How to SetUp an SSH Daemon on Droid using Dropbear as the SSH Daemon/Server Assumptions: #1 - Phone has been rooted: - Search forums if unsure how to do this #2 - Busybox has been installed - Again search forums for method #3 - ADB (Android Debug Bridge) is installed on host computer - (Step isn't absolutely necessary if a program such as Android Terminal Emulator: androidterm - Project Hosting on Google Code is installed, however I personally find it a lot easier to install and debug using adb). Process: #1 - Download and unzip the dropbear, dropbearkeys, and scp executables. These files can be found on post #3 here: AllDroid.org - View topic - SSH! #2 - Place the executables dropbear, dropbearkey, and scp within /sdcard/dropbear The dropbear directory may need to be created. Ensure the sdcard is unmounted from the computer prior to issuing the following commands. Code: adb shell <--May be eliminated if not using adb su mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system (Makes the system partition read and writeable) cat /sdcard/dropbear/dropbear > /system/xbin/dropbear cat /sdcard/dropbear/dropbearkey > /system/xbin/dropbearkey cat /sdcard/dropbear/scp > /system/xbin/scp chmod 755 /system/xbin/dropbear chmod 755 /system/xbin/scp chmod 700 /system/xbin/dropbearkey . . Now create the ssh daemon host rsa and dss keys: Code: mkdir /system/etc/dropbear cd /system/etc/dropbear dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key . . **Optional Step if wanting to use ssh keys as part of the authentication Process On Client (Linux/MAC/Cygwin-Windows or Putty (however different process should be used for Putty))- Create the private and public ssh keys. Another tutorial will explain all the options on how to do this, however on the client this could be performed such as the following: Code: ssh-keygen -t rsa -b 4096 id_rsa <Note 1024, 2096 or 4098 can be specified as the bit size> . Copy id_rsa.pub from the client to /system/etc/dropbear/ (via adb push/ or mounting the sdcard on the computer, transferring the file/then unmounting the sdcard) As root and within the /system/etc/dropbear directory Code: cat id_rsa.pub > authorized_keys . *********** Remount the /system partition as read only: Code: sync mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system . Start the dropbear daemon as follows (Ensure you are root) (Replace <password> with your password of choice): Code: -If simply wanting password authentication: dropbear -A -N root -U 0 -G 0 -C <password> -p WLANIP:22 -If wanting wanting key and password authentication dropbear -A -N root -U 0 -G 0 -C <password> -R /etc/dropbear/authorized_keys -p WLANIP:22 -If only wanting key authentication: dropbear -A -N root -U 0 -G 0 -C <password> -s -R /etc/dropbear/authorized_keys -p WLANIP:22 . **Notes Please see dropbear -? for explanation of all switch options however: - If using key-based authentication, you still need to supply a password after the -C switch although it is completely ignored. Do not omit this parameter - Specifying the -p switch is optional. By default it listens on port 22. See dropbear -? for a further explanation or the openssh server manual to further understand this switch. - If wanting to run the dropbear daemon on the 3G network, the listening port must be above 2000. Hence at a minimum, the dropbear daemon would be started with a -p 2xxx parameter. - This application can be coupled with the DynDNS app - found in market - DynDNS for Android in conjunction with a dynamic domain name service (dyndns) such as http://no-ip.com or http://dyndns.com to allow remote access from the client using a domain name rather than an ip address. Application setup is straightforward, and has been discussed elsewhere. Troubleshooting: #1 - To confirm the dropbear daemon is running: Code: ps | grep dropbear . This should produce output similar to: # ps | grep dropbear ps | grep dropbear root 14107 1 736 212 c00cde7c afe0cb04 S dropbear #2 - If dropbear was started with the -p switch specifying an <addressort>, busybox netstat may be also used to confirm the daemon is listening on the specified tcp address and port: #busybox netstat -l busybox netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.1.106:22 0.0.0.0:* LISTEN #3 - To kill the dropbear daemon (as root): Code: killall dropbear . . Addendum: This guide was created using Dropbear sshd 0.52 Security Note: At the present time, Android 2.01 does not contain any firewall (such as iptables), nor does dropbear contain access control lists (acl's). Because of this potential security vulnerability, the phone is vulnerable to remote access if a weak password is chosen. Although the best way to secure the phone is controversial, at the present time I would recommend running the dropbear daemon listening on a non-standard port (any port other than 22), and the use of authentication keys whenever possible. Hopefully custom ROMs soon to be released will add an additional layer of security such as an iptables (and port-knocking) application. Uninstalling Dropbear SSH . The following commands will undo the entire process listed in this thread: Code: adb shell <--May be eliminated if not using adb su mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system rm /system/xbin/dropbear rm /system/xbin/dropbearkey rm /system/xbin/scp cd /system/etc/dropbear busybox rm -rf /system/etc/dropbear sync mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system .