SSH Daemon - Dropbear - On Android 2.0

Discussion in 'Android Hacks and Help' started by kevdog, Dec 15, 2009.

DroidForums.net is the premier Android Forum - Registered Users do not see these ads. Please Register - It's Free!
  1. kevdog
    Offline

    kevdog Member

    Joined:
    Nov 14, 2009
    Messages:
    722
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    How to SetUp an SSH Daemon on Droid using Dropbear as the SSH Daemon/Server

    Assumptions:
    #1 - Phone has been rooted: - Search forums if unsure how to do this
    #2 - Busybox has been installed - Again search forums for method
    #3 - ADB (Android Debug Bridge) is installed on host computer - (Step isn't absolutely necessary if a program such as Android Terminal Emulator: androidterm - Project Hosting on Google Code is installed, however I personally find it a lot easier to install and debug using adb).

    Process:
    #1 - Download and unzip the dropbear, dropbearkeys, and scp executables. These files can be found on post #3 here: AllDroid.org - View topic - SSH!
    #2 - Place the executables dropbear, dropbearkey, and scp within /sdcard/dropbear
    The dropbear directory may need to be created.

    Ensure the sdcard is unmounted from the computer prior to issuing the following commands.
    Code:
    adb shell  <--May be eliminated if not using adb
    su
    mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system  (Makes the system partition read and writeable)
    cat /sdcard/dropbear/dropbear > /system/xbin/dropbear
    cat /sdcard/dropbear/dropbearkey > /system/xbin/dropbearkey
    cat /sdcard/dropbear/scp > /system/xbin/scp
    chmod 755 /system/xbin/dropbear
    chmod 755 /system/xbin/scp
    chmod 700 /system/xbin/dropbearkey
    
    .
    .
    Now create the ssh daemon host rsa and dss keys:
    Code:
    mkdir /system/etc/dropbear
    cd /system/etc/dropbear
    dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key
    dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
    

    .
    .
    **Optional Step if wanting to use ssh keys as part of the authentication Process


    On Client (Linux/MAC/Cygwin-Windows or Putty (however different process should be used for Putty))- Create the private and public ssh keys. Another tutorial will explain all the options on how to do this, however on the client this could be performed such as the following:
    Code:
    ssh-keygen -t rsa -b 4096 id_rsa    <Note 1024, 2096 or 4098 can be specified as the bit size>
    
    .
    Copy id_rsa.pub from the client to /system/etc/dropbear/ (via adb push/ or mounting the sdcard on the computer, transferring the file/then unmounting the sdcard)

    As root and within the /system/etc/dropbear directory
    Code:
    cat id_rsa.pub > authorized_keys

    .
    ***********


    Remount the /system partition as read only:
    Code:
    sync
    mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system
    
    .
    Start the dropbear daemon as follows (Ensure you are root) (Replace <password> with your password of choice):
    Code:
    -If simply wanting password authentication:
    dropbear -A -N root -U 0 -G 0 -C <password> -p WLANIP:22
    -If wanting wanting key and password authentication
    dropbear -A -N root -U 0 -G 0 -C <password> -R /etc/dropbear/authorized_keys -p WLANIP:22
    -If only wanting key authentication:
    dropbear -A -N root -U 0 -G 0 -C <password> -s -R /etc/dropbear/authorized_keys -p WLANIP:22
    
    .
    **Notes
    Please see dropbear -? for explanation of all switch options however:
    - If using key-based authentication, you still need to supply a password after the -C switch although it is completely ignored. Do not omit this parameter
    - Specifying the -p switch is optional. By default it listens on port 22. See dropbear -? for a further explanation or the openssh server manual to further understand this switch.

    - If wanting to run the dropbear daemon on the 3G network, the listening port must be above 2000. Hence at a minimum, the dropbear daemon would be started with a -p 2xxx parameter.

    - This application can be coupled with the DynDNS app - found in market - DynDNS for Android in conjunction with a dynamic domain name service (dyndns) such as http://no-ip.com or http://dyndns.com to allow remote access from the client using a domain name rather than an ip address. Application setup is straightforward, and has been discussed elsewhere.

    Troubleshooting:

    #1 - To confirm the dropbear daemon is running:
    Code:
    ps | grep dropbear
    .
    This should produce output similar to:
    # ps | grep dropbear
    ps | grep dropbear
    root 14107 1 736 212 c00cde7c afe0cb04 S dropbear

    #2 - If dropbear was started with the -p switch specifying an <address:port>, busybox netstat may be also used to confirm the daemon is listening on the specified tcp address and port:
    #busybox netstat -l
    busybox netstat -l
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State

    tcp 0 0 192.168.1.106:22 0.0.0.0:* LISTEN


    #3 - To kill the dropbear daemon (as root):
    Code:
    killall dropbear
    .
    .
    Addendum:
    This guide was created using Dropbear sshd 0.52

    Security Note:
    At the present time, Android 2.01 does not contain any firewall (such as iptables), nor does dropbear contain access control lists (acl's). Because of this potential security vulnerability, the phone is vulnerable to remote access if a weak password is chosen. Although the best way to secure the phone is controversial, at the present time I would recommend running the dropbear daemon listening on a non-standard port (any port other than 22), and the use of authentication keys whenever possible. Hopefully custom ROMs soon to be released will add an additional layer of security such as an iptables (and port-knocking) application.

