CM7 DroidSSHd - how to setup with passwords - Defy General

Hello,
I just tried to set up DroidSSHd with the aim to backup my phone using rsync.
There is an option to set a password which I did but when I connect via a Windows machine/CopSSH/Putty the password will be ignored; so everybody can just connect to my phone, which is kind of a security disaster.
Is there something I have to do to get this working?
My steps so far (without much knowledge of command lines):
- created a set of ssh-keys using Putty
Code:
ssh-keygen
- copied the public key to /sdcard/authorized_keys/
- opened DroidSSHd and created a profile with root-access (didn't connect w/o), entered a password, chose the public key, changed the port to 22
- now user name is "root" and the service is running
- open Putty, and enter
Code:
ssh [email protected][IPADRESS]
>>password: [ENTER]
Ready to rock. BUT anyone can access my phone!
How do I set a password for DroidSSHd?
thx

Seems its not possible or I'm the only one facing that problem.

-Y <passsword> in the dropbear cmdline
this password is hidden from /proc/xxx/cmdline and ps
else there is the public key method, which doesnt require password if your client is "authorized" by SSH
Code:
ssh [email protected] -p 2222
The authenticity of host '[192.168.10.245]:2222 ([192.168.10.245]:2222)' can't be established.
RSA key fingerprint is c8:8f:61:2b:14:67:a5:62:50:02:39:3d:ad:ec:15:0d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.10.245]:2222' (RSA) to the list of known hosts.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:

will try. thx a bunch. you are a really busy guy. i'm totally impressed.
Motorola Defy CM7RC1. 5, german Froyo base

Related

[Q] XDMCP connection

Does anybody know of an app with which I can remotely control an UX desktop(XDMCP connection).
thank you
Is xdmcp a must? If not, android-vnc should do the job
Sent from my HDfied HTC Desire
I tried android vnc but I could not connect.
Thread moved to Q&A.
Connect androidvnc to linux xdmcp with multi user access via xinetd
I have finally accomplished this in Linux Mint 13
Step 1: install tightvncserver
sudo apt-get install tightvncserver
Step 2: install xinetd if not already installed
sudo apt-get install xinetd
Step 3: configure xinetd
sudo gedit /etc/xinetd.d/vnc-1
paste this into editor and save
service vnc-1
{
disable = no
socket_type =stream
protocol =tcp
wait =no
user =nobody
server =/usr/bin/Xvnc
server_args = :1 -inetd -query localhost -geometry 1280x800 -depth 16 -once -rfbport 5901
# the server_args value may need -securitytypes=none
# to stop the remote vncviewer being prompted for a vnc
# password instead of the MDM Login prompt.
}
Step 4: Add the service
paste this at the bottom of the list above the #Local Services mark
vnc-1 5901/tcp # vnc session 1
Step 5: Configure xdmcp on host computer
under the menu -> Administration -> Login Window
under general tab uncheck Disable multiple logins for a single user
under remote tab select same as local
then hit the button saying configure xdmcp
make sure there it is check marked
under security tab uncheck deny tcp connections to Xserver
and in permissions i would allow all access
reboot and connect your vnc client

