Android 搭建ssh服務

搭建步驟：

---

1. 下載dropbear源碼

• 下載源碼有幾個選擇：
  • 到dropbear官網下載源碼。不過這里的源碼是沒有Android.mk文件的需要自行編寫
  • 到AOSP(android open source project)官網下載對應的dropbear代碼：

    git clone https://android.googlesource.com/platform/external/dropbear
    

  • 到這個地址下載，地址：https://pan.baidu.com/s/1kV9gmEj ，密碼：4mk6
• 需要注意的是，由於Android沒有/etc/passwd這樣的目錄結構，所以需要修改dropbear的源代碼。

  //修改dropbear根目錄下的svr-authpasswd.c
  ....
  /* check for empty password - need to do this again here
   * since the shadow password may differ to that tested
   * in auth.c */
  //del by hq
  /* if (passwdcrypt[0] == '\0') {
   *	dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
   *			ses.authstate.pw_name);
   *	send_msg_userauth_failure(0, 1);
   *	return;
  }*/
  
  /* check if client wants to change password */
  changepw = buf_getbool(ses.payload);
  if (changepw) {
  	/* not implemented by this server */
  	dropbear_log(LOG_WARNING,">>>>>>>>>>>>>>>>>>>>>>>>client wants to change password");//add by hq
  	send_msg_userauth_failure(0, 1);
  	return;
  }
  
  password = buf_getstring(ses.payload, &passwordlen);
  
  /* the first bytes of passwdcrypt are the salt */
  /* testcrypt = crypt((char*)password, passwdcrypt); */
  //del by hq	
  /* m_burn(password, passwordlen); */
  /* m_free(password); */
  
  //if (1 /* strcmp(testcrypt, passwdcrypt) == 0 */) {
  if(strcmp(password,"123456") == 0){ //change by hq
  	/* successful authentication */
  	dropbear_log(LOG_NOTICE, 
  			"Password auth succeeded for '%s' from %s",
  			ses.authstate.pw_name,
  			svr_ses.addrstring);
  	send_msg_userauth_success();
  } else {
  	dropbear_log(LOG_WARNING,
  			"Bad password attempt for '%s' from %s",
  			ses.authstate.pw_name,
  			svr_ses.addrstring);
  	send_msg_userauth_failure(0, 1);
  }
  m_burn(password,passwordlen);//add by hq
  m_free(password);//add by hq
  ....
  

2. 將下載好的dropbear源代碼解壓放到Android源碼的external文件夾下。

3. 編譯dropbear

• 在Android源代碼根目錄下執行：

  . build/envsetup.sh //點后面有空格
  

  再輸入：

  choosecombo
  

  然后跟着提示走：

  Build type choices are:
    1. release
    2. debug
  Which would you like? [1] 1
  Which product would you like? [generic] rk322x_box(輸入自己的產品名)
  Variant choices are:
    1. user
    2. userdebug
    3. eng
  Which would you like? [eng] 1
  

  最后輸入：

  mmm external/dropbear
  

  在經過一段時間后，編譯好的文件就會在out/target/product/rk322x_box(自己的產品名)/system/xbin中找到：

  dropbear
  dropbearkey    
  ssh
  scp
  (從第三種方法下載到的源碼才會有這個)
  sftp-server
  

• 這里需要解釋一下輸入的命令：
  • . build/envsetup.sh
    作用是初始化編譯環境，並引入一些輔助的 Shell 函數，如launch、mm、mmm等
  • choosecombo
    用於設置編譯參數，如選擇編譯類型(debug、release)，編譯產品類型等
  • mmm
    構建指定目錄下的源碼

4. 加入到Android系統中

• 重新掛載system目錄

  adb root
  adb remount
  

  或者

  adb shell
  xxx: $ su
  xxx: # mount -o remount,rw /system
  

• 創建相關文件夾

  xxx:/# mount -o remount,rw /system
  xxx:/# mkdir /system/etc/dropbear
  xxx:/# mkdir /system/etc/dropbear/.ssh
  xxx:/# chmod 755 /system/etc/dropbear
  xxx:/# chmod 755 /system/etc/dropbear/.ssh
  

• 將dropbear的代碼文件加入到系統中

  adb push dropbear /system/xbin
  adb push dropbearkey /system/xbin
  adb push ssh /system/xbin
  adb push scp /system/xbin
  adb push sftp-server /system/xbin
  

• 賦予權限

  xxx:/# chmod 755 /system/xbin/dropbear*
  

5. 運行dropbear

• 創建dss key和rsa key

  dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key
  dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
  

• 啟動dropbear
  • 以密碼登錄

  dropbear -E -F -v
  

  • 以密鑰登錄

  dropbear -E -F -v -s //-s 指定禁止密碼登錄
  

• dropbear 命令參考：

  dropbear -h                                                  
  Dropbear sshd v0.53.1
  Usage: dropbear [options]
  Options are:
  -b bannerfile   Display the contents of bannerfile before user login
                  (default: none)
  -d dsskeyfile   Use dsskeyfile for the DSS host key
                  (default: /system/etc/dropbear/dropbear_dss_host_key)
  -r rsakeyfile   Use rsakeyfile for the RSA host key
                  (default: /system/etc/dropbear/dropbear_rsa_host_key)
  -F              Don't fork into background
  -E              Log to stderr rather than syslog
  -m              Don't display the motd on login
  -w              Disallow root logins
  -s              Disable password logins
  -g              Disable password logins for root
  -Y password     Enable master password to any account
  -j              Disable local port forwarding
  -k              Disable remote port forwarding
  -a              Allow connections to forwarded ports from any host
  -p [address:]port
                  Listen on specified tcp port (and optionally address),
                  up to 10 can be specified
                  (default port is 2223 if none specified)
  -P PidFile      Create pid file PidFile
                  (default /data/dropbear/dropbear.pid)
  -i              Start for inetd
  -W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
  -K <keepalive>  (0 is never, default 0)
  -I <idle_timeout>  (0 is never, default 0)
  -v              verbose (compiled with DEBUG_TRACE)
  

參考網址

• https://blog.csdn.net/ieryca/article/details/71171561
• https://blog.csdn.net/kai_zone/article/details/78363862
• https://blog.csdn.net/myvest/article/details/53407864
• https://www.ibm.com/developerworks/cn/opensource/os-cn-android-build/index.html