This guide is for how to setup sshd in CM10.1. There are other sites offering tips and advice on how to do it, but I believe that the way outlined here follows the most standard, best-practice, minimalist method in keeping with CM10.1’s own setup. Some of the other ways I saw mentioned in forums and other post mention things like downloading stuff from the Play store which is totally not necessary.
For this method no extra binaries need to be installed. No extra things need to be done other than generate the ssh keys and relocate and minimally alter a couple config files. The reason the config files need to be relocated is because the original ones, which can be considered as templates, are located on the /system partition which is read-only. The CM10.1 setup however was designed for these to be moved to appropriate locations on the /data partition which is read-write and intended for exactly this purpose. So let’s proceed:
Note: all these steps will be performed in Terminal Emulator as root.
1. Copy over the stock sshd_config:
cd /data/ssh
cp /system/etc/ssh/sshd_config .
2. Edit the sshd_config that you copied over in vi and change the following line:
PermitRootLogin no
to
PermitRootLogin without-password
Change:
AllowUsers shell
to
#AllowUsers shell
Change:
AuthorizedKeysFile /data/.ssh/authorized_keys
to
AuthorizedKeysFile /data/ssh/authorized_keys
3. Copy over the template sshd startup script:
cd /data/local
mkdir userinit.d
cd userinit.d
cp /system/bin/start-ssh 90sshd
4. Edit the startup script 90sshd in vi to make the following changes:
Change:
# DEBUG=1
to
DEBUG=0
change:
/system/bin/logwrapper /system/bin/sshd -f /system/etc/ssh/sshd_config -D -d
to
/system/bin/logwrapper /system/bin/sshd -f /data/ssh/sshd_config -d
delete:
# don't daemonize - otherwise we can't stop the sshd service
change:
/system/bin/sshd -f /system/etc/ssh/sshd_config -D
to
/system/bin/sshd -f /data/ssh/sshd_config
save the file.
Fix the perms on the file:
chmod 755 90sshd
chgrp shell 90sshd
5. Start the init script and make sure it runs:
/data/local/userinit.d/90sshd
It should spit out some messages as it generates new keys and then return to a root prompt.
Now when the system is rebooted sshd should run and you should be able to ssh in. Here is how to set up the ssh client on your computer (this is for a shell environment like BASH):
1. Make sure you have already generated your ssh private/public keys on your client PC. Usually this is done with a command like:
ssh-keygen -t rsa
and results in the id_rsa and id_rsa.pub (private and public key) files being placed in ~/.ssh
2. Copy your id_rsa.pub to the CM10.1 device. For this example it is copied to /sdcard.
3. Go back to Terminal Emulator as root on the CM10.1 device and do the following:
cd /data/ssh (some question about this because on most Linux systems this file is always mode 600)
touch authorized_keys
chmod 644 authorized_keys
cat /sdcard/id_rsa.pub >> authorized_keys
You can do the same for any other public keys from other systems. The >> redirect makes sure it appends and not overwrites the existing contents of authorized_keys.
4. On your PC client you can put a stanza in ~/.ssh/config like the following:
Host galaxy
Hostname 192.168.0.10 (I set up a static IP on my router.)
User root
That’s it. You should be able to just type ssh galaxy on your PC and get a root terminal on the CM10.1 device.
Notes: thanks to the page “SSH server on CyanogenMod 10.1” at alainwolf.ch which went a long way in helping me breakthrough on how to set this up, especially regarding the custom init part.
If for some reason you have a problem and your device gets stuck in a boot loop (i.e. because the init script is doing something wrong) don’t despair. Just go into recovery and you can run adb to get a root shell. The /data partition should already be mounted so you can just delete the faulty init script and start over.
If you want to stop the sshd from running just use the command pkill sshd
Leave a Reply
You must be logged in to post a comment.