[Q] OpenVPN Connect setup

Hi
I've got a paid VPN from ProXPN and I'm trying to set it up on my HTC One X using the official OpenVPN Connect app.
Copied my *.ovpn, *.crt and *.key files over from my laptop to the device, but get the following error:
"Error Parsing OpenVPN profile : ProXPN.ovpn : option_error: remote option not specified"
Does anyone know what I'm doing wrong, please?
Thanks
Rob
P.S. Not a huge issue if I can't get it working, as I'll just use the built-in VPN via pptp, but hopefully I'll be able to sort this out.
Rushey_Platt said:
Hi
I've got a paid VPN from ProXPN and I'm trying to set it up on my HTC One X using the official OpenVPN Connect app.
Copied my *.ovpn, *.crt and *.key files over from my laptop to the device, but get the following error:
"Error Parsing OpenVPN profile : ProXPN.ovpn : option_error: remote option not specified"
Does anyone know what I'm doing wrong, please?
Thanks
Rob
P.S. Not a huge issue if I can't get it working, as I'll just use the built-in VPN via pptp, but hopefully I'll be able to sort this out.
Click to expand...
Click to collapse
Judging by the error message I would say that your config file contains a typo or the line that specifies the remote address to connect to is missing or misformed.
http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote my-server-1 1194
Click to expand...
Click to collapse
And http://openvpn.net/index.php/open-source/documentation/howto.html#examples
Obviously you cannot copy paste the examples . Can you not get a ready made ovpn config file from those ProXPN dudes?
If this config file contains no sensitive information you could post it here for a quick syntax check?
pakjebakmeel said:
If this config file contains no sensitive information you could post it here for a quick syntax check?
Click to expand...
Click to collapse
I don't think any of this is sensitive (hopefuly!) so here it is:
Code:
client
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ssl/ca.crt
cert ssl/client.crt
key ssl/client.key
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass
reneg-sec 0
route-method exe
route-delay 1 10
route-metric 512
route 0.0.0.0 0.0.0.0
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failure
;http-proxy [proxy server] [proxy port #]
So yes, you're missing the 'remote' statement in your config file.. Client doesn't know to which server it has to connect if this line is omitted.
That explains.
Also, this config looks like a config for a Windows client. Can you not just use a prefab config file for linux?
Think this is what you're on about: http://www.proxpn.com/ ?
I don't know this service but maybe use something like this: http://downgoat.net/2013/04/20/proxpn-openvpn-on-linux-configuration/
client
dev tun
proto tcp
remote uk.proxpn.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher BF-CBC
keysize 512
comp-lzo
verb 3
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass
reneg-sec 0
redirect-gateway def1
Click to expand...
Click to collapse
Also, it uses this config to connect to VPN but you still need to provide a username and password because of the auth-user-pass statement. I've not seen this option in my Android client but maybe it appears on the connection preferences when it sees this statement? Or maybe it will ask you upon connecting.. Not sure but try this and see if you get an option to configure username and pass or whether it asks you upon connecting..
Make sure the ca.crt, client.crt and client.key files are in the same folder as the ovpn config file. I use /sdcard/openvpn.
If you get stuck enable logging on the connection and post that. (AFTER YOU HAVE REMOVED ANY SENSITIVE INFORMATION).
Great, thanks, that tip enabled me to successfully import the linux-based profile.
After import I was indeed asked for a username and password, and then it connected to ProXPN. However, it then got stuck in some sort of connect / disconnect loop, with the disconnect message disappearing so fast I can't actually read what it says!
Rob
Rushey_Platt said:
Great, thanks, that tip enabled me to successfully import the linux-based profile.
After import I was indeed asked for a username and password, and then it connected to ProXPN. However, it then got stuck in some sort of connect / disconnect loop, with the disconnect message disappearing so fast I can't actually read what it says!
Rob
Click to expand...
Click to collapse
Enable logging, that's what it's for.
Some loops are terminating because of session invalidated; others because of a transport error.
Rushey_Platt said:
Some loops are terminating because of session invalidated; others because of a transport error.
Click to expand...
Click to collapse
Maybe if you post the full log file we can see what's happening. As I don't know what the correct settings should be for this provider it makes it harder to troubleshoot.

