Dropbear for Android porting

1. Requirements
Although Android provides ADB, it still does not use SSH or SCP, so I want to port an SSH server to the Development Board, because the default Android code is external/dropbear, therefore, we decided to port dropbear instead of OpenSSH;

2. Ideas
To implement SSH, SCP must meet the following conditions:

A) There must be a network, which can be guaranteed by WiFi;

B) You must have a server to open port 22. This is done by dropbear;

C) You must have an SCP on the Development Board to implement the SCP function;

3. Applicability
The following steps only apply to platform developers. You must remove this function from the final product;

Test environment:

Hardware: pxa310;

Android: 2.1

In theory, other hardware and Android versions should also work, and may need to be fine-tuned;

4. Porting steps
4.1 dropbear and dropbearkey generation

A) copy the directory android_root/external/dropbear, which is assumed to be dropbear. bak;

B) Go to dropbear. Bak and make some modifications. the diff of the modifications is as follows:

Diff -- git a/Android. mk B/Android. mk

Deleted file mode 100644

Index b95d5dd. 0000000

--- A/Android. mk

+++/Dev/null

@-+ @@

-Ifneq ($ (target_simulator), true)

-

-Local_path: = $ (call my-DIR)

-Include $ (clear_vars)

-

-Local_src_files: =/

-Dbutil. c buffer. c/

-DSS. c bignum. c/

-Signkey. c RSA. C random. c/

-Queue. c/

-Atomicio. c compat. c fake-rfc2553.c

-Local_src_files + =/

-Common-session.c packet. c common-algo.c common-kex.c/

-Common-channel.c common-chansession.c termcodes. c/

-Tcp-accept.c listener. c process-packet.c/

-Common-runopts.c circbuffer. c

-# Loginrec. c

-Local_src_files + =/

-Cli-algo.c cli-main.c cli-auth.c cli-authpasswd.c/

-Cli-session.c cli-service.c cli-runopts.c cli-chansession.c/

-Cli-authpubkey.c cli-tcpfwd.c cli-channel.c cli-authinteract.c

-Local_src_files + = netbsd_getpass.c

-

-Local_static_libraries: = libtommath libtomcrypt

-

-Local_module_path: = $ (target_out_optional_executables)

-Local_module_tags: = ENG

-Local_module: = SSH

-Local_c_includes + = $ (local_path)/libtommath

-Local_c_includes + = $ (local_path)/libtomcrypt/src/Headers

-Local_cflags + =-ddropbear_client

-

-Include $ (build_executable)

-

-Include $ (clear_vars)

-

-Local_src_files: =/

-SCP. c progressmeter. c atomicio. c scpmisc. c

-

-Local_static_libraries: = libtommath libtomcrypt

-

-Local_module_path: = $ (target_out_optional_executables)

-

-Local_module_tags: = debug

-

-Local_module: = SCP

-Local_c_includes + = $ (local_path)/libtommath

-Local_c_includes + = $ (local_path)/libtomcrypt/src/Headers

-Local_cflags + =-ddropbear_client-dprogress_meter

-

-Include $ (build_executable)

-

-Endif # target_simulator! = True

-

-

-Include $ (call all-makefiles-under, $ (local_path ))

