{"id":825,"date":"2011-05-26T22:21:23","date_gmt":"2011-05-27T02:21:23","guid":{"rendered":"https:\/\/lowtek.ca\/roo\/?p=825"},"modified":"2019-12-07T09:57:12","modified_gmt":"2019-12-07T13:57:12","slug":"cyanogenmod-7-and-sshd","status":"publish","type":"post","link":"https:\/\/lowtek.ca\/roo\/2011\/cyanogenmod-7-and-sshd\/","title":{"rendered":"Cyanogenmod 7 and sshd"},"content":{"rendered":"
\"Old<\/a>
\n\"Creative<\/a> photo by\u00a0 Daniel Leininger<\/a><\/div>\n

Remote access to your phone might seem a bit odd, but being able to access my NexusOne from a computer with a real keyboard is nice when you need to poke around inside the internals. It also makes updating the photos, music, or movies possible without additional apps or cabling the phone to my PC. Today I forgot my phone at home, and was able to verify that I had “lost” it at home vs. somewhere else by ssh<\/a>‘ing into my home network, then connecting over the local network to my phone using ssh.<\/p>\n

There were 3 main steps:<\/p>\n

    \n
  1. set the phone hostname on boot<\/li>\n
  2. configure sshd<\/li>\n
  3. make it start on boot<\/li>\n<\/ol>\n

    Step one<\/strong> was really easy, turns out it is a supported feature of CyanogenMod 7 (CM7)<\/a>. Enter the Settings menu, \u00a0choose Applications then Development, now select Device Host Name. That’s it, I didn’t even need to reboot (the setting is persistent across reboots).<\/p>\n

    Step two<\/strong> is the most involved, the cyanogenmod wiki has some instructions<\/a> as does this tutorial<\/a>.\u00a0I’ll attempt to provide a guided walk-through here.<\/p>\n

    a) Let’s assume you’ve got a linux desktop machine. First we’ll create some ssh client keys<\/a>. We’re going to do this as the dropbear<\/a> in CM7 doesn’t support key passphrases, so passwords are not an option. The other benefit to ssh client keys is that we can automate connecting to the phone.<\/p>\n

    So on the linux destop we’ll execute:<\/p>\n

    $ ssh-keygen -t rsa
    \nGenerating public\/private rsa key pair.
    \nEnter file in which to save the key (\/home\/youruser\/.ssh\/id_rsa):
    \nEnter passphrase (empty for no passphrase):
    \nEnter same passphrase again:
    \nYour identification has been saved in \/home\/youruser\/.ssh\/id_rsa.
    \nYour public key has been saved in \/home\/youruser\/.ssh\/id_rsa.pub.<\/code><\/p>\n

    For the passphrase we left it empty. In very simple terms – the id_rsa is the private part of the key, the id_rsa.pub is the public one. We’re going to put the public key file onto the phone later. The private one will stay safe and secure on your desktop.<\/p>\n

    b) I’ll also assume you’ve got adb<\/a> installed. By connecting the phone to the desktop machine via USB we can push the key file using adb.<\/p>\n

    $ sudo platform-tools\/adb push \/home\/youruser\/.ssh\/id_rsa.pub \/sdcard\/authorized_keys<\/code><\/p>\n

    c) Now we’ll use adb to execute a shell on the phone. This is how I used to get in with a keyboard, but doing so without a wire hook up is very convenient.<\/p>\n

    $ sudo platform-tools\/adb shell<\/code><\/p>\n

    d) Time to configure dropbear, these are all executed within the shell we just created on the phone. You’ll find this is pretty much exactly what the CM wiki<\/a> describes.<\/p>\n

    # mkdir \/data\/dropbear
    \n# mkdir \/data\/dropbear\/.ssh
    \n# cp \/sdcard\/authorized_keys \/data\/dropbear\/.ssh\/
    \n# dropbear-keygen<\/code><\/p>\n

    Initially I had thought I could avoid running dropbear-keygen, but it turns out this is a required step. [Edit: In CM 7.1.0 RC1 dropbear-keygen is not installed, nor does it appear to be required] Now we initialize the keys.<\/p>\n

