Android 搭建ssh服务

搭建步骤：

---

1. 下载dropbear源码

• 下载源码有几个选择：
  • 到dropbear官网下载源码。不过这里的源码是没有Android.mk文件的需要自行编写
  • 到AOSP(android open source project)官网下载对应的dropbear代码：

    git clone https://android.googlesource.com/platform/external/dropbear
    

  • 到这个地址下载，地址：https://pan.baidu.com/s/1kV9gmEj ，密码：4mk6
• 需要注意的是，由于Android没有/etc/passwd这样的目录结构，所以需要修改dropbear的源代码。

  //修改dropbear根目录下的svr-authpasswd.c
  ....
  /* check for empty password - need to do this again here
   * since the shadow password may differ to that tested
   * in auth.c */
  //del by hq
  /* if (passwdcrypt[0] == '\0') {
   *	dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
   *			ses.authstate.pw_name);
   *	send_msg_userauth_failure(0, 1);
   *	return;
  }*/
  
  /* check if client wants to change password */
  changepw = buf_getbool(ses.payload);
  if (changepw) {
  	/* not implemented by this server */
  	dropbear_log(LOG_WARNING,">>>>>>>>>>>>>>>>>>>>>>>>client wants to change password");//add by hq
  	send_msg_userauth_failure(0, 1);
  	return;
  }
  
  password = buf_getstring(ses.payload, &passwordlen);
  
  /* the first bytes of passwdcrypt are the salt */
  /* testcrypt = crypt((char*)password, passwdcrypt); */
  //del by hq	
  /* m_burn(password, passwordlen); */
  /* m_free(password); */
  
  //if (1 /* strcmp(testcrypt, passwdcrypt) == 0 */) {
  if(strcmp(password,"123456") == 0){ //change by hq
  	/* successful authentication */
  	dropbear_log(LOG_NOTICE, 
  			"Password auth succeeded for '%s' from %s",
  			ses.authstate.pw_name,
  			svr_ses.addrstring);
  	send_msg_userauth_success();
  } else {
  	dropbear_log(LOG_WARNING,
  			"Bad password attempt for '%s' from %s",
  			ses.authstate.pw_name,
  			svr_ses.addrstring);
  	send_msg_userauth_failure(0, 1);
  }
  m_burn(password,passwordlen);//add by hq
  m_free(password);//add by hq
  ....
  

2. 将下载好的dropbear源代码解压放到Android源码的external文件夹下。

3. 编译dropbear

• 在Android源代码根目录下执行：

  . build/envsetup.sh //点后面有空格
  

  再输入：

  choosecombo
  

  然后跟着提示走：

  Build type choices are:
    1. release
    2. debug
  Which would you like? [1] 1
  Which product would you like? [generic] rk322x_box(输入自己的产品名)
  Variant choices are:
    1. user
    2. userdebug
    3. eng
  Which would you like? [eng] 1
  

  最后输入：

  mmm external/dropbear
  

  在经过一段时间后，编译好的文件就会在out/target/product/rk322x_box(自己的产品名)/system/xbin中找到：

  dropbear
  dropbearkey    
  ssh
  scp
  (从第三种方法下载到的源码才会有这个)
  sftp-server
  

• 这里需要解释一下输入的命令：
  • . build/envsetup.sh
    作用是初始化编译环境，并引入一些辅助的 Shell 函数，如launch、mm、mmm等
  • choosecombo
    用于设置编译参数，如选择编译类型(debug、release)，编译产品类型等
  • mmm
    构建指定目录下的源码

4. 加入到Android系统中

• 重新挂载system目录

  adb root
  adb remount
  

  或者

  adb shell
  xxx: $ su
  xxx: # mount -o remount,rw /system
  

• 创建相关文件夹

  xxx:/# mount -o remount,rw /system
  xxx:/# mkdir /system/etc/dropbear
  xxx:/# mkdir /system/etc/dropbear/.ssh
  xxx:/# chmod 755 /system/etc/dropbear
  xxx:/# chmod 755 /system/etc/dropbear/.ssh
  

• 将dropbear的代码文件加入到系统中

  adb push dropbear /system/xbin
  adb push dropbearkey /system/xbin
  adb push ssh /system/xbin
  adb push scp /system/xbin
  adb push sftp-server /system/xbin
  

• 赋予权限

  xxx:/# chmod 755 /system/xbin/dropbear*
  

5. 运行dropbear

• 创建dss key和rsa key

  dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key
  dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
  

• 启动dropbear
  • 以密码登录

  dropbear -E -F -v
  

  • 以密钥登录

  dropbear -E -F -v -s //-s 指定禁止密码登录
  

• dropbear 命令参考：

  dropbear -h                                                  
  Dropbear sshd v0.53.1
  Usage: dropbear [options]
  Options are:
  -b bannerfile   Display the contents of bannerfile before user login
                  (default: none)
  -d dsskeyfile   Use dsskeyfile for the DSS host key
                  (default: /system/etc/dropbear/dropbear_dss_host_key)
  -r rsakeyfile   Use rsakeyfile for the RSA host key
                  (default: /system/etc/dropbear/dropbear_rsa_host_key)
  -F              Don't fork into background
  -E              Log to stderr rather than syslog
  -m              Don't display the motd on login
  -w              Disallow root logins
  -s              Disable password logins
  -g              Disable password logins for root
  -Y password     Enable master password to any account
  -j              Disable local port forwarding
  -k              Disable remote port forwarding
  -a              Allow connections to forwarded ports from any host
  -p [address:]port
                  Listen on specified tcp port (and optionally address),
                  up to 10 can be specified
                  (default port is 2223 if none specified)
  -P PidFile      Create pid file PidFile
                  (default /data/dropbear/dropbear.pid)
  -i              Start for inetd
  -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
  -K <keepalive>  (0 is never, default 0)
  -I <idle_timeout>  (0 is never, default 0)
  -v              verbose (compiled with DEBUG_TRACE)
  

参考网址

• https://blog.csdn.net/ieryca/article/details/71171561
• https://blog.csdn.net/kai_zone/article/details/78363862
• https://blog.csdn.net/myvest/article/details/53407864
• https://www.ibm.com/developerworks/cn/opensource/os-cn-android-build/index.html