Diff -- git a/config. h B/config. h

Index 5c67988 .. ff482ce 100644

--- A/config. h

++ B/config. h

@-50, 7 + 50, 7 @@

# Define disable_wtmpx 1

/* Use zlib */

-# Define disable_zlib 1

+/* # UNDEF disable_zlib */

/* Define to 1 if you have the 'basename' function .*/

# Define have_basename 1

@-62,7 + 62,7 @@

# Define have_const_gai_strerror_proto 1

/* Define to 1 if you have Header file .*/

-/* # Define have_crypt_h */

+ # Define have_crypt_h 1

/* Define to 1 if you have the 'daemon' function .*/

# Define have_daemon 1

@-, 7 +, 7 @@

# Define have_lastlog_h 1

/* Define to 1 if you have Header file .*/

-/* # Define have_libgen_h */

+ # Define have_libgen_h 1

/* Define to 1 if you have the 'pam 'Library (-lpam ).*/

/* # UNDEF have_libpam */

@-137,7 + 137,7 @@

/* # UNDEF have_libutil_h */

/* Define to 1 if you have the 'z' Library (-LZ ).*/

-/* # Define have_libz XXX? */

+ # Define have_libz 1

/* Define to 1 if you have Header file .*/

# Define have_limits_h 1

@-164,7 + 164,7 @@

# Define have_netinet_in_h 1

/* Define to 1 if you have Header file .*/

-/* # Define have_netinet_in_sy1__h */

+ # Define have_netinet_in_sy1__h 1

/* Define to 1 if you have Header file .*/

# Define have_netinet_tcp_h 1

@-203,7 + 203,7 @@

# Define have_setutxent 1

/* Define to 1 if you have Header file .*/

-/* # Define have_shadow_h */

+ # Define have_shadow_h 1

/* Define to 1 if you have the 'socket 'function .*/

# Define have_socket 1

-332,13 + 332,13 @@

/* # UNDEF have_util_h */

/* Define to 1 if you have the 'utmpname' function .*/

-/* # Define have_utmpname */

+ # Define have_utmpname 1

/* Define to 1 if you have the 'utmpxname' function .*/

-/* # Define have_utmpxname */

+ # Define have_utmpxname 1

/* Define to 1 if you have Header file .*/

-/* # Define have_utmpx_h */

+ # Define have_utmpx_h 1

/* Define to 1 if you have Header file .*/

# Define have_utmp_h 1

Diff -- git a/debug. h B/debug. h

Index 175f3fc .. d45b6c4 100644

--- A/debug. h

++ B/debug. h

@-71,6 + 71,6 @@

* Here. You can then log in as any user with this password. Ensure that you

* Make your own password, and are careful about using this. This will also

* Disable some of the chown Pty Code etc */

-/* # Define debug_hackcrypt "hl8nrfdt0aj3e" * // * This is crypt ("password ")*/

+ # Define debug_hackcrypt "hl8nrfdt0aj3e"/* This is crypt ("password ")*/

# Endif

Diff -- git a/options. h B/options. h

Index 0533f24 .. 632a694 100644

--- A/options. h

++ B/options. h

@-21,10 + 21,10 @@

/* Default hostkey paths-these can be specified on the command line */

# Ifndef dss_priv_filename

-# Define dss_priv_filename "/etc/dropbear/dropbear_dss_host_key"

+ # Define dss_priv_filename "/system/etc/dropbear/dropbear_dss_host_key"

# Endif

# Ifndef rsa_priv_filename

-# Define rsa_priv_filename "/etc/dropbear/dropbear_rsa_host_key"

+ # Define rsa_priv_filename "/system/etc/dropbear/dropbear_rsa_host_key"

# Endif

/* Set non_inetd_mode if you require daemon functionality (ie dropbear listens

@-+ @@

* Both of these flags can be defined at once, don't compile without at least

* One Of Them .*/

# Define non_inetd_mode

-# Define inetd_mode

+ // # Define inetd_mode

/* Setting This disables the fast exptmod bignum code. It saves ~ 5kb, but is

* Perhaps 20% slower for pubkey operations (it is probably worth experimenting

@-51,7 + 51,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

# Define dropbear_small_code

/* Enable X11 forwarding-server only */

-# Define enable_x11fwd

+ // # Define enable_x11fwd

/* Enable TCP fowarding */

/* 'Local' is "-l" style (client listening port forwarded via server)

@-64, 7 + 64, 7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

# Define enable_svr_remotetcpfwd

/* Enable authentication agent forwarding-server only for now */

-# Define enable_agentfwd

+ // # Define enable_agentfwd

/* Encryption-at least one required.

* RFC draft requires 3DES and recommends aes128 for interoperability.

