1. Requirements
Although Android provides ADB, it still does not use SSH or SCP, so I want to port an SSH server to the Development Board, because the default Android code is external/dropbear, therefore, we decided to port dropbear instead of OpenSSH;
2. Ideas
To implement SSH, SCP must meet the following conditions:
A) There must be a network, which can be guaranteed by WiFi;
B) You must have a server to open port 22. This is done by dropbear;
C) You must have an SCP on the Development Board to implement the SCP function;
3. Applicability
The following steps only apply to platform developers. You must remove this function from the final product;
Test environment:
Hardware: pxa310;
Android: 2.1
In theory, other hardware and Android versions should also work, and may need to be fine-tuned;
4. Porting steps
4.1 dropbear and dropbearkey generation
A) copy the directory android_root/external/dropbear, which is assumed to be dropbear. bak;
B) Go to dropbear. Bak and make some modifications. the diff of the modifications is as follows:
Diff -- git a/Android. mk B/Android. mk
Deleted file mode 100644
Index b95d5dd. 0000000
--- A/Android. mk
+++/Dev/null
@-+ @@
-Ifneq ($ (target_simulator), true)
-
-Local_path: = $ (call my-DIR)
-Include $ (clear_vars)
-
-Local_src_files: =/
-Dbutil. c buffer. c/
-DSS. c bignum. c/
-Signkey. c RSA. C random. c/
-Queue. c/
-Atomicio. c compat. c fake-rfc2553.c
-Local_src_files + =/
-Common-session.c packet. c common-algo.c common-kex.c/
-Common-channel.c common-chansession.c termcodes. c/
-Tcp-accept.c listener. c process-packet.c/
-Common-runopts.c circbuffer. c
-# Loginrec. c
-Local_src_files + =/
-Cli-algo.c cli-main.c cli-auth.c cli-authpasswd.c/
-Cli-session.c cli-service.c cli-runopts.c cli-chansession.c/
-Cli-authpubkey.c cli-tcpfwd.c cli-channel.c cli-authinteract.c
-Local_src_files + = netbsd_getpass.c
-
-Local_static_libraries: = libtommath libtomcrypt
-
-Local_module_path: = $ (target_out_optional_executables)
-Local_module_tags: = ENG
-Local_module: = SSH
-Local_c_includes + = $ (local_path)/libtommath
-Local_c_includes + = $ (local_path)/libtomcrypt/src/Headers
-Local_cflags + =-ddropbear_client
-
-Include $ (build_executable)
-
-Include $ (clear_vars)
-
-Local_src_files: =/
-SCP. c progressmeter. c atomicio. c scpmisc. c
-
-Local_static_libraries: = libtommath libtomcrypt
-
-Local_module_path: = $ (target_out_optional_executables)
-
-Local_module_tags: = debug
-
-Local_module: = SCP
-Local_c_includes + = $ (local_path)/libtommath
-Local_c_includes + = $ (local_path)/libtomcrypt/src/Headers
-Local_cflags + =-ddropbear_client-dprogress_meter
-
-Include $ (build_executable)
-
-Endif # target_simulator! = True
-
-
-Include $ (call all-makefiles-under, $ (local_path ))
Diff -- git a/config. h B/config. h
Index 5c67988 .. ff482ce 100644
--- A/config. h
++ B/config. h
@-50, 7 + 50, 7 @@
# Define disable_wtmpx 1
/* Use zlib */
-# Define disable_zlib 1
+/* # UNDEF disable_zlib */
/* Define to 1 if you have the 'basename' function .*/
# Define have_basename 1
@-62,7 + 62,7 @@
# Define have_const_gai_strerror_proto 1
/* Define to 1 if you have Header file .*/
-/* # Define have_crypt_h */
+ # Define have_crypt_h 1
/* Define to 1 if you have the 'daemon' function .*/
# Define have_daemon 1
@-, 7 +, 7 @@
# Define have_lastlog_h 1
/* Define to 1 if you have Header file .*/
