Use of sshd on Android

1. Introduction

For some reason, I need to develop on Android, use the ADB more trouble, so I want to use sshd.

The recommended software is OpenSSH, other options are dropbear, mosh.
Of course there are other options, such as Termux, which are not discussed here.

2. Compiling the configuration

There are already openssh packages in Android, located in External/openssh
The default openssh is not compiled into the Android system and needs to be configured

2.1 OpenSSH Module

First of all, we want to understand that Android programs are only available in the form of modules (PACKAGES)
We add android.mk files to the module in accordance with established rules and define them by Local_module
For OpenSSH, it contains the following modules

SCP, SFTP, SSH, sshd, Sshd_config, Ssh-keygen, Start-ssh

2.2 Android compilation system

The second is that we need to add the OpenSSH module to the Android build system
And all the modules that need to be compiled into Android are defined by the product_packages variable.

Android at compile time usually through the lunch in the development of target
In BPI, for example, the command used is lunch Mars_a31s-eng
and Mars_a31s-eng is defined in device/softwinner/mars-a31s/vendorsetup.sh.

Add_lunch_combo Mars_a31s-eng

The target also developed a total makefile, located in Device/softwinner/mars-a31s/androidproducts.mk

Product_makefiles: = \
$ (Local_dir)/mars_a31s.mk

Mars_a31s.mk also contains a myriad of other makefile, which include the DEVICE/SOFTWINNER/FIBER-COMMON/FIBER-COMMON.MK
We'll add the OpenSSH module to the Fiber-common.mk file.

In Fiber-common.mk, add the following:

# OPENSSH
Product_packages + = \
SCP \
SFTP \
SSH \
SSHD \
Sshd_config \
Ssh-keygen \
Start-ssh

Then recompile the Android system

2.3 OpenSSH File

After compiling, you can see that the files in the file system are OpenSSH (different in cm) after burning or flashing the machine.

/system/bin/ssh
/system/bin/ssh-keygen
/system/bin/sshd
/system/bin/start-ssh
/system/bin/scp
/system/bin/sftp
/system/etc/ssh/sshd_config

3. OpenSSH Configuration

Using SSH in Linux we generally use the Username/password approach
But there is no such concept in Android, of course, you can modify the source code or add pseudo-user way
Here's another way to use SSH is to log in with a key

Note: The following commands are executed under root

3.1 Creating a directory structure

Mkdir-p/data/ssh/empty
chmod 700/data/ssh
chmod 700/data/ssh/empty

Which is /data/ssh used to store the key file and the sshd configuration file

3.2 Build configuration file

Cat/system/etc/ssh/sshd_config | \

    ' s/#PermitRootLogin yes$/permitrootlogin without-password/' | \

    ' s/#RSAAuthentication yes/rsaauthentication yes/' | \

    ' s/#PubkeyAuthentication yes/pubkeyauthentication yes/' | \

    ' s/passwordauthentication no/#PasswordAuthentication no/' | \

    ' s/#PermitEmptyPasswords no/permitemptypasswords yes/' | \

    ' s/#ChallengeResponseAuthentication yes/challengeresponseauthentication yes/' | \

    ' s/#UsePrivilegeSeparation yes/useprivilegeseparation no/' | \

    ' s;/usr/libexec/sftp-server;internal-sftp; ' > \

    /data/ssh/sshd_config

chmod 600/data/ssh/sshd_config

What needs to be explained here is that we need to be configured for root use without requiring a password.

Also, be aware that Authorizedkeysfile is specified in the configuration file as/data/ssh/authorized_keys

3.3 Generate key

Use the following command to generate the key on the Windows/linux

Ssh-keygen-t rsa-c "your_email_address

The above command generates the. SSH directory in the home directory, which contains the Id_rsa (private key) and id_rsa.pub (public key) two files

The id_rsa.pub is then uploaded to Android via commands such as ADB (!!! File to correspond to Authorizedkeysfile!!!)

ADB push Id_rsa.pub/data/ssh/authorized_keys
chmod 600/data/ssh/authorized_keys
Chown Root:root/data/ssh/authorized_keys

3.4 Generating a startup script

Mkdir-p/DATA/LOCAL/USERINIT.D
Cat/system/bin/start-ssh | \
Sed ' s;/system/etc/ssh/sshd_config;/data/ssh/sshd_config; ' > \
/data/local/userinit.d/99sshd
chmod 755/data/local/userinit.d/99sshd

Generate a single startup script from the command above
You can then start the sshd by executing the following script

/data/local/userinit.d/99sshd

If there is a problem during the actual operation, you can start the sshd with the following command in debug mode

/system/bin/sshd-f/data/ssh/sshd_config-d-ddd

3.5 Connect sshd

Connect sshd with commands

SSH [email protected]

Note that you need to configure the Use Key login option when using the SSH client under Windows and specify the key file
The location of the specific options varies depending on the tool

Similarly, SFTP and SCP logins are also true
The author finds that WINSCP cannot successfully connect SFTP because there are no configurable items, and FileZilla can

4. sshd self-booting

Now that sshd is ready to run and log in, the next thing you need to do is let sshd self-boot

4.1 Modifying Init.rc

This is the most direct approach, the problem is that init.rc is generated by the boot.img dynamic generation of Initramfs
So even if it is modified in a file system that is already running, the original content will be restored after the reboot.
Then it can only be modified in the source code and then compiled.

Find system/core/rootdir/init.rc, found that already contains the sshd content, but the default is disabled, and the boot is not what we expected

Service Sshd/system/bin/start-ssh
Class Main
Disable

Change the init.rc revision to

Service Sshd/system/bin/start-ssh
Class Main
User root
Group Root

4.2 Other documents

Additional files that need to be modified include the following EXTERNAL/OPENSSH/START-SSH and External/openssh/sshd_config.android

Specific changes can be referred to the previous description

Reference:
<sshd HOWTO for cm>
< understanding Android Build System >
<android start-up process in-depth analysis >
< analysis of Android system structure > from CM process and principle of brush machine

Use of sshd on Android