Closed flytkgl closed 2 years ago
Just wanted to check, are you referring to using the dropbear
(e.g. SSH server) binary rather than the dbclient
binary?
using dropbear
. I put it in the /system/bin directory of the TV box and accessed it from my computer, but it kept telling me that the private key was not registered
I think dropbear need to do some adjustment can be used independently in the android system, such as parameter specifies the user name password, run the permissions, etc., refer to https://github.com/pengrui2009/dropbear-android
Yes, as I mention in the readme, i don't use the dropbear server myself so it is quite likely to need further configuration before it is usable. I would guess that dropbear would be trying to look in the user's home directory (wherever Android reports that to be). I found that when running dbclient
under a standard app user this is a hardcoded (not very useful) path so I ended up submitting a patch upstream to allow this to be overridden via environment variable.
I've made a small update to localoptions.h to set DEBUG_TRACE
to 4, so if you download the appropriate workflow asset binary for your architecture from https://github.com/ribbons/android-dropbear/actions/runs/2939324910, replace the existing dropbear
binary and run it with -vvvv
it should hopefully give a much clearer log as to what the issue is (e.g. show where it is looking for authorized_keys and/or detail permission errors etc).
Here's the run log. I still don't know where the authorized_keys
file goes
:/data/local/tmp # ./dropbear -p :2233 -F -E -r /storage/emulated/0/.ssh/id_dropbear -vvvv
TRACE4 (15597) 0.000000: enter buf_get_rsa_priv_key
TRACE4 (15597) 0.000527: enter buf_get_rsa_pub_key
TRACE4 (15597) 0.001085: leave buf_get_rsa_pub_key: success
TRACE4 (15597) 0.001675: leave buf_get_rsa_priv_key
TRACE4 (15597) 0.002053: leave loadhostkey
TRACE4 (15597) 0.002404: Disabling key type 1
TRACE4 (15597) 0.002743: Disabling key type 2
TRACE4 (15597) 0.003353: Disabling key type 3
TRACE4 (15597) 0.003791: Disabling key type 4
TRACE4 (15597) 0.004644: Disabling key type 6
TRACE4 (15597) 0.005057: Disabling key type 5
TRACE4 (15597) 0.005749: Disabling key type 7
TRACE4 (15597) 0.006240: listensockets: 1 to try
TRACE4 (15597) 0.006853: listening on ':2233'
TRACE4 (15597) 0.007400: enter dropbear_listen
TRACE4 (15597) 0.007909: dropbear_listen: all interfaces
TRACE4 (15597) 0.010085: leave dropbear_listen: success, 2 socks bound
TRACE4 (15597) 0.010253: Couldn't set IPV6_TCLASS (Protocol not available)
[15597] Aug 29 10:08:55 Not backgrounding
[15613] Aug 29 10:08:58 Child connection from 192.168.1.118:5403
TRACE4 (15613) 3.920112: enter session_init
TRACE4 (15613) 3.920735: setnonblocking: 5
TRACE4 (15613) 3.921224: leave setnonblocking
TRACE4 (15613) 3.921704: setnonblocking: 5
TRACE4 (15613) 3.922188: leave setnonblocking
TRACE4 (15613) 3.922669: update_channel_prio
TRACE4 (15613) 3.923244: update_channel_prio: not any
TRACE4 (15613) 3.923916: Dropbear priority transitioning 0 -> 1
TRACE4 (15613) 3.924488: Couldn't set IPV6_TCLASS (Protocol not available)
TRACE4 (15613) 3.925704: setnonblocking: 3
TRACE4 (15613) 3.926240: leave setnonblocking
TRACE4 (15613) 3.927357: setnonblocking: 4
TRACE4 (15613) 3.928089: leave setnonblocking
TRACE4 (15613) 3.928978: leave session_init
TRACE4 (15613) 3.929678: kexinitialise()
TRACE4 (15613) 3.930180: algolist add 187 'curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au'
TRACE4 (15613) 3.930489: algolist add 20 'rsa-sha2-256,ssh-rsa'
TRACE4 (15613) 3.931266: algolist add 51 'chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr'
TRACE4 (15613) 3.931449: algolist add 51 'chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr'
TRACE4 (15613) 3.931558: algolist add 23 'hmac-sha1,hmac-sha2-256'
TRACE4 (15613) 3.931810: algolist add 23 'hmac-sha1,hmac-sha2-256'
TRACE4 (15613) 3.931920: algolist add 21 'zlib@openssh.com,none'
TRACE4 (15613) 3.932025: algolist add 21 'zlib@openssh.com,none'
TRACE4 (15613) 3.932225: DATAALLOWED=0
TRACE4 (15613) 3.932777: -> KEXINIT
TRACE4 (15613) 3.932946: maybe_empty_reply_queue - no data allowed
TRACE4 (15613) 3.933159: empty queue dequeing
TRACE4 (15613) 3.934880: enter ident_readln
TRACE4 (15613) 3.935864: leave ident_readln: return 49
TRACE1 (15613) 3.936202: remoteident: SSH-2.0-nsssh2_5.0.0045 NetSarang Computer, Inc.
