SimpleSSHD

SimpleSSHD is an SSH2 server based on dropbear that supports scp, sftp, and rsync. It only supports public-key based authentication (no password/interactive auth except for bootstrapping). It does not use root, which means it must listen on a port over 1024 (defaults to port 2222).

Quick start

If SimpleSSHD does not find an authorized_keys file when a client connects, then it generates a single-use password at that time and displays it in the console log. So the procedure to login the first time is to initiate the ssh connection, then look at the phone and type in the password that is on the screen in the SimpleSSHD app. It is recommended to use that shell session to install the authorized_keys file.

Once authorized_keys exists, only public key authentication is supported. If you screw up your authorized_keys file, use the options menu (upper right) -> Reset Keys.

The default home directory is now the app-private directory, which will generally be something like /data/data/org.galexander.sshd/files, but may vary depending on your device. Use options menu -> Copy App-private Path to view the path or copy it onto the clipboard. A nice feature of the app-private directory is it generally supports the full range of Unix of file permissions, including execute! A disadvantage is that these files all disappear if you uninstall SimpleSSHD.

Once you get setup, you may want BusyBox. Check out SimpleBusyBox.

Settings

Generally speaking, you must re-start the SimpleSSHD service for any of these settings to take effect.

Start on Boot
Automatically start the SimpleSSHD service when the phone powers on.
Start on Open
Run the SimpleSSHD service whenever the app is launched. The "STOP" button will be replaced with a "QUIT" button that stops the service and exits the app. This is useful if you want to only run the service when you really need it -- start the app to start listening for connections, and then click "QUIT" when you are done.
Foreground Service
Run the SimpleSSHD service as an Android "foreground service." This means a notification will be displayed for the service (you might be able to block the notification by long tapping the notification). On newer versions of Android (since Marshmallow), this may also make SimpleSSHD more responsive if the phone has been in Doze mode. It does not seem to increase battery consumption much.
Port Number
This is the port number that SimpleSSHD will listen on. It must be greater than 1024 (because SimpleSSHD does not have root).
Buffer hack for rsync+SuperSU
A bug in SuperSU interacts with an infelicity in rsync to cause an occasional deadlock. This is a real pain because I use SuperSU+rsync for system-wide backups, which will always eventually trigger the deadlock. To work around this, there is a "Buffer hack" option that should be enabled if you use rsync with SuperSU. It adds a miniscule overhead to rsync, but isn't harmful even if you aren't using SuperSU.
Extra Commandline
You can specify additional commandline options for dropbear server. The options which are hardcoded are:
-R -F -p :portno
You can use \ or " to escape characters in this commandline.
Environment Variables
You can specify environment variables to define before executing the shell. There is one variable per line, with a "name=value" format. A common use would be "ENV=/sdcard/ssh/.profile", if your device has a build of mksh that does not execute a .profile automatically.
SSH Path
Path for general dropbear files, which now defaults to the app-private directory (usually something like /data/data/org.galexander.sshd/files). Most importantly, this is where authorized_keys is found. It is also where host keys wind up (they are created on demand), and where temporary files go. This path should probably be under /sdcard.
Home Directory
The login shell's home directory, which also defaults to the app-private directory. This is where your ssh session starts out, and is where .profile will be found if it is present.
Login Shell
Path to the command shell. The default Android shell is /system/bin/sh, but you may prefer to use the one that comes with busybox or whatever. If you set it to the su binary (i.e., /system/xbin/su, or maybe /su/bin/su), then scp, sftp, and rsync will run as root and should be able to access files outside of /sdcard. If the name of the shell contains "su" in it, instead of putting "-" before argv[0] to indicate the login shell, SimpleSSHD puts "-" as argv[1]. That is, a regular login shell would be invoked as "-sh", but su will be invoked as "su -".

Frequently Asked Questions

Here are some common complaints:

Change Log

About

SimpleSSHD is built using parts from open source projects: Dropbear SSH, openssh (for scp and sftp-server), and rsync. Those projects in turn are built on other projects. A lot of people's work is represented here, and very little of my own.

But if you find bugs/infelicities, it's probably my fault, so email me:

To get the source:

git clone http://galexander.org/git/simplesshd.git

Direct APK download: SimpleSSHD-19.apk