Native SSH server on LinageOS
I finally trashed my shitty Shift5.2 and got a spare OnePlus One from a good colleague.
tldr: scroll down to Setup of SSH on LineageOS.
I strongly discourage everyone from buying a ShiftPhone. The Phone was/is on Android patch level from 2017-03-05 – which is one and a half year ago! Not to mention that it was running an Android 5.1.1 in 2018… With soo many bugs and security issues, in my opinion this phone is a danger to the community! And nobody at Shift seemed to really care…
However, I now have a OnePlus One, which is supported by LineageOS - the successor of CyanogenMod. So, first action was installing LineageOS. Immediately followed by installing SU to get root access.
Next, I’d like to have SSH access to the phone. I did love the native SSH server on my Galaxy S2, which used to run CyanogenMod for 5+ years. Using the SSH access I was able to integrate it in my backup infrastructure and it was much easier to quickly copy stuff from the phone w/o a cable :)
The original webpage including a how-to for installing SSH on CyanogenMod has unfortunately vanished. There is a copy available from the WayBackMachine (thanks a lot guys!!). I still thought dumping an up-to-date step-wise instruction here may be a good idea :)
Setup of SSH on LineageOS
The setup of the native SSH server on LineageOS seems to be pretty similiar to the CyanogenMod version. First you need a shell on the phone, e.g. through adb, and become root (su). Then just follow the following three steps:
Create SSH daemon configuration
You do not need to create a configuration file from scratch, you can use /system/etc/ssh/sshd_config as a template.
Just copy the configuration file to /data/ssh/sshd_config;
cp /system/etc/ssh/sshd_config /data/ssh/sshd_configJust make sure you set the following things:
PermitRootLogin without-passwordPubkeyAuthentication yesPermitEmptyPasswords noChallengeResponseAuthentication noSubsystem sftp internal-sftp
Update: Ed Huott reported:
There was one additional step I needed to make it work. It was necessary to set
StrictModes noin/data/ssh/sshd_configin order to keep sshd from failing to start due to bad file ownership/permissions on the/data/.sshdirectory and files as well as the parent/datadirectory.This is because the owner:group of
/datais system:system which doesn’t match eitherrootorshellowner:group used for/data/.sshand its contents. I felt that settingStrictModes nowas a better solution than messing with the owner:group of the/datadirectory!
Setup SSH keys
We’ll be using SSH-keys to authenticate to the phone. If you don’t know what SSH keys are, or how to create them, you may go to an article that I wrote in 2009 (!!) or use an online search engine.
First, we need to create /data/.ssh on the phone (note the .!) and give it to the shell user:
mkdir -p /data/.ssh
chmod 700 /data/.ssh
chown shell:shell /data/.sshSecond, we need to store our public SSH key (probably stored in ~/.ssh/id_rsa.pub on your local machine) in /data/.ssh/authorized_keys on the phone.
If that file exists, just append your public key into a new line.
Afterwards, handover the authorized_keys file to the shell user:
chmod 600 /data/.ssh/authorized_keys
chown shell:shell /data/.ssh/authorized_keysCreate a start script
Last but not least, we need a script to start the SSH service.
There is again a template available in /system/bin/start-ssh.
Just copy the script to /data/local/userinit.d/:
mkdir /data/local/userinit.d/
cp /system/bin/start-ssh /data/local/userinit.d/99sshd
chmod 755 /data/local/userinit.d/99sshdFinally, we just need to update the location of the sshd_config to /data/ssh/sshd_config in our newly created /data/local/userinit.d/99sshd script (in the template it points to /system/etc/ssh/sshd_config, there are 2 occurences: for running the daemon w/ and w/o debugging).
That’s it
You can now run /data/local/userinit.d/99sshd and the SSH server should be up and running :)
Earlier versions of Android/CyanogenMod auto-started the scripts stored in /data/local/userinit.d/ right after the boot, but this feature was removed with CM12..
Thus, at the moment it is not that easy to automatically start the SSH server with a reboot of your phone.
But having the SSH daemon running all the time may also be a bad idea, in terms of security and battery…
- network (68) ,
- software (159) ,
- security (29) ,
- administration (42) ,
- private (34) ,
- operatingsystem (14) ,
- howto (27) ,
- phone (6) ,
- cyanogen (4) ,
- lineageos (5)
- android (6) ,
- backup (5) ,
- config (21) ,
- cyanogen (4) ,
- lineageos (5) ,
- network (81) ,
- phone (6) ,
- private (31) ,
- remote (22) ,
- ssh (12) ,
- trick (61)
Martin Scharm
Leave a comment
There are multiple options to leave a comment:
- send me an email
- submit a comment through the feedback page (anonymously via TOR)
- Fork this repo at GitHub, add your comment to the _data/comments directory and send me a pull request
- Fill the following form and Staticman will automagically create a pull request for you:
3 comments
On my lineage 18.1 I can not find /system/bin/start-ssh . is there another way?
Thanks
Cheers and what a fine post, fellow mate. Meanwhile there isn’t any /system/bin/start-ssh on my phone, so it might be helpful to post the content of the templates you’re refering in case they’re absent.
I’m not sure if it’s the vanilla file or a version that I already messed around with, but here is one that found on my system: https://gist.github.com/binfalse/87755e1e6608647add36fa30ae6bd5ed