Dropbear

This short article explains how to connect to your Android device from another computer using the SSH protocol. This allows you to use a big screen and real keyboard to work on the device. This article focuses mainly on connecting with a Linux based computer. We will be using Dropbear on the Android device as an SSH server. Dropbear is already installed in CyanogenMod. [EDIT: Cyanogenmod 9.0 RC2 no longer includes Dropbear.]

The Android terminal is a fine app, but I prefer a big screen and real keyboard any time.

Prerequisites

• CyanogenMod ≥ 5.0.6 (for dropbear & dropbear-keygen)
• An SSH client such as OpenSSH or PuTTY
• Android debug bridge tool. Please see SDK documentation for information on how to do this.
• After the SDK is installed, ensure the device is connected to the computer through USB with ADB Debugging enabled in settings.

Create a SSH key for logging in

Create an SSH key on the computer that you wish to connect to your Android device with either `ssh-keygen` or `puttygen`. The public key will copied to the Android device and the private key remains on the computer. Only computers with the private key correctly installed can login to the Android device.

In linux:

ssh-keygen -t rsa

The output should look something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in <Filename>.
Your public key has been saved in <Filename>.

adb push <Filename> /sdcard/authorized_keys

In Windows:
If using puttygen, paste the string from the puttygen window (looks like “ssh-rsa AAAAB3…hclQ==rsa-key-20100227”) in authorized_keys.

(Do not try to rename the file created by puttygen – it’s format is incompatible with dropbear)

A password can be used to connect to the device, in this case you can skip the steps above.

Prepare the Android Device

On the computer, open terminal and run the following commands:

adb shell

mkdir /data/dropbear

chmod 755 /data/dropbear

mkdir /data/dropbear/.ssh

chmod 700 /data/dropbear/.ssh

mv /sdcard/authorized_keys /data/dropbear/.ssh/

chown root: /data/dropbear/.ssh/authorized_keys

chmod 600 /data/dropbear/.ssh/authorized_keys

dropbearkey -t rsa -f /data/dropbear/dropbear_rsa_host_key

dropbearkey -t dss -f /data/dropbear/dropbear_dss_host_key

The end result should look something like this:

# ls -la /data/dropbear
drwxr-xr-x    1 root     root          2048 Sep  5 14:55 .
drwxrwx--x    1 system   system        2048 Sep  5 14:08 ..
drwx------    1 root     root          2048 Sep  5 14:51 .ssh
-rw-------    1 root     root           458 Sep  5 14:09 dropbear_dss_host_key
-rw-------    1 root     root           427 Sep  5 14:09 dropbear_rsa_host_key
# ls -la /data/dropbear/.ssh
drwx------    1 root     root          2048 Sep  5 14:51 .
drwxr-xr-x    1 root     root          2048 Sep  5 14:55 ..
-rw-------    1 root     root           406 Sep  5 14:01 authorized_keys

• Creating directories and generating rsa/dsa keys is required even if you plan to use password login.

Finding the IP address of your Android device

Now to test Dropbear, first the IP address of the Android device must be determined, so as to communicate with it. On the Android device, through either adb shell or terminal emulator, do the following.

If connected through a WiFi network, use the following:

ifconfig eth0

The result should look something like this:

eth0: ip 192.168.1.64 mask 255.255.255.0 flags [up broadcast running multicast]

If connected through a mobile network, use the following:

ifconfig rmnet0

The result should look something like this:

rmnet0: ip 200.200.200.200 mask 255.255.255.252 flags [up broadcast multicast]

You can also list all interfaces using

ip addr

NOTE: It may not be possible host services such as SSH via your mobile network.

If that doesn’t work run cat /proc/net/dev to see the possible interfaces and use ifconfig with the appropriate interface.

Testing Dropbear

We’ll run dropbear in the foreground for testing with debugging information on the Android device. The “-s” option disables password logins (SSH public key authentication is still allowed though which is what we’re using). Use either adb shell or terminal emulator to do the following.

dropbear -s -v -F

(You can use the -Y option to specify a master password for login into any account, if not using key based authentication)

The output should look something like this:

...
TRACE (3220): listening on ':22'
TRACE (3220): enter dropbear_listen
TRACE (3220): dropbear_listen: all interfaces
TRACE (3220): bind(22) failed
TRACE (3220): leave dropbear_listen: success, 1 socks bound
[3220] Sep 05 15:16:43 Not backgrounding

NOTE: For more information about dropbear, run dropbear -h.

Now, on the computer, we will try to login to the Android device. Replace the path to your SSH private key and IP address as appropriate. On the computer’s terminal, do the following.

ssh -i ./The previously selected name for this key -l root 192.168.1.64

The output should look something like this:

Enter passphrase for key '/home/user/<Filename>':
TRACE (3229): entering fake-getpwnam
TRACE (3229): leaving fake-getpwnam
TRACE (3229): enter sign_key_free
TRACE (3229): enter dsa_key_free
TRACE (3229): leave dsa_key_free
TRACE (3229): enter rsa_key_free
TRACE (3229): leave rsa_key_free
TRACE (3229): leave sign_key_free

If it didn’t run ssh with the -v option to get verbose debugging output to try and see what went wrong.

