[Bug]: sshd with root seems impossible

termux / termux-packages

A package build system for Termux.

https://termux.dev

Other

13.01k stars 2.99k forks source link

[Bug]: sshd with root seems impossible #10441

Open andrewcharnley opened 2 years ago

andrewcharnley commented 2 years ago

Problem description

sshd with root seems impossible. Documentation in wiki contains no info on it.

On Android 12:

Used a working -f authorized_keys file (works outside of root)

Tried both tsu and su to start the sshd server, which starts fine, but then...

Always receive - andrew@192.168.100.100: Permission denied (publickey,keyboard-interactive).

Also tried user@, root@ etc

sshd_config...

PasswordAuthentication no PubKeyAuthenticiation yes PermitRootLogin yes

(plus PrintMod and SubSystem untouched)

What steps will reproduce the bug?

As above

What is the expected behavior?

No response

System information

termux-info:

Grimler91 commented 2 years ago

Run sshd in debug mode as sshd -D -d too see what it says about the pubkey authentication attempts

andrewcharnley commented 2 years ago

Hi,

Have done - and won.

Permissions on the authorized_keys has to be 600 and root, which does mean ssh can't be started under default user thereafter, though I see it's also checking authorized_keys2 so possibility to use the second for checking root access.

Then I had incorrect permissions on files/ and couldn't find a combo that worked. I ended up with StrictModes no in the config and then could connect.

It would be good to get this in the wiki.

In a loosely related way, if one wanted to use a domain name instead of discovering the Android IP using

ip route show default | awk '/default/ {print $3}'

Is there any means to to do it when mobile tethering? It appears to use the mobile providers dns entry although it can be overridden in Android 9. This leads me to believe if I run dnsmasq as well I can regain the means to look at /etc/hosts and fix a domain name for the phone.

With these two sorted I can use Duplicity on Linux to backup PC files to the phone.

stale[bot] commented 2 years ago

This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

andrewcharnley commented 1 year ago

Agreed it's still a problem due to ssh checking the permissions of the folders up the tree and enforcing that they belong to the owner. I guess there's a compile flag to disable this behaviour.

Manamama commented 5 months ago

FYI, I usually solve it by a version of below:

#Not needed, but why not:
adb forward tcp:8022 tcp:8022

#Needed ;), run as separate commands, not as a one liner, to get the terminal
adb shell
su 
#we are now the root user, I assume you have rooted your Droid 

export PATH=/data/data/com.termux/files/usr/bin/:$PATH
#Termux sudo etc. commands are then used now:
sudo pkill sshd
sudo -u u0_a278 /data/data/com.termux/files/usr/bin/sshd
#sic, must be run as u0_a278 , not root
/data/data/com.termux/files/usr/bin/sudo -u u0_a278 '/data/data/com.termux/files/usr/bin/sshpass -p "{your Termux user password here}" /data/data/com.termux/files/usr/bin/ssh -t localhost -p 8022'
#Use passwd to set the password above

(Or do it all manually, step by step, to make sshd accept the keys etc. )

twaik commented 1 month ago

Is this issue still relevant?

Manamama commented 1 month ago

Not relevant that much to me, as I use a scripted version of my solution, see above.