I finally trashed my shitty Shift5.2 and got a spare OnePlus One from a good colleague.
tldr: scroll down to Setup of SSH on LineageOS.
I strongly discourage everyone from buying a ShiftPhone. The Phone was/is on Android patch level from 2017-03-05 – which is one and a half year ago! Not to mention that it was running an Android 5.1.1 in 2018… With soo many bugs and security issues, in my opinion this phone is a danger to the community! And nobody at Shift seemed to really care…
However, I now have a OnePlus One, which is supported by LineageOS - the successor of CyanogenMod. So, first action was installing LineageOS. Immediately followed by installing SU to get root access.
Next, I’d like to have SSH access to the phone. I did love the native SSH server on my Galaxy S2, which used to run CyanogenMod for 5+ years. Using the SSH access I was able to integrate it in my backup infrastructure and it was much easier to quickly copy stuff from the phone w/o a cable :)
The original webpage including a how-to for installing SSH on CyanogenMod has unfortunately vanished. There is a copy available from the WayBackMachine (thanks a lot guys!!). I still thought dumping an up-to-date step-wise instruction here may be a good idea :)
Setup of SSH on LineageOS
The setup of the native SSH server on LineageOS seems to be pretty similiar to the CyanogenMod version. First you need a shell on the phone, e.g. through adb, and become root (su). Then just follow the following three steps:
Create SSH daemon configuration
You do not need to create a configuration file from scratch, you can use /system/etc/ssh/sshd_config
as a template.
Just copy the configuration file to /data/ssh/sshd_config
;
cp /system/etc/ssh/sshd_config /data/ssh/sshd_config
Just make sure you set the following things:
PermitRootLogin without-password
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
Subsystem sftp internal-sftp
Setup SSH keys
We’ll be using SSH-keys to authenticate to the phone. If you don’t know what SSH keys are, or how to create them, you may go to an article that I wrote in 2009 (!!) or use an online search engine.
First, we need to create /data/.ssh
on the phone (note the .
!) and give it to the shell
user:
mkdir -p /data/.ssh
chmod 700 /data/.ssh
chown shell:shell /data/.ssh
Second, we need to store our public SSH key (probably stored in ~/.ssh/id_rsa.pub
on your local machine) in /data/.ssh/authorized_keys
on the phone.
If that file exists, just append your public key into a new line.
Afterwards, handover the authorized_keys
file to the shell user:
chmod 600 /data/.ssh/authorized_keys
chown shell:shell /data/.ssh/authorized_keys
Create a start script
Last but not least, we need a script to start the SSH service.
There is again a template available in /system/bin/start-ssh
.
Just copy the script to /data/local/userinit.d/
:
mkdir /data/local/userinit.d/
cp /system/bin/start-ssh /data/local/userinit.d/99sshd
chmod 755 /data/local/userinit.d/99sshd
Finally, we just need to update the location of the sshd_config
to /data/ssh/sshd_config
in our newly created /data/local/userinit.d/99sshd
script (in the template it points to /system/etc/ssh/sshd_config
, there are 2 occurences: for running the daemon w/ and w/o debugging).
That’s it
You can now run /data/local/userinit.d/99sshd
and the SSH server should be up and running :)
Earlier versions of Android/CyanogenMod auto-started the scripts stored in /data/local/userinit.d/
right after the boot, but this feature was removed with CM12..
Thus, at the moment it is not that easy to automatically start the SSH server with a reboot of your phone.
But having the SSH daemon running all the time may also be a bad idea, in terms of security and battery…
- network (64) ,
- software (147) ,
- security (28) ,
- administration (34) ,
- private (33) ,
- operatingsystem (14) ,
- howto (21) ,
- phone (5) ,
- cyanogen (4) ,
- lineageos (4)
- android (5) ,
- backup (5) ,
- config (15) ,
- cyanogen (4) ,
- lineageos (5) ,
- network (74) ,
- phone (5) ,
- private (29) ,
- remote (17) ,
- ssh (12) ,
- trick (55)
Post a comment
read more about submitting comments
_comments
directory and send me a pull request