Prabhu System Technology

SSH server support in AOSP Android

Follow the below steps to add SSH Server support in AOSP Android source code. Download the OpenSSH source code and replace it with existing source code inside external folder. Add below code in device make file (e.g. device.mk). Download ssh.rc file. Add below lines in device make file to copy ssh.rc file from source folder…

Follow the below steps to add SSH Server support in AOSP Android source code.

Download the OpenSSH source code and replace it with existing source code inside external folder.

Add below code in device make file (e.g. device.mk). 

PRODUCT_PACKAGES += \
		scp \
		sftp \
		ssh \
		sshd \
		sshd_config \
		ssh-keygen \
		start-ssh \
		passwd

Download ssh.rc file.

Add below lines in device make file to copy ssh.rc file from source folder to specified destination path.

PRODUCT_COPY_FILES += \
<source_folder_path>/ssh.rc:$(TARGET_COPY_OUT_SYSTEM)/etc/init/ssh.rc \

Download start-ssh.te file and put at proper place in vendor sepolicy folder.

Add below lines inside file_context file in vendor sepolicy folder.

#ssh
/system/bin/start-ssh   u:object_r:start-ssh_exec:s0 

#net
/sys/devices/platform/soc/gmac0/net/eth0(/.*)?  u:object_r:sysfs_net_eth0:s0
/sys/devices/platform/soc/gmac1/net/eth0(/.*)?  u:object_r:sysfs_net_eth0:s0
/sys/devices/platform/xradio_device.0/net/wlan0(/.*)?  u:object_r:sysfs_wlan0:s0

There are two ways of authentications.

  • PubkeyAuthentication
  • PasswordAuthentication

PubkeyAuthentication

Follow the below steps.

  • Generate public private keys using PuttyGen and saved both keys.
  • Rename public key file to ‘authorized_keys’ and write line in device make file to copy file inside /system/etc/ssh folder at build time.
  • Uncomment below line in ssh.rc file at end of “on post-fs-data” section.
copy /system/etc/ssh/authorized_keys /data/ssh/authorized_keys

PasswordAuthentication

The code is already added in openssh source code.

To change password, open start-ssh file and change the passwords for root and shell users as per your requirements. Default password for root is SSH_ROOT@1234 and for shell is SSH_SHELL@1234. First entry is password and second entry is confirm password.

By default, ssh service will start after boot completed. If you would like to start service on property change then provision is provided in ssh.rc file. You just need to comment/uncomment lines in ssh.rc file.

It’s time to build the code.

Contact me if you face any difficulty or would like to work with me. Please don’t forget to like the blog.

Dharmesh's avatar

Dharmesh

Previous
Next

11 responses to “SSH server support in AOSP Android”

  1. xiphiasilver Avatar
    xiphiasilver

    Thank you for sharing!

    Reply
  2. 유령14호 Avatar
    유령14호

    Hello, I’m having an issue with the SELinux policy. I’m wondering what the sysfs_net_eth0 context defined in the start-ssh.te file is? I can’t find any information about it anywhere. When I comment out the policy that includes sysfs_net_eth0 and build, I get the error “cannot setexeccon for(‘u:object_r:start-ssh:s0’) for daemonssh: Invalid argument”. The port opens, but the connection drops immediately. Do you have any idea?

    Reply
    1. Dharmesh Avatar
      Dharmesh

      Add below lines inside file_context file in vendor sepolicy folder.

      #net
      /sys/devices/platform/soc/gmac0/net/eth0(/.*)? u:object_r:sysfs_net_eth0:s0
      /sys/devices/platform/soc/gmac1/net/eth0(/.*)? u:object_r:sysfs_net_eth0:s0

      Reply
      1. 유령14호 Avatar
        유령14호

        Thank you for your response.

        I tried the methods you suggested, but I’m getting the following errors during the build process:

        libsepol.context_from_record: type sysfs_net_eth0 is not defined libsepol.context_from_record: could not create context structure

        Additionally, on my device (Pixel 6), the path “/sys/devices/platform/soc…” does not exist.

        Could you please provide further assistance?

      2. 유령14호 Avatar
        유령14호

        Thank you for your response.

        I tried the methods you suggested, but I’m getting the following errors during the build process:

        libsepol.context_from_record: type sysfs_net_eth0 is not defined
        libsepol.context_from_record: could not create context structure

        Additionally, on my device (Pixel 6), the path “/sys/devices/platform/soc…” does not exist.

        Could you please provide further assistance?

      3. 유령14호 Avatar
        유령14호

        Thank you so much. Password login is also working well.
        There is one remaining issue. The following error occurs, and it does not automatically run during boot:

        “cannot setexeccon(‘u:r:start-ssh:s0’) for daemonssh: Invalid argument”

        It seems to be an SELinux policy issue, but do you have any idea what might be causing this problem?

  3. 유령14호 Avatar
    유령14호

    Thank you for your response.

    I tried the methods you suggested, but I’m getting the following errors during the build process:

    libsepol.context_from_record: type sysfs_net_eth0 is not defined
    libsepol.context_from_record: could not create context structure

    Additionally, on my device (Pixel 6), the path “/sys/devices/platform/soc…” does not exist.

    Could you please provide further assistance?

    Reply
    1. Dharmesh Avatar
      Dharmesh

      The specified path(/sys/devices/platform/soc…) is for Ethernet.

      For your error, please add below line in start-ssh.te file.
      type sysfs_net_eth0, fs_type, sysfs_type;

      For Wifi (wlan), please follow below steps.

      – Add below lines in start-ssh.te file.

      type sysfs_wlan0, fs_type, sysfs_type;

      allow start-ssh sysfs_wlan0:dir { r_dir_perms search };
      allow start-ssh sysfs_wlan0:file { rw_file_perms read open };
      allow start-ssh sysfs_wlan0:lnk_file read;

      – Add below lines in vendor file_context file. (wlan0 path would be change as per providers (Broadcom, Realtek, …))

      #net
      /sys/devices/platform/xradio_device.0/net/wlan0(/.*)? u:object_r:sysfs_wlan0:s0

      Reply
  4. 유령14호 Avatar
    유령14호

    Thank you for your help. Thanks to you, I was able to open the SSH server.
    In my case, I couldn’t read a password from the .termux_authinfo or .termux_root_authinfo file, so I kept crashing in the pwcopy function. I ended up hard-coding a password in the source code. Have you encountered any issues like this?

    Reply
    1. Dharmesh Avatar
      Dharmesh

      Please download OpenSSH source code again. I have updated it.

      Reply
  5. 유령14호 Avatar
    유령14호

    I apologize. Please disregard my previous comment. ChatGPT misunderstood my intention. Thank you. All the functionalities are working properly now. I had to modify the SEPolicy quite a bit in my case. I really appreciate your help.

    Reply

Leave a Reply

Related Posts

Discover more from Prabhu System Technology

Subscribe now to keep reading and get access to the full archive.

Continue reading