mirror of
http://galexander.org/git/simplesshd.git
synced 2025-01-22 13:00:54 +00:00
297 lines
13 KiB
HTML
297 lines
13 KiB
HTML
<html><head><title>SimpleSSHD</title>
|
|
<meta name="HandheldFriendly" content="true"/>
|
|
<style type="text/css">
|
|
pre {
|
|
margin-left: 1em;
|
|
white-space: pre-wrap;
|
|
word-wrap: break-word;
|
|
}
|
|
tt {
|
|
white-space: pre-wrap;
|
|
word-wrap: break-word;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<p style="float:right; width:30%;"><img style="width:100%;" src="icon.png"></p>
|
|
<h1>SimpleSSHD</h1>
|
|
|
|
<p>SimpleSSHD is an SSH2 server based on dropbear that supports scp,
|
|
sftp, and rsync. It only supports public-key based authentication (no
|
|
password/interactive auth except for bootstrapping). It does not use
|
|
root, which means it must listen on a port over 1024 (defaults to port
|
|
2222).</p>
|
|
|
|
<h2>Quick start</h2>
|
|
|
|
<ul>
|
|
<li> Install SimpleSSHD.
|
|
<li> On any computer which will connect to your Android device, set the
|
|
port to 2222. With OpenSSH, this can be done by putting these lines in
|
|
<tt>~/.ssh/config</tt>:
|
|
<pre>
|
|
Host myphone
|
|
Port 2222
|
|
</pre>
|
|
<li> Launch SimpleSSHD, and in Settings enable "Start on Boot", then
|
|
manually start it for the first time.
|
|
<li> Create <tt>authorized_keys</tt> in the home directory
|
|
(do not use <tt>ssh-copy-id</tt>).
|
|
<li> Optionally run <tt>restorecon -F authorized_keys</tt> (LineageOS
|
|
needs it for "SELinux context").
|
|
<li> Optionally make <tt>.profile</tt>.
|
|
</ul>
|
|
|
|
<p>If SimpleSSHD does not find an <tt>authorized_keys</tt> file when a
|
|
client connects, then it generates a single-use password at that time and
|
|
displays it in the console log. So the procedure to login the first time
|
|
is to initiate the ssh connection, then look at the phone and type in the
|
|
password that is on the screen in the SimpleSSHD app. It is recommended
|
|
to use that shell session to install the <tt>authorized_keys</tt>
|
|
file.</p>
|
|
|
|
<p>Once <tt>authorized_keys</tt> exists, only public key authentication
|
|
is supported. If you screw up your <tt>authorized_keys</tt> file, use
|
|
the options menu (upper right) -> Reset Keys.</p>
|
|
|
|
<p>The default home directory is now the app-private directory, which
|
|
will generally be something like
|
|
<tt>/data/data/org.galexander.sshd/files</tt>, but may vary depending on
|
|
your device. Use options menu -> Copy App-private Path to view the path
|
|
or copy it onto the clipboard. A nice feature of the app-private
|
|
directory is it generally supports the full range of Unix file
|
|
permissions, including execute! A disadvantage is that these files all
|
|
disappear if you uninstall SimpleSSHD.</p>
|
|
|
|
<p>Once you get setup, you may want BusyBox. Check out
|
|
<a href="https://play.google.com/store/apps/details?id=org.galexander.busybox">SimpleBusyBox</a>.</p>
|
|
|
|
|
|
<h2>Settings</h2>
|
|
|
|
<p>Generally speaking, you must re-start the SimpleSSHD service for any
|
|
of these settings to take effect.</p>
|
|
|
|
<dl>
|
|
<dt>Start on Boot</dt>
|
|
<dd>Automatically start the SimpleSSHD service when the phone powers on.</dd>
|
|
|
|
<dt>Start on Open</dt>
|
|
<dd>Run the SimpleSSHD service whenever the app is launched. The "STOP"
|
|
button will be replaced with a "QUIT" button that stops the service and
|
|
exits the app. This is useful if you want to only run the service when
|
|
you really need it -- start the app to start listening for connections,
|
|
and then click "QUIT" when you are done.</dd>
|
|
|
|
<dt>Foreground Service</dt>
|
|
<dd>Run the SimpleSSHD service as an Android "foreground service." This
|
|
means a notification will be displayed for the service (you might be able
|
|
to block the notification by long tapping the notification).
