[APP] SSHD V2_2 - new release

[bragon]

Dear all,

please find a new release of the sshd daemon. Now there is an popup window to indicate the launch and shutdown of the application. Apart from this eye candy feature, the new release performs a mount -bind of a /ezxlocal/rwetc directory in place of /etc in order to allow modification of its content.

RELEASE NOTES FOR SSHD 2.0

1. INTRODUCTION
---------------

This is the sshd package embedding an ssh server for ezx phones based on a patched version of dropbear.
The motivation for this package is to provide a more secure login process on the phone than telnet with an empty root password. By the way, note that telnet is now disabled on the latest production firmwares for the new generation ezx phones.
Compared to the vanilla dropbear version the provided dropbear binary has been patched to:
1) allow only public key authentication
2) disable empty password check to allow root login even with an empty password in /etc/passwd
If you wish to analyze the resulting source code, please have a look at mkezx: http://www.mkezx.org these patches have been contributed to this great generic build framework

2. PRINCIPLE
------------

This package replicates the content of the read only directory /etc in /ezxlocal/rwetc and modifies the home directory of ezx and root users to be set to a writeable location: /ezxlocal/home/ezx and /ezxlocal/home/root respectively.
Directory /ezxlocal/rwetc is mounted in place of /etc through the use of "mount -t bind" command.
That way /etc becomes writeable (you can even change root and ezx password).
The host keys are installed in /etc/dropbear and uses keys are also generated.

3.1. PACKAGE INSTALLATION ON A1200/ROKRE6
-----------------------------------------

In order to install this package you need to perform the following steps on the handset
using a telnet session:
1) first install yan0.rar archive available here on http://www.motorolafans.com forums that enables the installation of unsigned .pkg packages.
Don't forget the make the right association by touching the package icon you wish to install until a menu appears and select "open with" mpkg striking the "always use the program..." box.
2) install the provided package through the use of mpkg program
3) switch your phone off an on in order to see the sshd icon in the application manager

3.2. PACKAGE INSTALLATION ON OTHER HANDSETS
-------------------------------------------

In order to install this package you need to install the provided package through the use of the native installer. Installation is performed by by touching the package icon you wish to install until a menu appear and select "Install"

4. PREPARATION BEFORE USAGE
---------------------------

The creation of the root and ezx home directories and replication and modification of the /etc directory are performed automatically at the fist launch of the scrcipt.
Since the authentication for ssh is based on public key thus in order to allow login you need to:
- distribute the ssh key of the host user you want to allow to connect to the phone on the handset by simply appending the public portion of the key to the handset user authorized keys file: e.g. /ezxlocal/home/ezx/.ssh/authorized_keys. This can simply be done using the samba server smb package through a mount of the relevant directories.

5. USAGE
--------

The application icon is used as an on and off switch launching the ssh daemon (dropbear) in background.
If this package does not work please refer to dropbear succinct documentation and also check the permission of the ssh users configuration files on the handset (they should be read only for the user!).

Author: bragon

Enjoy

UPDATE: new version v2.2 that covers:
- make the script generic (reuse smbd sshd)
- removal of stalled pid files in /var/run
- safetynet to create pid file in case the daemon does not handle it right

[CLOVIS KKK]

I just installed this new version. It is working fine here.
The script tests if you already have ezx and root home directories in /ezxlocal so you do not need to re-install user certificates.

I think this new version will make it easier for new users to install.

thanks.

[michalack]

i have installed this last realease , when i look into \\192.168.16.6\system\ezxlocal\home\ezx\.ssh the only file i see is id_rsa.db , thats not the problem but its supost that i found a file named authorized_keys, i start de daemon i log via putty to 192.168.16.6 port 22 (ssh) asks me for a user i put root nothing in password but it gives me acces dennied messege, what im i doing wrong!
thanks in advice

sorry for my english!

regards!

[rubpa]

Hello!

I've a 12P firmware A1200 - about a month old. I've managed to install mpkg, linloader, smbd(works fine) and sshd from this post.

inetd did not work with/without the modified tnlg - continue to get the libwrap error.

