Android 搭建ssh服务

## 搭建步骤：

1. 下载dropbear源码

• 下载源码有几个选择：
  • 到dropbear官网下载源码。不过这里的源码是没有Android.mk文件的需要自行编写
  • 到AOSP(android open source project)官网下载对应的dropbear代码：
    git git clone https://android.googlesource.com/platform/external/dropbear
  • 到这个地址下载，地址：https://pan.baidu.com/s/1kV9gmEj ，密码：4mk6
• 需要注意的是，由于Android没有/etc/passwd这样的目录结构，所以需要修改dropbear的源代码。
  ```c
  //修改dropbear根目录下的svr-authpasswd.c
  ....
  /* check for empty password - need to do this again here
  • since the shadow password may differ to that tested
  • in auth.c /
    //del by hq
    / if (passwdcrypt[0] == '\0') {
  • dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",

  •      ses.authstate.pw_name);

  • send_msg_userauth_failure(0, 1);
  • return;
    }*/

  /* check if client wants to change password /
  changepw = buf_getbool(ses.payload);
  if (changepw) {
  / not implemented by this server */
  dropbear_log(LOG_WARNING,">>>>>>>>>>>>>>>>>>>>>>>>client wants to change password");//add by hq
  send_msg_userauth_failure(0, 1);
  return;
  }

  password = buf_getstring(ses.payload, &passwordlen);

  /* the first bytes of passwdcrypt are the salt /
  / testcrypt = crypt((char)password, passwdcrypt); /
  //del by hq
  /* m_burn(password, passwordlen); /
  / m_free(password); */

  //if (1 /* strcmp(testcrypt, passwdcrypt) == 0 /) {
  if(strcmp(password,"123456") == 0){ //change by hq
  / successful authentication */
  dropbear_log(LOG_NOTICE,
  "Password auth succeeded for '%s' from %s",
  ses.authstate.pw_name,
  svr_ses.addrstring);
  send_msg_userauth_success();
  } else {
  dropbear_log(LOG_WARNING,
  "Bad password attempt for '%s' from %s",
  ses.authstate.pw_name,
  svr_ses.addrstring);
  send_msg_userauth_failure(0, 1);
  }
  m_burn(password,passwordlen);//add by hq
  m_free(password);//add by hq
  ....
  ```

  2. 将下载好的dropbear源代码解压放到Android源码的external文件夹下。

  3. 编译dropbear

• 在Android源代码根目录下执行：
  sh . build/envsetup.sh //点后面有空格
  再输入：
  sh choosecombo
  然后跟着提示走：
  sh Build type choices are: 1. release 2. debug Which would you like? [1] 1 Which product would you like? [generic] rk322x_box(输入自己的产品名) Variant choices are: 1. user 2. userdebug 3. eng Which would you like? [eng] 1
  最后输入：
  mmm external/dropbear
  在经过一段时间后，编译好的文件就会在out/target/product/rk322x_box(自己的产品名)/system/xbin中找到：
  dropbear dropbearkey ssh scp (从第三种方法下载到的源码才会有这个) sftp-server
• 这里需要解释一下输入的命令：
  • . build/envsetup.sh
    作用是初始化编译环境，并引入一些辅助的 Shell 函数，如launch、mm、mmm等
  • choosecombo
    用于设置编译参数，如选择编译类型(debug、release)，编译产品类型等

  • mmm
    构建指定目录下的源码

    4. 加入到Android系统中

• 重新挂载system目录
  adb root adb remount
  或者
  adb shell xxx: $ su xxx: # mount -o remount,rw /system
• 创建相关文件夹
  xxx:/# mount -o remount,rw /system xxx:/# mkdir /system/etc/dropbear xxx:/# mkdir /system/etc/dropbear/.ssh xxx:/# chmod 755 /system/etc/dropbear xxx:/# chmod 755 /system/etc/dropbear/.ssh
• 将dropbear的代码文件加入到系统中
  adb push dropbear /system/xbin adb push dropbearkey /system/xbin adb push ssh /system/xbin adb push scp /system/xbin adb push sftp-server /system/xbin

• 赋予权限
  xxx:/# chmod 755 /system/xbin/dropbear*

5. 运行dropbear

• 创建dss key和rsa key
  dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
• 启动dropbear
  • 以密码登录

  dropbear -E -F -v

  • 以密钥登录

  dropbear -E -F -v -s //-s 指定禁止密码登录

• dropbear 命令参考：
  .sh dropbear -h Dropbear sshd v0.53.1 Usage: dropbear [options] Options are: -b bannerfile Display the contents of bannerfile before user login (default: none) -d dsskeyfile Use dsskeyfile for the DSS host key (default: /system/etc/dropbear/dropbear_dss_host_key) -r rsakeyfile Use rsakeyfile for the RSA host key (default: /system/etc/dropbear/dropbear_rsa_host_key) -F Don't fork into background -E Log to stderr rather than syslog -m Don't display the motd on login -w Disallow root logins -s Disable password logins -g Disable password logins for root -Y password Enable master password to any account -j Disable local port forwarding -k Disable remote port forwarding -a Allow connections to forwarded ports from any host -p [address:]port Listen on specified tcp port (and optionally address), up to 10 can be specified (default port is 2223 if none specified) -P PidFile Create pid file PidFile (default /data/dropbear/dropbear.pid) -i Start for inetd -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB) -K <keepalive> (0 is never, default 0) -I <idle_timeout> (0 is never, default 0) -v verbose (compiled with DEBUG_TRACE)

参考网址

• https://blog.csdn.net/ieryca/article/details/71171561
• https://blog.csdn.net/kai_zone/article/details/78363862
• https://blog.csdn.net/myvest/article/details/53407864
• https://www.ibm.com/developerworks/cn/opensource/os-cn-android-build/index.html

转载于:https://www.cnblogs.com/libertycode/p/9024398.html