    Uninstalling Dropbear SSH
    .
    The following commands will undo the entire process listed in this thread:
    Code:
    adb shell  <--May be eliminated if not using adb
    su
    mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system 
    rm /system/xbin/dropbear
    rm /system/xbin/dropbearkey
    rm /system/xbin/scp
    cd /system/etc/dropbear
    busybox rm -rf /system/etc/dropbear
    sync
    mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system 
    
    .
    Last edited: Dec 18, 2009
  2. kevdog
    Offline

    kevdog Member

    Joined:
    Nov 14, 2009
    Messages:
    722
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Guide completed -- Thanks for your patience
  3. Finnstang
    Offline

    Finnstang Member

    Joined:
    Nov 2, 2009
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Great guide! Thanks!


    Does this only work on WiFi?
  4. kevdog
    Offline

    kevdog Member

    Joined:
    Nov 14, 2009
    Messages:
    722
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    No this will work with 3G as well as LAN. 3G assigns an individual IP address as well. Just be aware that when running this over 3G, that the only thing that protects outsiders from the phone is the strength of the password or the key. Of course there could also exist a zero-day exploit within the dropbear code itself. Currently there is no firewall on the Droid kernel such as iptables. I expect this to be offered more with custom mods in the future.
  5. Finnstang
    Offline

    Finnstang Member

    Joined:
    Nov 2, 2009
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    I start dropbear with the following command (using a real password of course):
    Code:
    dropbear -A -N root -U 0 -G 0 -C <password>
    And I can use PuTTY to SSH in to the phone when it is on WiFi, but when just on 3G, it is timing out. Maybe I am not using the correct IP address? How are you checking to see the external IP?

    ETA: I also just tried starting dropbear with the -p option giving it the external address I see in place of WLANIP and then 22 as the port, and I still time out trying to connect with PuTTY.
    Last edited: Dec 16, 2009
  6. kdubbicles
    Offline

    kdubbicles New Member

    Joined:
    Dec 16, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Hey I'm on OSX using Transmit SFTP, with no positive results. I can get in via SSH in Terminal but when I try on the Transmit GUI I get permission denied. dropbear recognizes it as a child, accepts the password, but then boots me. Any ideas?
  7. ravage382
    Offline

    ravage382 New Member

    Joined:
    Dec 16, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    A quick startup script for the ssh server.
    Code:
    IP=`busybox ifconfig tiwlan0 |grep addr |cut -f 2 -d ":" |cut -f 1 -d " " |grep "."|cut -f 1 -d " " |grep -v Ethernet`
    dropbear -A -N root -U 0 -G 0 -C password -p $IP:22
    echo "Dropbear started with IP:"$IP
    
    Put this into /system/xbin/db.sh
    Start the server with /system/xbin/db.sh
    This automates the supplying of the IP address to the dropbear server and prints the IP address that it is bound to.
    Substitute password for your password of choice.
  8. Finnstang
    Offline

    Finnstang Member

    Joined:
    Nov 2, 2009
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    I get a "device not found" error when trying to do an ifconfig for tiwlan0
  9. ravage382
    Offline

    ravage382 New Member

    Joined:
    Dec 16, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    You are on wireless and not 3G, correct? If so, can you do a "busybox ifconfig" from adb and paste the results?
  10. Finnstang
    Offline

    Finnstang Member

    Joined:
    Nov 2, 2009
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    no...on 3G.
  11. ravage382
    Offline

    ravage382 New Member

    Joined:
    Dec 16, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    You will want to be on wireless, so the droid is on the same network as the computer you will be sshing from. If for some reason you want to be on 3g, replace tiwlan0 with ppp0.
    I have my doubts that you will be able to use it over 3g though.
  12. Finnstang
    Offline

    Finnstang Member

    Joined:
    Nov 2, 2009
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    kevdog said above that it should work on 3G also...I have yet to be able to get it working.
  13. ravage382
    Offline

    ravage382 New Member

    Joined:
    Dec 16, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    A slightly modified version that lets you choose 3g or wifi.
    edit: Now starts on port 2222 for 3g.

    Code:
    echo "Starting Dropbear"
    echo "1. Bind with 3G"
    echo "2. Bind with Wifi"
    echo -n "->"
    read selection
    
    if [ $selection -eq 1 ]; then
            IP=`busybox ifconfig ppp0 |grep addr |cut -f 2 -d ":" |cut -f 1 -d " " |grep "."|cut -f 1 -d " " |grep -v Ethernet`
            PORT=2222
    fi
    if [ $selection -eq 2 ]; then
            IP=`busybox ifconfig tiwlan0 |grep addr |cut -f 2 -d ":" |cut -f 1 -d " " |grep "."|cut -f 1 -d " " |grep -v Ethernet`
            PORT=22
    fi
    if [ $selection -lt 1 ] || [ $selection -gt 2 ]; then
            echo "Invalid Selection.  Value must be 1 or 2"
            exit 1
    fi
    
    dropbear -A -N root -U 0 -G 0 -C passwd -p $IP:$PORT
    echo "Dropbear started with IP:"$IP:$PORT
    
    
    Last edited: Dec 17, 2009
  14. Finnstang
    Offline

    Finnstang Member

    Joined:
    Nov 2, 2009
    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Nice.

    I'd be curious to hear if anyone actually has done SSH via 3G, though, and how they accomplished that.
  15. kevdog
    Offline

    kevdog Member

    Joined:
    Nov 14, 2009
    Messages:
    722
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    No good for me on 3G. What a waste!
Search tags for this page

android dropbear

,

android sshd

,
android x86 ssh server
,
dropbear apk
,
open ssh apk
,
openssh apk
,
openssh.apk
,
quicksshd could not start dropbear
,
ssh daemon android
,
ssh daemon apk