Android 搭建ssh服務

時間 2019-12-09

標籤 android 搭建 ssh 服務欄目 Android 简体版

原文原文鏈接

## 搭建步驟：

1. 下載dropbear源碼

下載源碼有幾個選擇：
- 到dropbear官網下載源碼。不過這裏的源碼是沒有Android.mk文件的須要自行編寫
- 到AOSP(android open source project)官網下載對應的dropbear代碼：
  git git clone https://android.googlesource.com/platform/external/dropbear
- 到這個地址下載，地址：https://pan.baidu.com/s/1kV9gmEj ，密碼：4mk6
須要注意的是，因爲Android沒有/etc/passwd這樣的目錄結構，因此須要修改dropbear的源代碼。
```c
//修改dropbear根目錄下的svr-authpasswd.c
....
/* check for empty password - need to do this again here
- since the shadow password may differ to that tested
- in auth.c /
  //del by hq
  / if (passwdcrypt[0] == '\0') {
- dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
- ```
ses.authstate.pw_name);
```
- send_msg_userauth_failure(0, 1);
- return;
  }*/
/* check if client wants to change password /
changepw = buf_getbool(ses.payload);
if (changepw) {
/ not implemented by this server */
dropbear_log(LOG_WARNING,">>>>>>>>>>>>>>>>>>>>>>>>client wants to change password");//add by hq
send_msg_userauth_failure(0, 1);
return;
}html

password = buf_getstring(ses.payload, &passwordlen);android

/* the first bytes of passwdcrypt are the salt /
/ testcrypt = crypt((char)password, passwdcrypt); /
//del by hq
/* m_burn(password, passwordlen); /
/ m_free(password); */git

//if (1 /* strcmp(testcrypt, passwdcrypt) == 0 /) {
if(strcmp(password,"123456") == 0){ //change by hq
/ successful authentication */
dropbear_log(LOG_NOTICE,
"Password auth succeeded for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_success();
} else {
dropbear_log(LOG_WARNING,
"Bad password attempt for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_failure(0, 1);
}
m_burn(password,passwordlen);//add by hq
m_free(password);//add by hq
....
```shell

2. 將下載好的dropbear源代碼解壓放到Android源碼的external文件夾下。

3. 編譯dropbear
在Android源代碼根目錄下執行：
sh . build/envsetup.sh //點後面有空格
再輸入：
sh choosecombo
而後跟着提示走：
sh Build type choices are: 1. release 2. debug Which would you like? [1] 1 Which product would you like? [generic] rk322x_box(輸入本身的產品名) Variant choices are: 1. user 2. userdebug 3. eng Which would you like? [eng] 1
最後輸入：
mmm external/dropbear
在通過一段時間後，編譯好的文件就會在out/target/product/rk322x_box(本身的產品名)/system/xbin中找到：
dropbear dropbearkey ssh scp (從第三種方法下載到的源碼纔會有這個) sftp-server
這裏須要解釋一下輸入的命令：
- . build/envsetup.sh
  做用是初始化編譯環境，並引入一些輔助的 Shell 函數，如launch、mm、mmm等
- choosecombo
  用於設置編譯參數，如選擇編譯類型(debug、release)，編譯產品類型等
- mmm
  構建指定目錄下的源碼ssh
  
  4. 加入到Android系統中
從新掛載system目錄
adb root adb remount
或者
adb shell xxx: $ su xxx: # mount -o remount,rw /system
建立相關文件夾
xxx:/# mount -o remount,rw /system xxx:/# mkdir /system/etc/dropbear xxx:/# mkdir /system/etc/dropbear/.ssh xxx:/# chmod 755 /system/etc/dropbear xxx:/# chmod 755 /system/etc/dropbear/.ssh
將dropbear的代碼文件加入到系統中
adb push dropbear /system/xbin adb push dropbearkey /system/xbin adb push ssh /system/xbin adb push scp /system/xbin adb push sftp-server /system/xbin
賦予權限
xxx:/# chmod 755 /system/xbin/dropbear*tcp

5. 運行dropbear

建立dss key和rsa key
dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key

啓動dropbear

以密碼登陸

dropbear -E -F -v

以密鑰登陸

dropbear -E -F -v -s //-s 指定禁止密碼登陸

dropbear 命令參考：
.sh dropbear -h Dropbear sshd v0.53.1 Usage: dropbear [options] Options are: -b bannerfile Display the contents of bannerfile before user login (default: none) -d dsskeyfile Use dsskeyfile for the DSS host key (default: /system/etc/dropbear/dropbear_dss_host_key) -r rsakeyfile Use rsakeyfile for the RSA host key (default: /system/etc/dropbear/dropbear_rsa_host_key) -F Don't fork into background -E Log to stderr rather than syslog -m Don't display the motd on login -w Disallow root logins -s Disable password logins -g Disable password logins for root -Y password Enable master password to any account -j Disable local port forwarding -k Disable remote port forwarding -a Allow connections to forwarded ports from any host -p [address:]port Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 2223 if none specified) -P PidFile Create pid file PidFile (default /data/dropbear/dropbear.pid) -i Start for inetd -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) -K <keepalive> (0 is never, default 0) -I <idle_timeout> (0 is never, default 0) -v verbose (compiled with DEBUG_TRACE)