|
|
On newer versions of Android (since Marshmallow), this may also make
|
|
SimpleSSHD more responsive if the phone has been in Doze mode. It does
|
|
not seem to increase battery consumption much.</dd>
|
|
|
|
<dt>Port Number</dt>
|
|
<dd>This is the port number that SimpleSSHD will listen on. It must be
|
|
greater than 1024 (because SimpleSSHD does not have root).</dd>
|
|
|
|
<dt>Buffer hack for rsync+SuperSU</dt>
|
|
<dd>A bug in SuperSU interacts with an infelicity in rsync to cause an
|
|
occasional deadlock. This is a real pain because I use SuperSU+rsync
|
|
for system-wide backups, which will always eventually trigger the
|
|
deadlock. To work around this, there is a "Buffer hack" option that
|
|
should be enabled if you use rsync with SuperSU. It adds a miniscule
|
|
overhead to rsync, but isn't harmful even if you aren't using
|
|
SuperSU.</dd>
|
|
|
|
<dt>Extra Commandline</dt>
|
|
<dd>You can specify additional commandline options for dropbear server.
|
|
The options which are hardcoded are:
|
|
<blockquote><pre>-R -F -p :portno</pre></blockquote>
|
|
You can use <tt>\</tt> or <tt>"</tt> to escape characters in this
|
|
commandline.</dd>
|
|
|
|
<dt>Environment Variables</dt>
|
|
<dd>You can specify environment variables to define before executing the
|
|
shell. There is one variable per line, with a
|
|
"<em>name</em><tt>=</tt><em>value</em>" format.
|
|
A common use would be
|
|
"<tt>ENV=/data/data/org.galexander.sshd/files/.profile</tt>",
|
|
if your device has a
|
|
build of <tt>mksh</tt> that does not execute a <tt>.profile</tt>
|
|
automatically.</dd>
|
|
|
|
<dt>SSH Path</dt>
|
|
<dd>Path for general dropbear files, which now defaults to
|
|
the app-private directory (usually something like
|
|
<tt>/data/data/org.galexander.sshd/files</tt>).
|
|
Most importantly, this is where
|
|
<tt>authorized_keys</tt> is found. It is also where host keys wind up
|
|
(they are created on demand), and where temporary files go. Other than
|
|
the app-private directory, it may go under <tt>/sdcard</tt>.</dd>
|
|
|
|
<dt>Home Directory</dt>
|
|
<dd>The login shell's home directory, which also defaults
|
|
to the app-private directory.
|
|
This is where your ssh session starts out, and is where <tt>.profile</tt>
|
|
will be found if it is present.</dd>
|
|
|
|
<dt>Login Shell</dt>
|
|
<dd>Path to the command shell. The default Android shell is
|
|
<tt>/system/bin/sh</tt>, but you may prefer to use the one that comes with
|
|
busybox or whatever. If you set it to the su binary (i.e.,
|
|
<tt>/system/xbin/su</tt>, or maybe <tt>/su/bin/su</tt>),
|
|
then scp, sftp, and rsync will run as root and
|
|
should be able to access files outside of <tt>/sdcard</tt>. If the name
|
|
of the shell contains "<tt>su</tt>" in it, instead of putting
|
|
"<tt>-</tt>" before <tt>argv[0]</tt> to indicate the login shell,
|
|
SimpleSSHD puts "<tt>-</tt>" as <tt>argv[1]</tt>. That is, a regular
|
|
login shell would be invoked as "<tt>-sh</tt>", but su will be invoked as
|
|
"<tt>su -</tt>".</dd>
|
|
|
|
|
|
<h2>Broadcast intents</h2>
|
|
|
|
<p>SimpleSSHD registers receivers for broadcasts that you can use to
|
|
start/stop the service programmatically, using an app like Tasker, or the
|
|
commandline tool <tt>am</tt>.</p>
|
|
|
|
<p>action: <tt>org.galexander.sshd.START</tt><br>
|
|
or: <tt>org.galexander.sshd.STOP</tt><br>
|
|
app: <tt>org.galexander.sshd</tt><br>
|
|
category: <tt>android.intent.category.DEFAULT</tt> (optional).</p>
|
|
|
|
<p>Note that these intents will only work on phones with Android 8 (Oreo)
|
|
or later if <b>Settings</b> -> <b>Foreground Service</b> is enabled.</p>
|
|
|
|
