Running dropbear on Android

Telnet is lame so we will have a look at setting up dropbear as sshd on Android. This how-to will show you how to install configure and run dropbear as sshd and how to connect with a ssh client.

• This obviously requires you to have full rights (root) on your Android.
• busybox is required as well

A dropbear built from the original sources won't run properly on Android; the reason is that Android has no proper user support (/etc/passwd). There are two solutions for getting the proper changes to the sources:

• check out the changed sources from e.g. http://github.com/cyanogen/android_external_dropbear/
• get the original sources and apply the patch yourself. The patch can be found here: http://wiki.androidx86.org/index.php?title=Installing_Dropbear

Once the sources are fixed you now need to crosscompile them. This requires a cross compiler to be setup (this process is not covered here).

The cross compilation and build goes like this:

   ./configure --host=arm-none-linux-gnueabi --disable-zlib
   make CC=arm-none-linux-gnueabi-gcc

Once built the output is following 3 binaries:

• dropbear: the sshd
• dropbearkey: the keygen
• dropbearconvert: a key converter between dropbear and openssh key format

The installation is quite simple: copy the binaries to your favorite dir to android, e.g. /sdcard

First we need a server key. Keys are generated using dropbearkey. To generate a RSA server key:

  dropbearkey -t rsa -f dropbear_rsa_host_key

Now create a dir /data/dropbear and copy dropbear_rsa_host_key there.

Test dropbear:

/sdcard/dropbear -r dropbear_rsa_host_key -F -E -v -s

This should show you the debuglog of dropbear starting in non-daemon mode (-F).

Now we need to generate a key/pair for the client to connect with (theoretically the client can connect using password but as stated above there is no read user/password support in Android and we don't want to use any hardcoded passwords (that's the reason why we run dropbear with the option -s (no-password).

To generate a key-pair we do:

  dropbearkey -t rsa -f /sdcard/id_rsa
  dropbearkey -f /sdcard/id_rsa -y > /sdcard/id_rsa.pub

This first command generates a private key, the second step extracts the public-key.

Now we jst need to create /data/dropbear/.ssh and cat the public-key to authorized_keys:

  mkdir /data/dropbear/.ssh
  cat /sdcard/id_rsa.pub > /data/dropbear/.ssh/authorized_keys

now check the perms of /data/dropbear/.ssh and /data/dropbear/.ssh/authorized_keys and make sure they are only readable/writable by root.

Now it's time to take care of the client. As dropbear and openssh use different key formats we first need to convert id_rsa (private key) to openssh-format:

  /sdcard/dropbearconvert dropbear openssh /sdcard/id_rsa /sdcard/id_rsa_openssh

Now move /sdcard/id_rsa and /sdcard/id_rsa_openssh to your desktop (e.g. to your home). We move them instead of copying them as leaving a private key on the phone may compromise it.

Finally connect to the phone:

  ssh -i id_rsa_openssh <phone-ip>

If the connection fails check the Troubleshooting section.

That's it!

As stated before both the client and the server are quite sensitive to the sensitive files having the right perms. You can use -vv for both the client and the server to see debug info and fix whatever is wrong.

Common errors are:

• .ssh, authorized_keys or your private key have wrong perms
• the sshd does not find the public sig. of the key you use to connect with in authorized_keys
• there is a mismatch in the key formats between the client (openssh) and the server (dropbear)
• a missing /etc/shells file with the path to your shell (e.g. /system/bin/sh) will prevent dropbear from opening a session

Download binaries