[APP] SSHD daemon package V1.0: a more secure replacement for telnet

[bragon]

Latest version 2.2 at this thread

Tired about the insecure telnet as root with an empty password: this package is for you!

RELEASE NOTES FOR SSHD 1.0

1. INTRODUCTION
---------------

This is the sshd package embedding an ssh server for ezx phones based on a patched version of dropbear.
The motivation for this package is to provide a more secure login process on the phone than telnet with an empty root password. By the way, note that telnet is now disabled on the latest production firmwares for the new generation ezx phones.
Compared to the vanilla dropbear version the provided dropbear binary has been patched to:
1) forge on server side and client side homedir location overriding the /etc/passwd one
2) allow public key authentication
3) enable root login even with an empty password in /etc/passwd
If you wish to analyze the resulting source code, please have a look at mkezx: http://www.mkezx.org these patches have been contributed to this great generic build framework

2.1. PACKAGE INSTALLATION ON A1200
----------------------------------

In order to install this package you need to:
1) first install yan0.rar archive available here http://www.motorolafans.com/index.ph...wnload&id=1872 from the forum topic http://www.motorolafans.com/index.ph...ewtopic&t=3307 providing the mpkg installer (MPKG_A1200.rar) that enables the installation of unsigned .pkg packages.
Don't forget the make the right association by touching the package icon you wish to install until a menu appears and select "open with" mpkg striking the "always use the program..." box.
2) install the provided package through the use of mpkg program
3) switch your phone off an on in order to see the sshd icon in the application manager

2.2. PACKAGE INSTALLATION ON OTHER HANDSETS
-------------------------------------------

In order to install this package you need to install the provided package through the use of the native installer. Installation is performed by by touching the package icon you wish to install until a menu appear and select "Install"

3. PREPARATION BEFORE USAGE
---------------------------

The authentication for ssh is based on public key thus in order to allow login you need to perform the following steps on the handset using a telnet session:
1) setup the host key (you only need to do it once):
mkdir -p /ezxlocal/etc/dropbear
cd /ezxlocal/etc/dropbear
/mmc/mmca1/.system/QTDownLoad/sshd/dropbearkey -t rsa -f dropbear_rsa_host_key
/mmc/mmca1/.system/QTDownLoad/sshd/dropbearkey -t dss -f dropbear_dss_host_key
2) create once for all home directories with proper permission rights. For that purpose telnet on the phone and type the following commands:
mkdir /ezxlocal/home
mkdir /ezxlocal/home/ezx
mkdir /ezxlocal/home/root
mkdir /ezxlocal/home/root/.ssh
touch /ezxlocal/home/root/.ssh/authorized_keys
mkdir /ezxlocal/home/ezx/.ssh
touch /ezxlocal/home/ezx/.ssh/authorized_keys
chown -R ezx:ezx /ezxlocal/home/ezx
chown -R root:root /ezxlocal/home/root
chmod go-rwX /ezxlocal/home/*
3) create for user root and ezx an ssh key using for example:
/mmc/mmca1/.system/QTDownLoad/sshd/dropbearkey -t rsa -f /ezxlocal/home/ezx/.ssh/id_rsa.db
chown ezx:ezx /ezxlocal/home/ezx/.ssh/id_rsa.db
chmod go-rwx /ezxlocal/home/ezx/.ssh/id_rsa.db
/mmc/mmca1/.system/QTDownLoad/sshd/dropbearkey -t rsa -f /ezxlocal/home/root/.ssh/id_rsa.db
chown root:root /ezxlocal/home/root/.ssh/id_rsa.db
chmod go-rwx /ezxlocal/home/root/.ssh/id_rsa.db
In order to display your public key you can use
dropbear -y -f /ezxlocal/home/root/.ssh/id_rsa.db
4) distribute the ssh key of the host user you want to allow to connect to the phone on the handset by simply appending the public portion of the key to the handset user authorized keys file: e.g. /ezxlocal/home/ezx/.ssh/authorized_keys.

4. USAGE
--------

The application icon is used as an on and off switch launching the ssh daemon (dropbear) in background.
If this package does not work please refer to dropbear succinct documentation and also check the permission of the ssh users configuration files on the handset (they should be read only for the user!).

Author: bragon

Edit 1: applied the corrections from dabtech

[dabtech]

Thanks bragon, this is nice Works for me, just two comments thoguh:

On the chown command for the root users key file shouldn't it be:
chown root:root /ezxlocal/home/root/.ssh/id_rsa.db

And for the dropbearkey command to view the public portion of a key I had to use:
dropbearkey -y -f /ezxlocal/home/root/.ssh/id_rsa.db


Thanks for the post.

[bragon]

dabtech thanks for the feedback and corrections on my howto: my original post has been edited to reflect the suggested changes.

[egblue]

Thanks bragon, i have a question though
I've installed the pkg, and did all the telnet commands you've listed, however, just to make sure i understand you write.
In my desktop, i have to generate an RSA file, and take the public and append it to the authorized_keys? or do i have to place some file in my computer in order to be able to connect?
Sorry, but am not familiar with setting up SSH

[bragon]

egblue, you need to propagate the user key at the host you wish to connect.
under linux or cygwin the key should be under $HOME/.ssh /id_dsa.pub or $HOME/.ssh /id_rsa.pub: just append it to the handset user ezx or root /ezxlocal/home/ezx/.ssh/authorized_keys file.

[drfun]

Ok, so I give up now......
I have tried everyting I can thing of. Pub key with corp ssh (tectia) and cygwin. Both with now luck. I do have the server running and everthing there was smooth but can not get the key exchange to work.
Does it keep a cache of hosts that connected, maybe I have to clear that out?
Is there a way to just do a login as root and not use key exchange just so I can test? Any help would be appriciated at this point.
Thanks.

Note: I am trying this on the new .06p H2 firmware. I was able to get the telenet to work, so I wanted to go one step further.

[bragon]

drfun,

first thing to do is to launch dropbear server manually on the phone without the daemon option (-D) from a telnet with debuging messages on and see what is the issue when trying to perform an ssh.
Check also that you have indeed created the /ezxlocal/home/{ezx,root} users.
You can clean up the home .ssh directory and investigate what is going on.
Most of the time the issue is a wront permission on the directories created as advised.
I will issue a new version of sshd package soon that is somehow cleaner using a mount -o bind /ezxlocal/etcnew /etc to override the /etc directory and allow to change root and ezx passwords and homes.

[drfun]

drfun,

first thing to do is to launch dropbear server manually on the phone without the daemon option (-D) from a telnet with debuging messages on and see what is the issue when trying to perform an ssh.
Check also that you have indeed created the /ezxlocal/home/{ezx,root} users.
You can clean up the home .ssh directory and investigate what is going on.
Most of the time the issue is a wront permission on the directories created as advised.
I will issue a new version of sshd package soon that is somehow cleaner using a mount -o bind /ezxlocal/etcnew /etc to override the /etc directory and allow to change root and ezx passwords and homes.

Figured it out. I was putting the name of the public key in the auth file and placing the public key in the .ssh dir. Something I got used to doing with other sshd servers. I didnt realize you had to acturaly put the key text in the auth file. It works great, thanks.
If you need a tester for the new package let me know.

[eakrin]

@Bragon
I always got a zero size of authorized_keys in both root and ezx user even with Clovis 3K scripts. what happen?