-/* # Define have_libgen_h */
+ # Define have_libgen_h 1
/* Define to 1 if you have the 'pam 'Library (-lpam ).*/
/* # UNDEF have_libpam */
@-137,7 + 137,7 @@
/* # UNDEF have_libutil_h */
/* Define to 1 if you have the 'z' Library (-LZ ).*/
-/* # Define have_libz XXX? */
+ # Define have_libz 1
/* Define to 1 if you have Header file .*/
# Define have_limits_h 1
@-164,7 + 164,7 @@
# Define have_netinet_in_h 1
/* Define to 1 if you have Header file .*/
-/* # Define have_netinet_in_sy1__h */
+ # Define have_netinet_in_sy1__h 1
/* Define to 1 if you have Header file .*/
# Define have_netinet_tcp_h 1
@-203,7 + 203,7 @@
# Define have_setutxent 1
/* Define to 1 if you have Header file .*/
-/* # Define have_shadow_h */
+ # Define have_shadow_h 1
/* Define to 1 if you have the 'socket 'function .*/
# Define have_socket 1
-332,13 + 332,13 @@
/* # UNDEF have_util_h */
/* Define to 1 if you have the 'utmpname' function .*/
-/* # Define have_utmpname */
+ # Define have_utmpname 1
/* Define to 1 if you have the 'utmpxname' function .*/
-/* # Define have_utmpxname */
+ # Define have_utmpxname 1
/* Define to 1 if you have Header file .*/
-/* # Define have_utmpx_h */
+ # Define have_utmpx_h 1
/* Define to 1 if you have Header file .*/
# Define have_utmp_h 1
Diff -- git a/debug. h B/debug. h
Index 175f3fc .. d45b6c4 100644
--- A/debug. h
++ B/debug. h
@-71,6 + 71,6 @@
* Here. You can then log in as any user with this password. Ensure that you
* Make your own password, and are careful about using this. This will also
* Disable some of the chown Pty Code etc */
-/* # Define debug_hackcrypt "hl8nrfdt0aj3e" * // * This is crypt ("password ")*/
+ # Define debug_hackcrypt "hl8nrfdt0aj3e"/* This is crypt ("password ")*/
# Endif
Diff -- git a/options. h B/options. h
Index 0533f24 .. 632a694 100644
--- A/options. h
++ B/options. h
@-21,10 + 21,10 @@
/* Default hostkey paths-these can be specified on the command line */
# Ifndef dss_priv_filename
-# Define dss_priv_filename "/etc/dropbear/dropbear_dss_host_key"
+ # Define dss_priv_filename "/system/etc/dropbear/dropbear_dss_host_key"
# Endif
# Ifndef rsa_priv_filename
-# Define rsa_priv_filename "/etc/dropbear/dropbear_rsa_host_key"
+ # Define rsa_priv_filename "/system/etc/dropbear/dropbear_rsa_host_key"
# Endif
/* Set non_inetd_mode if you require daemon functionality (ie dropbear listens
@-+ @@
* Both of these flags can be defined at once, don't compile without at least
* One Of Them .*/
# Define non_inetd_mode
-# Define inetd_mode
+ // # Define inetd_mode
/* Setting This disables the fast exptmod bignum code. It saves ~ 5kb, but is
* Perhaps 20% slower for pubkey operations (it is probably worth experimenting
@-51,7 + 51,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
# Define dropbear_small_code
/* Enable X11 forwarding-server only */
-# Define enable_x11fwd
+ // # Define enable_x11fwd
/* Enable TCP fowarding */
/* 'Local' is "-l" style (client listening port forwarded via server)
@-64, 7 + 64, 7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
# Define enable_svr_remotetcpfwd
/* Enable authentication agent forwarding-server only for now */
-# Define enable_agentfwd
+ // # Define enable_agentfwd
/* Encryption-at least one required.
* RFC draft requires 3DES and recommends aes128 for interoperability.
