Android 搭建ssh服务

## 搭建步骤:

1. 下载dropbear源码

  • 下载源码有几个选择:
    • dropbear官网下载源码。不过这里的源码是没有Android.mk文件的需要自行编写
    • 到AOSP(android open source project)官网下载对应的dropbear代码:
      git git clone https://android.googlesource.com/platform/external/dropbear
    • 到这个地址下载,地址:https://pan.baidu.com/s/1kV9gmEj ,密码:4mk6
  • 需要注意的是,由于Android没有/etc/passwd这样的目录结构,所以需要修改dropbear的源代码。
    ```c
    //修改dropbear根目录下的svr-authpasswd.c
    ....
    /* check for empty password - need to do this again here
    • since the shadow password may differ to that tested
    • in auth.c /
      //del by hq
      /
      if (passwdcrypt[0] == '\0') {
    • dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
    •      ses.authstate.pw_name);
    • send_msg_userauth_failure(0, 1);
    • return;
      }*/

    /* check if client wants to change password /
    changepw = buf_getbool(ses.payload);
    if (changepw) {
    /
    not implemented by this server */
    dropbear_log(LOG_WARNING,">>>>>>>>>>>>>>>>>>>>>>>>client wants to change password");//add by hq
    send_msg_userauth_failure(0, 1);
    return;
    }

    password = buf_getstring(ses.payload, &passwordlen);

    /* the first bytes of passwdcrypt are the salt /
    /
    testcrypt = crypt((char)password, passwdcrypt); /
    //del by hq
    /* m_burn(password, passwordlen); /
    /
    m_free(password); */

    //if (1 /* strcmp(testcrypt, passwdcrypt) == 0 /) {
    if(strcmp(password,"123456") == 0){ //change by hq
    /
    successful authentication */
    dropbear_log(LOG_NOTICE,
    "Password auth succeeded for '%s' from %s",
    ses.authstate.pw_name,
    svr_ses.addrstring);
    send_msg_userauth_success();
    } else {
    dropbear_log(LOG_WARNING,
    "Bad password attempt for '%s' from %s",
    ses.authstate.pw_name,
    svr_ses.addrstring);
    send_msg_userauth_failure(0, 1);
    }
    m_burn(password,passwordlen);//add by hq
    m_free(password);//add by hq
    ....
    ```

    2. 将下载好的dropbear源代码解压放到Android源码的external文件夹下。

    3. 编译dropbear

  • 在Android源代码根目录下执行:
    sh . build/envsetup.sh //点后面有空格
    再输入:
    sh choosecombo
    然后跟着提示走:
    sh Build type choices are: 1. release 2. debug Which would you like? [1] 1 Which product would you like? [generic] rk322x_box(输入自己的产品名) Variant choices are: 1. user 2. userdebug 3. eng Which would you like? [eng] 1
    最后输入:
    mmm external/dropbear
    在经过一段时间后,编译好的文件就会在out/target/product/rk322x_box(自己的产品名)/system/xbin中找到:
    dropbear dropbearkey ssh scp (从第三种方法下载到的源码才会有这个) sftp-server
  • 这里需要解释一下输入的命令:
    • . build/envsetup.sh
      作用是初始化编译环境,并引入一些辅助的 Shell 函数,如launch、mm、mmm等
    • choosecombo
      用于设置编译参数,如选择编译类型(debug、release),编译产品类型等
    • mmm
      构建指定目录下的源码

      4. 加入到Android系统中

  • 重新挂载system目录
    adb root adb remount
    或者
    adb shell xxx: $ su xxx: # mount -o remount,rw /system
  • 创建相关文件夹
    xxx:/# mount -o remount,rw /system xxx:/# mkdir /system/etc/dropbear xxx:/# mkdir /system/etc/dropbear/.ssh xxx:/# chmod 755 /system/etc/dropbear xxx:/# chmod 755 /system/etc/dropbear/.ssh
  • 将dropbear的代码文件加入到系统中
    adb push dropbear /system/xbin adb push dropbearkey /system/xbin adb push ssh /system/xbin adb push scp /system/xbin adb push sftp-server /system/xbin
  • 赋予权限
    xxx:/# chmod 755 /system/xbin/dropbear*

5. 运行dropbear

  • 创建dss key和rsa key
    dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
  • 启动dropbear
    • 以密码登录
    dropbear -E -F -v
    • 以密钥登录
    dropbear -E -F -v -s //-s 指定禁止密码登录
  • dropbear 命令参考:
    .sh dropbear -h Dropbear sshd v0.53.1 Usage: dropbear [options] Options are: -b bannerfile Display the contents of bannerfile before user login (default: none) -d dsskeyfile Use dsskeyfile for the DSS host key (default: /system/etc/dropbear/dropbear_dss_host_key) -r rsakeyfile Use rsakeyfile for the RSA host key (default: /system/etc/dropbear/dropbear_rsa_host_key) -F Don't fork into background -E Log to stderr rather than syslog -m Don't display the motd on login -w Disallow root logins -s Disable password logins -g Disable password logins for root -Y password Enable master password to any account -j Disable local port forwarding -k Disable remote port forwarding -a Allow connections to forwarded ports from any host -p [address:]port Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 2223 if none specified) -P PidFile Create pid file PidFile (default /data/dropbear/dropbear.pid) -i Start for inetd -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) -K <keepalive> (0 is never, default 0) -I <idle_timeout> (0 is never, default 0) -v verbose (compiled with DEBUG_TRACE)

参考网址

posted @ 2018-05-11 14:24 戎码之路 阅读(...) 评论(...) 编辑 收藏