@-50% 7 + @ etc) slower (perhaps by). recommended for most small systems .*/

* (Eg aes256 as well as aes128) will result in a minimal size increase .*/

# Define dropbear_aes128_cbc

# Define dropbear_3des_cbc

-// # Define dropbear_aes256_cbc

+ # Define dropbear_aes256_cbc

// # Define dropbear_blowfish_cbc

// # Define dropbear_twofish256_cbc

// # Define dropbear_twofish128_cbc

@-112,11 + 112,11 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

/* # Define dss_protok */

/* Whether to do reverse DNS lookups .*/

-# Define do_host_lookup

+ // # Define do_host_lookup

/* Whether to print the message of the day (motd). This doesn't add much code

* Size */

-# Define do_motd

+ // # Define do_motd

/* The motd file path */

# Ifndef motd_filename

@-136,7 + 136,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

/* # Define enable_svr_pam_auth * // * requires./configure -- enable-Pam */

# Define enable_svr_pubkey_auth

-# Define enable_cli_password_auth

+ // # Define enable_cli_password_auth

# Define enable_cli_pubkey_auth

# Define enable_cli_interact_auth

@-159,7 + 159,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

* However significantly reduce the security of your SSH connections

* If the PRNG State becomes guessable-make sure you know what you are

* Doing if you change this .*/

-# Define dropbear_random_dev "/dev/random"

+ # Define dropbear_random_dev "/dev/urandom"

/* Prngd must be manually set up to produce output */

/* # Define dropbear_prngd_socket "/var/run/dropbear-RNG "*/

@-174,7 + 174,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

/* And then a global limit to avoid chewing memory if connections

* Come from your IPS */

# Ifndef max_unauth_clients

-# Define max_unauth_clients 30

+ # Define max_unauth_clients 10

# Endif

/* Maximum number of failed authentication tries (server option )*/

@-185, 7 + 185, 7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

/* The default file to store the daemon's process ID, for shutdown

Scripts etc. This can be overridden with the-P Flag */

# Ifndef dropbear_pidfile

-# Define dropbear_pidfile "/var/run/dropbear. PID"

+ # Define dropbear_pidfile "/data/dropbear. PID"

# Endif

/* The command to invoke for Xauth when using X11 forwarding.

@-198,12 + 198,12 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

* Openssh), set the path below. If the path isn't defined, SFTP will not

* Be enabled */

# Ifndef sftpserver_path

-# Define sftpserver_path "/usr/libexec/SFTP-server"

+ // # Define sftpserver_path "/usr/libexec/SFTP-server"

# Endif

/* This is used by the SCP binary when used as a client binary. If you're

* Not using the dropbear client, you'll need to change it */

-# DEFINE _ path_ssh_program "/system/bin/ssh"

+ # DEFINE _ path_ssh_program "/data/dropbear/udhcpc"

/* Whether to log commands executed by a client. This only logs

* (Single) command sent to the server, not what a user did in

@-263,7 + 263,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/

# DEFINE _ path_tty "/dev/tty"

-# DEFINE _ path_cp "/bin/CP"

+ # DEFINE _ path_cp "/data/bin/busybox CP"

/* Timeouts in seconds */

# Define select_timeout 20

Diff -- git a/random. c B/random. c

Index f1475ed... 4e23bc8 100644

--- A/random. c

++ B/random. c

@-52,6 + 52,12 @ static void readrand (unsigned char * Buf, unsigned int buflen );

Static void readrand (unsigned char * Buf, unsigned int buflen ){

+ # If 1

+ Int I = 0;

+ For (I = 0; I Pw_name );

+ # Else

+ SES. authstate. printableuser = m_strdup (username );

+ # Endif

/* Check for non-root if desired */

If (svr_opts.norootlogin & SES. authstate. PW-> pw_uid = 0 ){

@-246, 6 + 285, 7 @ static int checkusername (unsigned char * username, unsigned int userlen ){

}

Trace ("shell is % s", SES. authstate. PW-> pw_shell ))

+ Dropbear_log (log_warning, "shell is % s", SES. authstate. PW-> pw_shell );

/* Check that the shell is set */

Usershell = SES. authstate. PW-> pw_shell;

@-260,18 + @ static int checkusername (unsigned char * username, unsigned int userlen ){

Setusershell ();

While (listshell = getusershell ())! = NULL ){

Trace ("test shell is '% S'", listshell ))

+ Dropbear_log (log_warning, "test shell is % s, usershell is % s", listshell, usershell );

If (strcmp (listshell, usershell) = 0 ){

/* Have a match */

Goto goodshell;

}

}

/* No matching shell */

+ # If 1

+ Goto goodshell;

+ # Else

Endusershell ();

Trace ("no matching shell "))