TRACE4 (15613) 3.936290: maybe_empty_reply_queue - no data allowed
TRACE4 (15613) 3.936463: process_packet: packet type = 20, len 1408
TRACE4 (15613) 3.936545: got expected packet 20 during kexinit
TRACE4 (15613) 3.936612: <- KEXINIT
TRACE4 (15613) 3.936683: enter recv_msg_kexinit
TRACE3 (15613) 3.936884: buf_match_algo: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
TRACE4 (15613) 3.936989: kexguess2 0
TRACE3 (15613) 3.937058: kex algo curve25519-sha256@libssh.org
TRACE3 (15613) 3.937131: buf_match_algo: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
TRACE2 (15613) 3.937204: hostkey algo ssh-rsa
TRACE3 (15613) 3.937289: buf_match_algo: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,aes256-ctr,aes192-ctr,aes128-ctr,rijndael-cbc@lysator.liu.se,arcfour128,arcfour256
TRACE2 (15613) 3.937391: enc c2s is aes256-ctr
TRACE3 (15613) 3.937477: buf_match_algo: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,aes256-ctr,aes192-ctr,aes128-ctr,rijndael-cbc@lysator.liu.se,arcfour128,arcfour256
TRACE2 (15613) 3.937575: enc s2c is aes256-ctr
TRACE3 (15613) 3.937664: buf_match_algo: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,none
TRACE2 (15613) 3.937742: hmac c2s is hmac-sha2-256
TRACE3 (15613) 3.937809: buf_match_algo: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,none
TRACE2 (15613) 3.937884: hmac s2c is hmac-sha2-256
TRACE3 (15613) 3.937951: buf_match_algo: none
TRACE2 (15613) 3.938017: comp c2s is none
TRACE3 (15613) 3.938083: buf_match_algo: none
TRACE2 (15613) 3.938148: comp s2c is none
TRACE4 (15613) 3.938240: leave recv_msg_kexinit
TRACE4 (15613) 3.938325: maybe_empty_reply_queue - no data allowed
TRACE4 (15613) 3.938438: process_packet: packet type = 30, len 42
TRACE4 (15613) 3.938513: got expected packet 30 during kexinit
TRACE4 (15613) 3.938582: enter recv_msg_kexdh_init
TRACE4 (15613) 3.938647: enter send_msg_kexdh_reply
TRACE4 (15613) 3.938730: enter buf_put_rsa_pub_key
TRACE4 (15613) 3.938894: leave buf_put_rsa_pub_key
TRACE4 (15613) 3.967388: enter buf_put_rsa_pub_key
TRACE4 (15613) 3.967536: leave buf_put_rsa_pub_key
TRACE4 (15613) 3.967697: buf_put_sign type 100 ssh-rsa
TRACE4 (15613) 3.967721: enter buf_put_rsa_sign
TRACE4 (15613) 4.067138: leave buf_put_rsa_sign
TRACE4 (15613) 4.067224: leave send_msg_kexdh_reply
TRACE4 (15613) 4.067236: enter send_msg_newkeys
TRACE4 (15613) 4.067268: enter gen_new_keys
TRACE4 (15613) 4.067346: leave gen_new_keys
TRACE4 (15613) 4.067375: switch_keys trans
TRACE4 (15613) 4.067385: leave send_msg_newkeys
TRACE4 (15613) 4.067397: leave recv_msg_kexdh_init
TRACE4 (15613) 4.067524: empty queue dequeing
TRACE4 (15613) 4.070814: process_packet: packet type = 21, len 6
TRACE4 (15613) 4.071014: got expected packet 21 during kexinit
TRACE4 (15613) 4.071065: enter recv_msg_newkeys
TRACE4 (15613) 4.071075: switch_keys recv
TRACE4 (15613) 4.071085: switch_keys done
TRACE4 (15613) 4.071131: kexinitialise()
TRACE4 (15613) 4.071142: leave recv_msg_newkeys
TRACE4 (15613) 4.071216: process_packet: packet type = 5, len 22
TRACE4 (15613) 4.071267: enter recv_msg_service_request
TRACE4 (15613) 4.072063: accepting service ssh-userauth
TRACE4 (15613) 4.072105: leave recv_msg_service_request: done ssh-userauth
TRACE4 (15613) 4.072165: empty queue dequeing
TRACE4 (15613) 4.073374: process_packet: packet type = 50, len 40
TRACE4 (15613) 4.073564: enter recv_msg_userauth_request
