Thursday, April 28, 2011

Dropbear sshd on Android device

Recently I needed to have SSH connection with Android development board but since no SSH daemon is included in the official Android release I had some troubles finding the right way to do it.

The following guide was tested on OMAP3 development board with Android Eclair but should be working on any (rooted/unlocked) phone with Android.

Instructions how to run dropbear sshd on Android device:

First you fetch the latest Dropbear sources:
git clone git://android.git.kernel.org/platform/external/dropbear.git

Since the Android has different paths, no password support, etc. we must fix this in the original sources by applying the patch found here: http://pastebin.com/f3dedc5e7
...the only problem is that it's for older version of Dropbear so we must try to apply it manually :(

After patch was applied build with:
./configure --host=arm-none-linux-gnueabi --disable-zlib
make CC=arm-none-linux-gnueabi-gcc

In case you're unable to apply the patch correctly or something went wrong with the build here is a archive with prebuilt binaries (dropbear, dropbearkey, dropbearconvert):

(Another guide how to build Dropbear for Android can be found @ http://teslacoilsw.com/dropbear)

Install:

To install dropbear on the desired gadget copy the binaries to some custom dir, e.g. /dropbear.


Setup the Server (Android):

Generate a RSA server key using dropbearkey:
dropbearkey -t rsa -f dropbear_rsa_host_key

Then create a dir /data/dropbear and copy dropbear_rsa_host_key there.

Test dropbear:
/dropbear/dropbear -r dropbear_rsa_host_key -F -E -v -s

This should show you the debuglog (the (-F) option means non-daemon mode).

Now we need to generate a key-pair for the client to connect with (Dropbear is run with the option -s (no-password) because there is no password support in Android):

//generates a private key
dropbearkey -t rsa -f /dropbear/id_rsa

//extract the public-key:
dropbearkey -f /dropbear/id_rsa -y > /dropbear/id_rsa.pub

We need to create /data/dropbear/.ssh and cat the public-key to authorized_keys:
mkdir /data/dropbear/.ssh
cat /dropbear/id_rsa.pub > /data/dropbear/.ssh/authorized_keys

IMPORTATNT: Check the perms of /data/dropbear and make sure they are *only* readable/writable by root!


Setup the Client (Ubuntu):

As dropbear and openssh use different key formats we first need to convert id_rsa (private key) to openssh-format:
./dropbearconvert dropbear openssh /dropbear/id_rsa /dropbear/id_rsa_openssh

Now move id_rsa and id_rsa_openssh to your desktop (e.g. to your home dir).

Before establishing connection gadget's USB interface should be UP:
busybox ifconfig usb0 up 192.168.1.2
(yes, busybox must be installed on the Android device...)

Finally connect to the device:
ssh -i id_rsa_openssh <device-ip>

You can use -vv for both the client and the server to see debug info and fix whatever is wrong.


Setup the Client (Windows XP):

The only difference is that we use different SSH client. I used PuTTY.
So...
- boot the board/phone
- connect PC with board with USB cable and wait for auto install
- set IP address (TCP/IP settings) in the automatically created USB Ethernet connection
- copy auth. keys generated with dropbear
- convert OpenSSH key to "PuTTY" key (ppk) using PuTTYGen
- open PuTTY and set remote IP/Port to connect to
- use SSH key generated with PuttyGen: Connection -> SSH -> Auth -> select key
- connect!

NOTE: The above is extended/edited version of the original guide @ http://cri.ch/sven/doku.php/blog/running-dropbear-on-android

-----------------------------------------------------------------------------------------------------------------

2 comments:

  1. Hi,
    I have gotten dropbear running on my Android. I rooted the phone, installed busybox, installed dropbear. I followed the instuctions on your linked site. I get the ole permission denied public key message. I think the permissions are wrong. I'm running openssh on Freebsd. Any suggestions?

    ReplyDelete
  2. Nate,
    Check the permissions of /data/dropbear.

    chown -R root:root /data/dropbear

    ReplyDelete