<p>For example, to start sshd service under shell, you could run:
|
|
<pre>am broadcast -a org.galexander.sshd.START org.galexander.sshd</pre></p>
|
|
|
|
<p>You may need to specify <tt>--user 0</tt> depending on the context:
|
|
<pre>am broadcast --user 0 -a org.galexander.sshd.START org.galexander.sshd</pre></p>
|
|
|
|
<p>And if Android is ignoring your broadcasts because the app was never started yet (or was force stopped), you may try (it's all arbitrary to me!):
|
|
<pre>am broadcast --user 0 -a org.galexander.sshd.START org.galexander.sshd/.StartReceiver</pre></p>
|
|
|
|
|
|
<p>If you are getting an error from <tt>am</tt> like:
|
|
<pre>cmd: Failure calling service activity: Failed transaction (2147483646)</pre>
|
|
it can probably be solved by disassociating <tt>am</tt> from the ssh
|
|
terminal (I don't know why). This can be accomplished by redirecting
|
|
stdin, stdout, and stderr. For example, I can actually stop sshd from
|
|
within an ssh session using this command:
|
|
<pre>am broadcast --user 0 -a org.galexander.sshd.STOP org.galexander.sshd < /dev/null > /dev/null 2> /dev/null</pre></p>
|
|
|
|
|
|
<h2>Frequently Asked Questions</h2>
|
|
|
|
<p>Here are some common complaints:</p>
|
|
|
|
<ul>
|
|
<li> Writing to an SD card is not generally possible -- your mileage may
|
|
vary. Modern Android (since about Kit Kat) only allows write access to
|
|
an SD card through the Android Java API, but shell commands usually use
|
|
Unix APIs (POSIX, C). I don't know a work-around. Most phones let you
|
|
write to <tt>/sdcard</tt>, but it's often in the phone's internal memory.
|
|
|
|
<li>If you installed an <tt>authorized_keys</tt> file, but SimpleSSHD
|
|
acts like it doesn't exist, try running "<tt>restorecon -F
|
|
authorized_keys</tt>". Some Android configurations, such as LineageOS,
|
|
run apps in an "SELinux Context" (don't ask me) where that kind of thing
|
|
is necessary.
|
|
|
|
<li> <tt>rsync</tt> will do too much work for an update, because there is
|
|
usually no way to update the ctime, mtime, or atime on files in
|
|
<tt>/sdcard</tt>. Use <tt>rynsc --size-only</tt>, and it will compare
|
|
the file sizes instead of the modification time.
|
|
|
|
<li> For the same reason, <tt>rsync -a</tt> will generally fail. Use
|
|
<tt>rsync -r</tt> instead.
|
|
|
|
<li> "<tt>Not backgrounding</tt>" is just the string that dropbear
|
|
outputs when it isn't asked to <tt>fork()</tt> when it starts up -- it's
|
|
harmless.
|
|
|
|
<li> If you really must specify which IP to listen on, consider setting
|
|
<b>Port Number</b> to 22 (which will fail and be ignored), and then add
|
|
<tt>-p 192.168.1.123:2222</tt> to <b>Extra Commandline</b>.
|
|
|
|
<li> Do not use <tt>ssh-copy-id</tt>, it will try to put the
|
|
<tt>authorized_keys</tt> file in the wrong place.
|
|
|
|
</ul>
|
|
|
|
|
|
<h2>Change Log</h2>
|
|
|
|
<ul>
|
|
<li> <b>2021/01/17 Version 27:</b> New approach to accessing /sdcard. Automatically re-start on package upgrade if Start on Boot enabled. Fix "Non-matching signing type" error with older ssh clients.
|
|
<li> <b>2020/12/29 Version 26:</b> Fix ed25519 host key creation.
|
|
<li> <b>2020/12/29 Version 25:</b> Fix compatibility with WinSCP. Update to upstream Dropbear 2020.81 -- adding ed25519 support!
|
|
<li> <b>2020/01/01 Version 24:</b> Fix crash with "Start on Open" on Android 9. New TV icon. Improve performance.
|
|
<li> <b>2019/09/21 Version 23:</b> Support Android TV.
|
|
<li> <b>2019/09/01 Version 22:</b> Add broadcast intents for start and stop.
|
|
<li> <b>2019/08/11 Version 21:</b> Fix restarting after a crash. Fix SIGSEGV on some Android 9 devices.
