How to SetUp an SSH Daemon on Droid using Dropbear as the SSH Daemon/Server

Assumptions:
#1 - Phone has been rooted: - Search forums if unsure how to do this
#2 - Busybox has been installed - Again search forums for method
#3 - ADB (Android Debug Bridge) is installed on host computer - (Step isn't absolutely necessary if a program such as Android Terminal Emulator: androidterm - Project Hosting on Google Code is installed.

Process:
#1 - Download and unzip the dropbear, dropbearkeys, and scp executables. These files can be found on post #3 here: AllDroid - View topic - [release] SSH!
#2 - Place the executables dropbear, dropbearkey, and scp within /sdcard/dropbear
The dropbear directory may need to be created.
Ensure the sdcard is unmounted from the computer prior to issuing the following commands.
Code:
adb shell <--May be eliminated if not using adb
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system (Makes the system partition read and writeable)
cat /sdcard/dropbear/dropbear > /system/xbin/dropbear
cat /sdcard/dropbear/dropbearkey > /system/xbin/dropbearkey
cat /sdcard/dropbear/scp > /system/xbin/scp
chmod 755 /system/xbin/dropbear
chmod 755 /system/xbin/scp
chmod 700 /system/xbin/dropbearkey
Now create the ssh daemon host rsa and dss keys:
Code:
mkdir /system/etc/dropbear
cd /system/etc/dropbear
dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key
dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
**Optional Step if wanting to use ssh keys as part of the authentication Process

On Client (Linux/MAC/Cygwin-Windows or Putty (however different process should be used for Putty))- Create the private and public ssh keys. Another tutorial will explain all the options on how to do this, however on the client this could be performed such as the following:
Code:
ssh-keygen -t rsa -b 4096 id_rsa <Note 1024, 2096 or 4098 can be specified as the bit size>
Copy id_rsa.pub from the client to /system/etc/dropbear/ (via adb push/ or mounting the sdcard on the computer, transferring the file/then unmounting the sdcard)

As root and within the /system/etc/dropbear directory
Code:
cat id_rsa.pub > authorized_keys
***********
Remount the /system partition as read only:
Code:
sync
mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system
Start the dropbear daemon as follows (Ensure you are root) (Replace <password> with your password of choice):
Code:
-If simply wanting password authentication:
dropbear -A -N root -U 0 -G 0 -C <password> -p WLANIP:22
-If wanting wanting key and password authentication
dropbear -A -N root -U 0 -G 0 -C <password> -R /etc/dropbear/authorized_keys -p WLANIP:22
-If only wanting key authentication:
dropbear -A -N root -U 0 -G 0 -C <password> -s -R /etc/dropbear/authorized_keys -p WLANIP:22
**Notes
Please see dropbear -? for explanation of all switch options however:
- If using key-based authentication, you still need to supply a password after the -C switch although it is completely ignored. Do not omit this parameter
- Specifying the -p switch is optional. By default it listens on port 22. See dropbear -? for a further explanation or the openssh server manual to further understand this switch.

- If wanting to run the dropbear daemon on the 3G network, the listening port must be above 2000. Hence at a minimum, the dropbear daemon would be started with a -p 2xxx parameter.

- This application can be coupled with the DynDNS app - found in market - DynDNS for Android in conjunction with a dynamic domain name service (dyndns) such as No-IP - Dynamic DNS, Static DNS for Your Dynamic IP or DynDNS.com: Free DNS Hosting, E-mail Delivery, and VPS Hosting to allow remote access from the client using a domain name rather than an ip address. Application setup is straightforward, and has been discussed elsewhere.

Troubleshooting:

#1 - To confirm the dropbear daemon is running:
Code:
ps | grep dropbear
This should produce output similar to:
# ps | grep dropbear
ps | grep dropbear
root 14107 1 736 212 c00cde7c afe0cb04 S dropbear

#2 - If dropbear was started with the -p switch specifying an <addressort>, busybox netstat may be also used to confirm the daemon is listening on the specified tcp address and port:
#busybox netstat -l
busybox netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 192.168.1.106:22 0.0.0.0:* LISTEN

#3 - To kill the dropbear daemon (as root):
Code:
kill all dropbear
Addendum:
This guide was created using Dropbear sshd 0.52

Security Note:
At the present time, Android 2.01 does not contain any firewall (such as iptables), nor does dropbear contain access control lists (acl's). Because of this potential security vulnerability, the phone is vulnerable to remote access if a weak password is chosen. Although the best way to secure the phone is controversial, at the present time I would recommend running the dropbear daemon listening on a non-standard port (any port other than 22), and the use of authentication keys whenever possible. Hopefully custom ROMs soon to be released will add an additional layer of security such as an iptables (and port-knocking) application.

Uninstalling Dropbear SSH

The following commands will undo the entire process listed in this thread:
Code:
adb shell <--May be eliminated if not using adb
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
rm /system/xbin/dropbear
rm /system/xbin/dropbearkey
rm /system/xbin/scp
cd /system/etc/dropbear
busybox rm -rf /system/etc/dropbear
sync
mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system