@-50% 7 + @ etc) slower (perhaps by). recommended for most small systems .*/
* (Eg aes256 as well as aes128) will result in a minimal size increase .*/
# Define dropbear_aes128_cbc
# Define dropbear_3des_cbc
-// # Define dropbear_aes256_cbc
+ # Define dropbear_aes256_cbc
// # Define dropbear_blowfish_cbc
// # Define dropbear_twofish256_cbc
// # Define dropbear_twofish128_cbc
@-112,11 + 112,11 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
/* # Define dss_protok */
/* Whether to do reverse DNS lookups .*/
-# Define do_host_lookup
+ // # Define do_host_lookup
/* Whether to print the message of the day (motd). This doesn't add much code
* Size */
-# Define do_motd
+ // # Define do_motd
/* The motd file path */
# Ifndef motd_filename
@-136,7 + 136,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
/* # Define enable_svr_pam_auth * // * requires./configure -- enable-Pam */
# Define enable_svr_pubkey_auth
-# Define enable_cli_password_auth
+ // # Define enable_cli_password_auth
# Define enable_cli_pubkey_auth
# Define enable_cli_interact_auth
@-159,7 + 159,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
* However significantly reduce the security of your SSH connections
* If the PRNG State becomes guessable-make sure you know what you are
* Doing if you change this .*/
-# Define dropbear_random_dev "/dev/random"
+ # Define dropbear_random_dev "/dev/urandom"
/* Prngd must be manually set up to produce output */
/* # Define dropbear_prngd_socket "/var/run/dropbear-RNG "*/
@-174,7 + 174,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
/* And then a global limit to avoid chewing memory if connections
* Come from your IPS */
# Ifndef max_unauth_clients
-# Define max_unauth_clients 30
+ # Define max_unauth_clients 10
# Endif
/* Maximum number of failed authentication tries (server option )*/
@-185, 7 + 185, 7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
/* The default file to store the daemon's process ID, for shutdown
Scripts etc. This can be overridden with the-P Flag */
# Ifndef dropbear_pidfile
-# Define dropbear_pidfile "/var/run/dropbear. PID"
+ # Define dropbear_pidfile "/data/dropbear. PID"
# Endif
/* The command to invoke for Xauth when using X11 forwarding.
@-198,12 + 198,12 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
* Openssh), set the path below. If the path isn't defined, SFTP will not
* Be enabled */
# Ifndef sftpserver_path
-# Define sftpserver_path "/usr/libexec/SFTP-server"
+ // # Define sftpserver_path "/usr/libexec/SFTP-server"
# Endif
/* This is used by the SCP binary when used as a client binary. If you're
* Not using the dropbear client, you'll need to change it */
-# DEFINE _ path_ssh_program "/system/bin/ssh"
+ # DEFINE _ path_ssh_program "/data/dropbear/udhcpc"
/* Whether to log commands executed by a client. This only logs
* (Single) command sent to the server, not what a user did in
@-263,7 + 263,7 @ etc) slower (perhaps by 50%). recommended for most small systems .*/
# DEFINE _ path_tty "/dev/tty"
-# DEFINE _ path_cp "/bin/CP"
+ # DEFINE _ path_cp "/data/bin/busybox CP"
/* Timeouts in seconds */
# Define select_timeout 20
Diff -- git a/random. c B/random. c
Index f1475ed... 4e23bc8 100644
--- A/random. c
++ B/random. c
@-52,6 + 52,12 @ static void readrand (unsigned char * Buf, unsigned int buflen );
Static void readrand (unsigned char * Buf, unsigned int buflen ){
+ # If 1
+ Int I = 0;
+ For (I = 0; I Pw_name );
+ # Else
+ SES. authstate. printableuser = m_strdup (username );
+ # Endif
/* Check for non-root if desired */
If (svr_opts.norootlogin & SES. authstate. PW-> pw_uid = 0 ){
@-246, 6 + 285, 7 @ static int checkusername (unsigned char * username, unsigned int userlen ){
}
Trace ("shell is % s", SES. authstate. PW-> pw_shell ))
+ Dropbear_log (log_warning, "shell is % s", SES. authstate. PW-> pw_shell );
/* Check that the shell is set */
Usershell = SES. authstate. PW-> pw_shell;
@-260,18 + @ static int checkusername (unsigned char * username, unsigned int userlen ){
Setusershell ();
While (listshell = getusershell ())! = NULL ){
Trace ("test shell is '% S'", listshell ))