|
|
<li> <b>2019/06/16 Version 20:</b> Update SDK. Support x86_64, arm64.
|
|
Fix finding support libraries. Fix colors again. Fix start-on-boot on
|
|
new Android. Update to dropbear 2019.78.
|
|
<li> <b>2018/05/19 Version 19:</b> Use the app-private directory by
|
|
default on new installs for the SSH/home dir. Organize settings. Fix
|
|
black-on-black text on some devices.
|
|
<li> <b>2018/05/16 Version 18:</b> Use correct idiom for <tt>su</tt> as a
|
|
login shell (so busybox <tt>su</tt> can work). Add environment variables
|
|
to settings.
|
|
<li> <b>2018/03/24 Version 17:</b> Add native x86 support.
|
|
<li> <b>2017/10/28 Version 16:</b> Fix rsync on Android 8.0 (Oreo).
|
|
<li> <b>2016/10/17 Version 15:</b> Fix crash on pre-Nougat versions of Android.
|
|
<li> <b>2016/10/16 Version 14:</b> Support single-use passwords for
|
|
bootstrapping.
|
|
<li> <b>2016/10/16 Version 13:</b> Support foreground service (fewer
|
|
stalls with newer Android). Add "Start on Open" mode.
|
|
<li> <b>2016/08/08 Version 1.11:</b> Fix stall initializing random number generator.
|
|
<li> <b>2016/07/22 Version 1.10:</b> Enable TCP port forwarding.
|
|
<li> <b>2016/07/04 Version 1.9:</b> Restart sshd if the system kills it.
|
|
<li> <b>2016/06/21 Version 1.8:</b> sftp, rsync, and scp now work on
|
|
files bigger than 2GB.
|
|
<li> <b>2016/06/19 Version 1.7:</b> Don't clear environment variables (so
|
|
you can use <tt>am</tt> or <tt>pm</tt> more easily). Add "Authorized
|
|
Keys" menu option to help maintain the <tt>authorized_keys</tt> file.
|
|
<li> <b>2016/06/12 Version 1.6:</b> Fix typo that broke scp/sftp/rsync in
|
|
version 1.5.
|
|
<li> <b>2016/06/11 Version 1.5:</b> SuperSU+rsync hack now limits the
|
|
buffer size to 1MB.
|
|
<li> <b>2015/11/23 Version 1.4:</b> Don't abort if IP address lookup fails, and make proper "About" menu.
|
|
<li> <b>2015/06/21 Version 1.3:</b> Hack to make rsync work with SuperSU.
|
|
<li> <b>2015/01/18 Version 1.2:</b> Displays the IP address it's listening on.
|
|
<li> <b>2014/12/29 Version 1.1:</b> Works with Lollipop now.
|
|
<li> <b>2014/12/22 Version 1.0:</b> Initial public release.
|
|
</ul>
|
|
|
|
|
|
<h2>About</h2>
|
|
|
|
<p>SimpleSSHD is built using parts from open source projects:
|
|
<a href="https://matt.ucc.asn.au/dropbear/dropbear.html">Dropbear SSH</a>,
|
|
<a href="http://www.openssh.com/">openssh</a> (for scp and sftp-server),
|
|
and <a href="http://rsync.samba.org/">rsync</a>. Those projects in turn
|
|
are built on other projects. A lot of people's work is represented here,
|
|
and very little of my own.</p>
|
|
|
|
<p>But if you find bugs/infelicities, it's probably my fault, so email
|
|
me:<br>
|
|
<img src="/email.png"></p>
|
|
|
|
<p>To get the source:</p>
|
|
<pre>git clone http://galexander.org/git/simplesshd.git</pre>
|
|
|
|
<p>Direct APK download:
|
|
<ul>
|
|
<li><a href="SimpleSSHD-19.apk">SimpleSSHD-19.apk</a> - last version to target SDK 11, Android 3.0 Honeycomb.
|
|
<li><a href="SimpleSSHD-23.apk">SimpleSSHD-23.apk</a>
|
|
<li><a href="SimpleSSHD-24.apk">SimpleSSHD-24.apk</a>
|
|
<li><a href="SimpleSSHD-26.apk">SimpleSSHD-26.apk</a>
|
|
<li><a href="SimpleSSHD-27.apk">SimpleSSHD-27.apk</a>
|
|
</ul></p>
|
|
|
|
</body></html>
|