Dropbear_log (log_warning, "user '% s' has invalid shell, rejected ",

SES. authstate. printableuser );

Send_msg_userauth_failure (0, 1 );

Return dropbear_failure;

+ # Endif

Goodshell:

Endusershell ();

Diff -- git a/svr-authpasswd.c B/svr-authpasswd.c

Index 5be1e2a .. 94a4316 100644

--- A/svr-authpasswd.c

++ B/svr-authpasswd.c

@-85, 6 + 85, 12 @ void svr_auth_password (){

M_burn (password, passwordlen );

M_free (password );

+ # If 1

+ If (1 ){

+ Printf ("free to enter by wylhistory/N ");

+ Send_msg_userauth_success ();

+}

+ # Else

If (strcmp (testcrypt, passwdcrypt) = 0 ){

/* Successful authentication */

Dropbear_log (log_notice,

@-99,6 + 105, 7 @ void svr_auth_password (){

Svr_ses.addrstring );

Send_msg_userauth_failure (0, 1 );

}

+ # Endif

}

Diff -- git a/svr-chansession.c B/svr-chansession.c

Index 619a451 .. a62728b 100644

--- A/svr-chansession.c

++ B/svr-chansession.c

@-924,9 + 924,12 @ static void execchild (struct chansess * chansess ){

* Usernames with the same uid, but differing groups, then

* Differing groups won't be set (as with initgroups (). The solution

* Is for the SysAdmin not to give out the UID twice */

+ # If 0

+/* Commented by WF */

If (getuid ()! = SES. authstate. PW-> pw_uid ){

Dropbear_exit ("couldn't change user as non-root ");

}

+ # Endif

}

/* An empty shell shoshould be interpreted as "/bin/sh "*/

C) Call./configure for configuration;

D) modify the makefile. CC must be changed to a cross-compiler, for example, arm-Linux-GCC, as shown below:

Cc = arm-Linux-gcc

In addition, you need to modify cflags to add support for zlib-related header files:

-I/your_android_dir/external/zlib/

Add the following sentence below ltm = libtommath/libtommath. A or near the start point:

Libz = libz.

Change the line of libs to the following:

Libs = $ (LTC) $ (ltm) $ (libz)-lutil-lcrypt

Note that the default Android Code contains external/zlib, which contains the header file. Before doing this, you must compile the zlib library through Mmm external/zlib, in this case, a request called libz is generated. library a, copy the Library to the root directory of dropbear, and use. A is not used. so is because we need static links;

E) Use the static = 1 make programs = "dropbear dropbearkey" command to compile;

At this time, we should be able to see the dropbear and dropbearkey commands;

4.2 SCP, ssh generation

Note that before compilation, you need to hit the previous diff here and keep the androd. mk file;

Then, use Mmm external/dropbear to generate SCP and SSH;

4.3 Other steps

Put SCP, ssh, dropbear, and dropbearkey into the tcard and insert the tcard into the Development Board;

A) mkdir/data/dropbear

B) CP/sdcard/dropbear/sdcard/dropbearkey/system/xbin

C) mkdir-P/system/etc/dropbear/

D) dropbearkey-t rsa-F/system/etc/dropbear/dropbear_rsa_host_key

E) dropbearkey-t dss-F/system/etc/dropbear/dropbear_dss_host_key

F) dropbear-e-f &

At this time, you can log on through SSH, but no environment is set up at this time, so you cannot enter a command after logging on;

G) Path =/data/bin:/usr/sbin:/bin:/sbin:/system/bin:/system/xbin: /system/xbin/BB:/data/local/bin; export path

Put these two statements in/data/dropbear/. profile to access some commands;

H) Remount the directory with RW (this step needs to be modified in init. Rc );

I) mkdir/bin; CP/sdcard/SCP/bin

At this time, we can copy the data to the machine through SCP;

J)

Service dropbear/system/sbin/dropbear (if you want to view the error message, add the-e parameter );

Oneshot

Put these two sentences in init. RC to enable startup;

5. Remarks
Note that the above changes allow the root user to enter any password, so they cannot be used in the product;

If you still encounter:

SH: SCP: not found

If SCP is not available, make sure that you have created the/bin/(or/usr/bin) directory in the root directory and put SCP in it;