

With the command dropbear --help the documentation for the switches can be read.

(Dont worry about the Unknown argument --help)

-R Android Mode, public key file (authorized_keys)

-r rsakeyfile Use rsakeyfile for the rsa host key

_{Even better would be to externalize the start-up command, so that it can be modified without remounting the system partition (asked before).}

_{for example, configuration string in SD card that is used as the start-up command, if not found, then the default command is executed.}

Edited February 12, 2010 by Smilgs

[Guest kendon]

Even better would be to externalize the start-up command, so that it can be modified without remounting the system partition (asked before).

(for example, configuration string in SD card that is used as the start-up command, if not found, then the default command is executed.

which would also make it vulnerable. there is a reason why system processes are usually started from root-only writeable files, otherwise the startup options coud be modified by anyone. as for your example someone could simply create an app that secretly changes the key, then sends your ip to the dark side who then takes over control of your phone... ;)

it is not that hard to alter the file, just pull it via adb, change it, and push it back. remount before, reboot afterwards and you're good. works until you flash a new rom. if you know how to work with keys in ssh then you can do this :D which is another reason why it shouldn't be included by default. default is for people who don't know how to do it.

edit: no offense though, the idea is valid & thx for sharing :(

the above is just my opinion why or why not.

Edited February 12, 2010 by kendon

[Guest Smilgs]

Ok, if the sd-card configuration is not secure enough, could just include the -R option by default. If the authorized_keys is not found, it still will ask for the password - no damage done.

I am doing the script change operation on every new rom :D - it's just an annoyance

Offtopic - is there any way to run the midnight commander from Android while connected through ssh?

which would also make it vulnerable. there is a reason why system processes are usually started from root-only writeable files, otherwise the startup options coud be modified by anyone. as for your example someone could simply create an app that secretly changes the key, then sends your ip to the dark side who then takes over control of your phone... ;)

it is not that hard to alter the file, just pull it via adb, change it, and push it back. remount before, reboot afterwards and you're good. works until you flash a new rom. if you know how to work with keys in ssh then you can do this :( which is another reason why it shouldn't be included by default. default is for people who don't know how to do it.

edit: no offense though, the idea is valid & thx for sharing :D

the above is just my opinion why or why not.

[Guest kendon]

Ok, if the sd-card configuration is not secure enough, could just include the -R option by default. If the authorized_keys is not found, it still will ask for the password - no damage done.

I am doing the script change operation on every new rom ;) - it's just an annoyance

ok, i agree on this one. you might want to summarize this and send it directly to paul, not sure if he follows these threads.

[Guest Smilgs]

I actually have tried this for multiple times, but I guess the IMs in Pauls inbox get filtered of noobs :D

Maybe somebody who can get through should try.

ok, i agree on this one. you might want to summarize this and send it directly to paul, not sure if he follows these threads.

[Guest Smilgs]

Thanks to Paul, I noted there exists a thing called ASE (Android scripting engine)

Using it, I created installer for dropbear and other useful tools.

http://android.modaco.com/content/customis...r-mc-nano-opkg/

I actually have tried this for multiple times, but I guess the IMs in Pauls inbox get filtered of noobs :lol:

Maybe somebody who can get through should try.

[Guest paulsmith]

The port is set in /system/bin/dropbear.sh, to change the password, simply edit the contents of /data/dropbear/passwd and reboot.

how can we change the sshd dropbear settings for mcr 2.1 r5?

/system/bin/dropbear.sh doesnt exist.

[Guest kendon]

*sigh* then get it from a rom where it DOES exist...

and since you are going to ask, mcr3.x for example.