    # dropbearkey -t rsa -f \/data\/dropbear\/dropbear_rsa_host_key
    \n# dropbearkey -t dss -f \/data\/dropbear\/dropbear_dss_host_key<\/code><\/p>\n

    And set permissions to keep things happy.<\/p>\n

    # chmod 755 \/data\/dropbear \/data\/dropbear\/.ssh
    \n# chmod 644 \/data\/dropbear\/dropbear*host_key
    \n# chmod 600 \/data\/dropbear\/.ssh\/authorized_keys<\/code><\/p>\n

    e) Now we get to try it.<\/p>\n

    # dropbear -v -s -g<\/code><\/p>\n

    The -v option tells it to be verbose, handy if something has gone wrong. You should now be able to connect via ssh from the linux desktop machine, but only from the user id that created the public\/private key combination (of which we’ve moved the public key to the phone). Since in step 1 we set the hostname, we can do:<\/p>\n

    $ ssh myphone
    \nThe authenticity of host 'myphone (192.168.1.174)' can't be established.
    \nRSA key fingerprint is 00:c0:b2:78:2b:af:04:72:90:bb:0d:46:f9:14:cc:3f.
    \nAre you sure you want to continue connecting (yes\/no)? yes
    \nWarning: Permanently added 'myphone' (RSA) to the list of known hosts.
    \n# ls
    \ndropbear.pid dropbear_dss_host_key dropbear_rsa_host_key<\/code><\/p>\n

    [edit: CM 7.1.0 seems to be causing me some trouble, in two areas. a) it requires the username matches, so use “ssh root@myphone” b) it doesn’t like rsa public keys but dsa works, so use “ssh-keygen -t dsa”. You’ll know you have the problem as you get a “permission denied (publickey)” error.]<\/p>\n

    f) Bonus step. We’ll add more keys from other systems we want to be able to connect to the phone from. We repeat (a) on each machine \/ user id we want to connect from and append the public key to the authorized_keys file.<\/p>\n

    cat \/sdcard\/newmachineid.pub >> \/data\/.ssh\/authorized_keys<\/code><\/p>\n

    Now on to step three<\/strong> – making sshd start on boot. I’ll assume you don’t already have a \/data\/local\/userinit.sh file yet for some other modification, if you do I’m sure you can sort this out.<\/p>\n

    [Edit – as was pointed out by Devon, the original version had !# instead of #! in the userinit.sh script, I’ve fixed the post to reflect the correct code – no worries, the wrong way still works fine as my comment indicates]
    \nOn the phone (using ssh or adb to access the shell) you run the following commands:<\/p>\n

    # echo -e '#!\/system\/bin\/sh\\n\\ndropbear -s -g' > \/data\/local\/userinit.sh
    \n# chmod +rx \/data\/local\/userinit.sh
    \n<\/code><\/p>\n

    You can even run vi if you want (it works!). We can check the resulting file with cat:<\/p>\n

    # cat \/data\/local\/userinit.sh
    \n#!\/system\/bin\/sh<\/code><\/p>\n

     <\/p>\n

    dropbear -s -g<\/code><\/p>\n

    That’s it, we’re done. The next logical step is to start including your phone as part of your nightly rsnapshot backups<\/a>, or building some scripts to make updating music on the phone easy (and wireless).<\/p>\n","protected":false},"excerpt":{"rendered":"

    photo by\u00a0 Daniel Leininger Remote access to your phone might seem a bit odd, but being able to access my NexusOne from a computer with a real keyboard is nice when you need to poke around inside the internals. It also makes updating the photos, music, or movies possible without additional apps or cabling the … Continue reading “Cyanogenmod 7 and sshd”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-825","post","type-post","status-publish","format-standard","hentry","category-android"],"_links":{"self":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/comments?post=825"}],"version-history":[{"count":8,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/825\/revisions"}],"predecessor-version":[{"id":1655,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/posts\/825\/revisions\/1655"}],"wp:attachment":[{"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/media?parent=825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/categories?post=825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lowtek.ca\/roo\/wp-json\/wp\/v2\/tags?post=825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}