If you get authentication errors, run this to show the device’s public rsa key

dropbearkey -y -f /data/dropbear/dropbear_rsa_host_key

• the key is formatted like ‘ssh-rsa Som3Rand0mStr1n6 root@localhost’
• copy and paste it to your PCs known_hosts file, ~/.ssh/known_hosts
• and try connecting from your PC again

Assuming everything worked, dropbear can be turned off by running:

killall dropbear

NOTE: For Windows (PuTTY with SSH keyfile) you need to configure putty as follows:

• Connection » Data » Auto-login Username = root
• Connection » SSH » Auth » Private key file = Previously selected key file

Running dropbear normally

To run dropbear, from the Android device, run:

su

dropbear -s

The shell (whether or adb or terminal emulator) can now be exited safely and dropbear will continue to run.

Dropbear can be turned off by running:

killall dropbear

Automatic startup of the sshd-server on your device

To modify the file in /system/etc/ you need to remount the partition to read/write mode using

mount -o remount,rw /system

To run Dropbear on start up, edit the /etc/init.local.rc file (Your preferred editor can be used, as long as it doesn’t introduce Windows/DOS line breaks), and add the following snippet to the end of the file

# start Dropbear (ssh server) service on boot
service sshd /system/xbin/dropbear -s
   user  root
   group root
   oneshot

The `oneshot` option instructs Android that the service should not be restarted if it is killed. For a full understanding of the Android Init system see here.

Prepare the Android device (using a root password) for OLD BUILDS of CyanogenMod

NOTE: The native dropbear binary included in CyanogenMod 4.0.4 and later seems not to support correctly password protected logins in the sense that you can login even when providing a wrong password. To make it work correctly you need to compile your own dropbear binary statically linked with uClibc.

1. Compile dropbear (statically linked with uClibc)
2. Compile busybox (statically linked with uClibc) and enable
   1. Support for shadow passwords
   2. Use internal password and group functions rather than system func
   3. Use internal shadow password functions
   4. Use internal crypt functions
   5. passwd
   6. Check new passwords for weakness
3. Copy the new dropbear and busybox binaries to the device:

   adb push busybox /sdcard/busybox

   adb push dropbear /sdcard/dropbear

   adb push dropbearkey /sdcard/dropbearkey

4. Open the terminal and become superuser/root
5. Create /data/local/bin directory
6. Copy dropbear, dropbearkey and busybox to /data/local/bin and setup file permissions, ownership and links
7. Remount /system read-write
8. Create the needed passwd files
9. Change the root password
10. Create /etc/profile with a usable path
11. Create /etc/shells
12. Remount /system read-only
13. Create the dropbear directory
14. Generate rsa and dsa keys
15. Link /data/dropbear directory to /system/etc/dropbear

    su

    mkdir /data/local/bin

    cp /sdcard/busybox /data/local/bin/busybox

    cp /sdcard/dropbear /data/local/bin/dropbear

    cp /sdcard/dropbear /data/local/bin/dropbearkey

    chown root.root /data/local/bin/dropbear

    chown root.root /data/local/bin/dropbearkey

    chown root.root /data/local/bin/busybox

    chmod 4755 /data/local/bin/busybox

    chmod 755 /data/local/bin/dropbear

    chmod 755 /data/local/bin/dropbearkey

    ln -s /data/local/bin/busybox /data/local/bin/passwd

    busybox mount -o remount,rw /dev/block/mtdblock3 /system

    echo "root:x:0:0::/data/dropbear:/system/bin/sh" > /etc/passwd

    echo "root::14531:0:99999:7:::" > /etc/shadow

    echo "root:x:0:" > /etc/group

    echo "root:!::" > /etc/gshadow

    echo "/system/bin/sh" > /etc/shells

    echo "PATH=\"/usr/bin:/usr/sbin:/bin:/sbin:/system/sbin:/system/bin:/system/xbin:/system/xbin/bb:/data/local/bin\"" > /etc/profile

    echo "export PATH" >> /etc/profile

    /data/local/bin/passwd

    Changing password for root

    New password:

    Retype password:

    Password for root changed by root

    mkdir /data/dropbear

    /data/local/bin/dropbearkey -t rsa -f /data/dropbear/dropbear_rsa_host_key

    /data/local/bin/dropbearkey -t dss -f /data/dropbear/dropbear_dss_host_key

    ln -s /data/dropbear /system/etc/dropbear

    busybox mount -o remount,ro /dev/block/mtdblock3 /system

16. Then as root to run the compiled version, call it with the full path:

    /data/local/bin/dropbear

See also

Link to alternative explanation: dropbear login