## 搭建步骤:
1. 下载dropbear源码
- 下载源码有几个选择:
- 到dropbear官网下载源码。不过这里的源码是没有Android.mk文件的需要自行编写
- 到AOSP(android open source project)官网下载对应的dropbear代码:
git git clone https://android.googlesource.com/platform/external/dropbear
- 到这个地址下载,地址:https://pan.baidu.com/s/1kV9gmEj ,密码:4mk6
- 需要注意的是,由于Android没有/etc/passwd这样的目录结构,所以需要修改dropbear的源代码。
```c
//修改dropbear根目录下的svr-authpasswd.c
....
/* check for empty password - need to do this again here- since the shadow password may differ to that tested
- in auth.c /
//del by hq
/ if (passwdcrypt[0] == '\0') { - dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
ses.authstate.pw_name);
- send_msg_userauth_failure(0, 1);
- return;
}*/
/* check if client wants to change password /
changepw = buf_getbool(ses.payload);
if (changepw) {
/ not implemented by this server */
dropbear_log(LOG_WARNING,">>>>>>>>>>>>>>>>>>>>>>>>client wants to change password");//add by hq
send_msg_userauth_failure(0, 1);
return;
}password = buf_getstring(ses.payload, &passwordlen);
/* the first bytes of passwdcrypt are the salt /
/ testcrypt = crypt((char)password, passwdcrypt); /
//del by hq
/* m_burn(password, passwordlen); /
/ m_free(password); *///if (1 /* strcmp(testcrypt, passwdcrypt) == 0 /) {
if(strcmp(password,"123456") == 0){ //change by hq
/ successful authentication */
dropbear_log(LOG_NOTICE,
"Password auth succeeded for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_success();
} else {
dropbear_log(LOG_WARNING,
"Bad password attempt for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_failure(0, 1);
}
m_burn(password,passwordlen);//add by hq
m_free(password);//add by hq
....
```2. 将下载好的dropbear源代码解压放到Android源码的external文件夹下。
3. 编译dropbear
- 在Android源代码根目录下执行:
sh . build/envsetup.sh //点后面有空格
再输入:sh choosecombo
然后跟着提示走:sh Build type choices are: 1. release 2. debug Which would you like? [1] 1 Which product would you like? [generic] rk322x_box(输入自己的产品名) Variant choices are: 1. user 2. userdebug 3. eng Which would you like? [eng] 1
最后输入:mmm external/dropbear
在经过一段时间后,编译好的文件就会在out/target/product/rk322x_box(自己的产品名)/system/xbin中找到:dropbear dropbearkey ssh scp (从第三种方法下载到的源码才会有这个) sftp-server
- 这里需要解释一下输入的命令:
- . build/envsetup.sh
作用是初始化编译环境,并引入一些辅助的 Shell 函数,如launch、mm、mmm等 - choosecombo
用于设置编译参数,如选择编译类型(debug、release),编译产品类型等 mmm
构建指定目录下的源码4. 加入到Android系统中
- . build/envsetup.sh
- 重新挂载system目录
adb root adb remount
或者adb shell xxx: $ su xxx: # mount -o remount,rw /system
- 创建相关文件夹
xxx:/# mount -o remount,rw /system xxx:/# mkdir /system/etc/dropbear xxx:/# mkdir /system/etc/dropbear/.ssh xxx:/# chmod 755 /system/etc/dropbear xxx:/# chmod 755 /system/etc/dropbear/.ssh
- 将dropbear的代码文件加入到系统中
adb push dropbear /system/xbin adb push dropbearkey /system/xbin adb push ssh /system/xbin adb push scp /system/xbin adb push sftp-server /system/xbin
赋予权限
xxx:/# chmod 755 /system/xbin/dropbear*
5. 运行dropbear
- 创建dss key和rsa key
dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
- 启动dropbear
- 以密码登录
dropbear -E -F -v
- 以密钥登录
dropbear -E -F -v -s //-s 指定禁止密码登录
- dropbear 命令参考:
.sh dropbear -h Dropbear sshd v0.53.1 Usage: dropbear [options] Options are: -b bannerfile Display the contents of bannerfile before user login (default: none) -d dsskeyfile Use dsskeyfile for the DSS host key (default: /system/etc/dropbear/dropbear_dss_host_key) -r rsakeyfile Use rsakeyfile for the RSA host key (default: /system/etc/dropbear/dropbear_rsa_host_key) -F Don't fork into background -E Log to stderr rather than syslog -m Don't display the motd on login -w Disallow root logins -s Disable password logins -g Disable password logins for root -Y password Enable master password to any account -j Disable local port forwarding -k Disable remote port forwarding -a Allow connections to forwarded ports from any host -p [address:]port Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 2223 if none specified) -P PidFile Create pid file PidFile (default /data/dropbear/dropbear.pid) -i Start for inetd -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) -K <keepalive> (0 is never, default 0) -I <idle_timeout> (0 is never, default 0) -v verbose (compiled with DEBUG_TRACE)