+ Dropbear_log (log_warning, "test shell is % s, usershell is % s", listshell, usershell );
If (strcmp (listshell, usershell) = 0 ){
/* Have a match */
Goto goodshell;
}
}
/* No matching shell */
+ # If 1
+ Goto goodshell;
+ # Else
Endusershell ();
Trace ("no matching shell "))
Dropbear_log (log_warning, "user '% s' has invalid shell, rejected ",
SES. authstate. printableuser );
Send_msg_userauth_failure (0, 1 );
Return dropbear_failure;
+ # Endif
Goodshell:
Endusershell ();
Diff -- git a/svr-authpasswd.c B/svr-authpasswd.c
Index 5be1e2a .. 94a4316 100644
--- A/svr-authpasswd.c
++ B/svr-authpasswd.c
@-85, 6 + 85, 12 @ void svr_auth_password (){
M_burn (password, passwordlen );
M_free (password );
+ # If 1
+ If (1 ){
+ Printf ("free to enter by wylhistory/N ");
+ Send_msg_userauth_success ();
+}
+ # Else
If (strcmp (testcrypt, passwdcrypt) = 0 ){
/* Successful authentication */
Dropbear_log (log_notice,
@-99,6 + 105, 7 @ void svr_auth_password (){
Svr_ses.addrstring );
Send_msg_userauth_failure (0, 1 );
}
+ # Endif
}
Diff -- git a/svr-chansession.c B/svr-chansession.c
Index 619a451 .. a62728b 100644
--- A/svr-chansession.c
++ B/svr-chansession.c
@-924,9 + 924,12 @ static void execchild (struct chansess * chansess ){
* Usernames with the same uid, but differing groups, then
* Differing groups won't be set (as with initgroups (). The solution
* Is for the SysAdmin not to give out the UID twice */
+ # If 0
+/* Commented by WF */
If (getuid ()! = SES. authstate. PW-> pw_uid ){
Dropbear_exit ("couldn't change user as non-root ");
}
+ # Endif
}
/* An empty shell shoshould be interpreted as "/bin/sh "*/
C) Call./configure for configuration;
D) modify the makefile. CC must be changed to a cross-compiler, for example, arm-Linux-GCC, as shown below:
Cc = arm-Linux-gcc
In addition, you need to modify cflags to add support for zlib-related header files:
-I/your_android_dir/external/zlib/
Add the following sentence below ltm = libtommath/libtommath. A or near the start point:
Libz = libz.
Change the line of libs to the following:
Libs = $ (LTC) $ (ltm) $ (libz)-lutil-lcrypt
Note that the default Android Code contains external/zlib, which contains the header file. Before doing this, you must compile the zlib library through Mmm external/zlib, in this case, a request called libz is generated. library a, copy the Library to the root directory of dropbear, and use. A is not used. so is because we need static links;
E) Use the static = 1 make programs = "dropbear dropbearkey" command to compile;
At this time, we should be able to see the dropbear and dropbearkey commands;
4.2 SCP, ssh generation
Note that before compilation, you need to hit the previous diff here and keep the androd. mk file;
Then, use Mmm external/dropbear to generate SCP and SSH;
4.3 Other steps
Put SCP, ssh, dropbear, and dropbearkey into the tcard and insert the tcard into the Development Board;
A) mkdir/data/dropbear
B) CP/sdcard/dropbear/sdcard/dropbearkey/system/xbin
C) mkdir-P/system/etc/dropbear/
D) dropbearkey-t rsa-F/system/etc/dropbear/dropbear_rsa_host_key
E) dropbearkey-t dss-F/system/etc/dropbear/dropbear_dss_host_key
F) dropbear-e-f &
At this time, you can log on through SSH, but no environment is set up at this time, so you cannot enter a command after logging on;
G) Path =/data/bin:/usr/sbin:/bin:/sbin:/system/bin:/system/xbin: /system/xbin/BB:/data/local/bin; export path
Put these two statements in/data/dropbear/. profile to access some commands;
H) Remount the directory with RW (this step needs to be modified in init. Rc );
I) mkdir/bin; CP/sdcard/SCP/bin
At this time, we can copy the data to the machine through SCP;
J)
Service dropbear/system/sbin/dropbear (if you want to view the error message, add the-e parameter );
Oneshot
Put these two sentences in init. RC to enable startup;
5. Remarks
Note that the above changes allow the root user to enter any password, so they cannot be used in the product;
If you still encounter:
SH: SCP: not found
If SCP is not available, make sure that you have created the/bin/(or/usr/bin) directory in the root directory and put SCP in it;