TRACE4 (15613) 4.073606: enter checkusername
TRACE4 (15613) 4.073636: shell is /system/bin/sh
TRACE4 (15613) 4.073689: test shell is '/bin/sh'
TRACE4 (15613) 4.073714: test shell is '/bin/csh'
TRACE4 (15613) 4.073722: no matching shell
[15613] Aug 29 10:08:59 User 'root' has invalid shell, rejected
TRACE4 (15613) 4.073762: recv_msg_userauth_request: 'none' request
TRACE4 (15613) 4.073771: enter send_msg_userauth_failure
TRACE4 (15613) 4.073780: auth fail: methods 2, 'publickey'
TRACE4 (15613) 4.073825: leave send_msg_userauth_failure
TRACE4 (15613) 4.073866: empty queue dequeing
TRACE4 (15613) 4.076325: process_packet: packet type = 50, len 468
TRACE4 (15613) 4.076714: enter recv_msg_userauth_request
TRACE4 (15613) 4.076751: enter checkusername
TRACE4 (15613) 4.076759: checkusername: returning cached failure
TRACE4 (15613) 4.076768: enter pubkeyauth
TRACE4 (15613) 4.076777: enter send_msg_userauth_failure
TRACE4 (15613) 4.076788: auth fail: methods 2, 'publickey'
TRACE4 (15613) 4.076834: leave send_msg_userauth_failure
TRACE4 (15613) 4.076860: leave pubkeyauth
TRACE4 (15613) 4.076905: empty queue dequeing
TRACE4 (15613) 5.991011: process_packet: packet type = 1, len 18
[15613] Aug 29 10:09:01 Exit before auth from <192.168.1.118:5403>: (user 'root', 0 fails): Disconnect received
TRACE4 (15613) 5.991370: enter session_cleanup
TRACE4 (15613) 5.991502: enter chancleanup
TRACE4 (15613) 5.991604: leave chancleanup
TRACE4 (15613) 5.992121: leave session_cleanup
Okay, so that trace was useful as we're not guessing where the failure was anymore - the server is rejecting the client here: https://github.com/mkj/dropbear/blob/a8d6dac2c53f430bb5721f913478bd294d8b52da/svr-auth.c#L330
The server is checking the root
user's shell (/system/bin/sh
) against a list of 'valid' shells obtained from getusershell()
(/bin/sh
and /bin/csh
) so the check fails. As bionic (the android libc) doesn't implement that function as far as I can tell, I think the version in Dropbear's compat.c is being used: https://github.com/mkj/dropbear/blob/a8d6dac2c53f430bb5721f913478bd294d8b52da/compat.c#L207
Could you try adding the file /system/etc/shells to your device (I'm assuming /etc/
is a symlink to /system/etc
) with the following content (as that should in theory get you past that particular point).
/system/bin/sh
Let me know how you get on.
Oh! I added /system/etc/shells
and /.ssh/authorized_keys
, and now I can login with the private key
That's great news - thanks for the update :+1:
I'll rename this accordingly and mull over the best way of making /system/bin/sh
the default - e.g. if there is a tidy way of making this configurable that I could submit a PR for upstream or if this is just something that should be handled locally as part of this build.
Okay, I've submitted an upstream PR to resolve this issue and added that patch to the integration branch in this repo. If you wouldn't mind grabbing the binary from https://github.com/ribbons/android-dropbear/actions/runs/2989415302, installing it on your device, removing /system/etc/shells
and confirming if it works correctly that would be much appreciated.
What is the user and password or Where should the authorized_keys file
When I put the authorized_keys file in /.ssh or /etc/dropbear or /etc/dropbear/.ssh and use the private key to login, it still prompts that the private key is not registered