Today I tried the sshd. Used puttygen to generate a RSA ssh-2 key and added the public key to authorized_keys for both root and ezx users. However when I connect using PuTTY using the private key, login fails with 'Server refused our key' message.

Another problem with this package is that /var/run/dropbear.pid never gets created(verified with smb). Thus every time I click the icon, I feel another copy of sshd is started.

Please help. I've failed to get either telnet or ssh working for my phone

Regards

[CLOVIS KKK]

Hello!

I've a 12P firmware A1200 - about a month old. I've managed to install mpkg, linloader, smbd(works fine) and sshd from this post.

inetd did not work with/without the modified tnlg - continue to get the libwrap error.

Today I tried the sshd. Used puttygen to generate a RSA ssh-2 key and added the public key to authorized_keys for both root and ezx users. However when I connect using PuTTY using the private key, login fails with 'Server refused our key' message.

Another problem with this package is that /var/run/dropbear.pid never gets created(verified with smb). Thus every time I click the icon, I feel another copy of sshd is started.

Please help. I've failed to get either telnet or ssh working for my phone

Regards

Maybe the authorized_keys file is in wrong format. The syntax is the same as OpenSSH sshd (google for dropbear or openssh).

pid file is not created because the start command only creates it if the --make-pidfile option is specified.

[bragon]

thx for the --make-pidfile option: I will add this and make a new minor release soon

[CLOVIS KKK]

thx for the --make-pidfile option: I will add this and make a new minor release soon

Bragon

btw, there is a small bug in at the end of the MKPG Installer. AM is not restarting because of a variable name mismatch. And I think this is the major improviment in your new Mkpg installer.

typed $smbdpids instead of $ampids

Code:

#original code
ampids=`pidof am`
[ -n "$smbdpids"  ] && start-stop-daemon --start --quiet -c root --exec /bin/kill -- -TERM $ampids

i think you can replace with this more simple code:

Code:

start-stop-daemon --stop -c root --name am

This way we get ride of the most annoyng "feature" of the installer: the need to reboot the phone. I think this was your intent.
I see now that the R532 version doesn't have this code. Is there a reason for this?

[rubpa]

Maybe the authorized_keys file is in wrong format. The syntax is the same as OpenSSH sshd (google for dropbear or openssh).

pid file is not created because the start command only creates it if the --make-pidfile option is specified.

Indeed there was a problem in the authorized_keys file format. I had added the .pub file saved from puttygen which is a multi-line format for the key. The correct format is a single line per key.

Is this --make-pidfile option for the runtime(in the sshd.sh) or at build time?

bragon, I like the popup feature and its really helpful. I plan to modify the smbd script to use this too unless you are making another package for smbd too!

Thanks!

[rubpa]

This way we get ride of the most annoyng "feature" of the installer: the need to reboot the phone. I think this was your intent.
I see now that the R532 version doesn't have this code. Is there a reason for this?

wow, I would like to have this. Where can I find the new version? This would also allow the on/off icon update(used in the smbd package but does not work) and eliminate the need for the popup!

Regards.

[CLOVIS KKK]

Is this --make-pidfile option for the runtime(in the sshd.sh) or at build time?

bragon, I like the popup feature and its really helpful. I plan to modify the smbd script to use this too unless you are making another package for smbd too!

Thanks!

--make-pidfile is a command line option for start-stop-daemon.
if you open the sshd.sh or smbd.sh you will see this command used three times (one to start and one to stop and one for usbnet).
just add the option somewhere before the --exec option in the command for start (the last one).
but as Bragon said, you cant wait for the next version.

And there is already a new version of smbd with the ezxpopup dialog posted by bragon the same day he submitted this sshd.


ATTENTION: This is just a reference to update the new MPKG Installer submited by Bragon. This is the OLD installer with the AM restart.
If you can, wait for the new release by Bragon because I can't test with other firmwares (I have R532L4 A1200i).