"Failed to create the account" ActiveSync error

Trying to set up HTC One M8 (Verizon) with my corporate ActiveSync account and having a miserable time.
1. I go to Settings-> Accounts & Sync -> + -> "Exchange ActiveSync" -> Manual Setup
2. I enter all my settings and credentials (see Screen1)
3. The device checks my credentials with the server (I see it in the server logs) and presents me with Screen 2. I click Next.
4. I type a name of my ActiveSync account and click "Finish Setup". This is when I typically get a prompt that I need to allow this device to be controlled by ActiveSync policy, etc (on other devices).
5. I get an error "Failed to create the account. Please try again later" (see Screen 4).
Exchange server logs indicate that the provisioning is not occurring (Code 142 stands for "DeviceNotProvisioned").
RequestBody :
<?xml version="1.0" encoding="utf-8" ?>
<Settings xmlns="Settings:">
<DeviceInformation>
<Set>
<Model>HTC6525LVW</Model>
<OS>Android 4.4.2</OS>
<FriendlyName>HTC6525LVW</FriendlyName>
<IMEI>************8858</IMEI>
<PhoneNumber>Not Available</PhoneNumber>
</Set>
</DeviceInformation>
</Settings>
AccessState :
Blocked
AccessStateReason :
Policy
ResponseHeader :
HTTP/1.1 200 OK
MS-Server-ActiveSync: 15.0
ResponseBody :
<?xml version="1.0" encoding="utf-8" ?>
<Settings xmlns="Settings:">
<Status>142</Status>
</Settings>
ResponseTime :
06/10/2014 22:08:48
A few more pieces of info:
* I have a Nexus 10 tablet running 4.4.3, an Asus P1801 tablet running 4.2.1 and a Moto X phone running 4.4.2 - all devices work perfectly with the same settings/credentials.
* We have both Exchange 2013 and Exchange 2007 servers and I tried using an account on both - getting the same error.
* Our default Exchange policy requires device encryption, but I created several test policies that do not require either passwords or encryption - getting the same error.
* Our ActiveSync policies allow non-provisionable devices.
* I am using client certificates (issued by a private corporate CA) for ActiveSync authentication.
I tried to call Verizon and HTC - both support organizations are clueless. I cant even see email debug logs on the device because HTC's proprietary email client does support enabling debugging (via using [email protected] username).
Please help. I really like this phone, but without ActiveSync email support its as good as a doorstop to me, so I will have to return it.
try to put in "master" for domain (without the "")
GermanGuy said:
try to put in "master" for domain (without the "")
Click to expand...
Click to collapse
I tried what you suggested and could not even get past Screen 2 (where I type in my credentials). I get an error "Authentication failed. Please verify username and/or password.
This makes sense because my ActiveDirectory domain name is different.
Hi,
I've updated my firmware today to enable the new HTC software, the mail app has been updated to 8.1.810518 and you can now proceed past this error.
It warns you that policies will need to be applied to the Exchange server, however I had this working on my HTC One M7, I'm an Exchange Domain Admin and I can now bin off that bloody aweful Airwatch client
Regards,
Jim

Will this work for VPN...?

Install openvpn and then place your edited client vpn config files and certificate files on the storage of FireTV similar to the raspberry pi method in the thread below:
h**p xbmchub.com/forums/threads/24769-How-to-set-up-your-VPN-on-raspberry-pi-using-Brain-Hornsby-Openvpn-for-XBMC
Thanks for anyone that may know more than me that could maybe get this to work...
Hmm would be nice if that worked. Did u get a chance to try it?
Sent from my Nexus 5 using XDA Free mobile app
tdfsu said:
h**p xbmchub.com/forums/threads/24769-How-to-set-up-your-VPN-on-raspberry-pi-using-Brain-Hornsby-Openvpn-for-XBMC
Click to expand...
Click to collapse
I'm working on something like this just now. Here's the thing: in my logs for the simplest openvpn app to install (not straight openvpn, it turns out, as there's a windowing issue there that makes it difficult / impossible to navigate through setup, even with a keyboard and Droidmote) once I have a config, I get errors in logcat informing me
"Your image does not support the VPNService API, sorry "
There is a manually installable openvpn binary that I've looked at a bit but not yet configured. It is going to require adding a binary to /system/xbin directly, as the installer (at least on my phone) does not understand where /system/xbin really lives and issues a remount command to a nonexistent partition.
If you're running dd-wrt or similar configurable firewall, another option is to get an account with a provider who is set up to let you do a firewall to firewall connection, and then route either all of your traffic or the traffic from your firetv through that firewall-to-firewall connection.
I have a Private Internet Access vpn account.
Installed openvpn on FireTV--
http play.google.com/store/apps/details?id=de.schaeuffelhut.android.openvpn.installer&hl=en
Installed busybox on FireTV--
http play.google.com/store/apps/details?id=stericson.busybox&hl=en
I created a pass.txt file with my PIA username on the first line and password on the second line, nothing else, then saved the file as a text file (pass.txt).
Download the following to PC--
http privateinternetaccess.com/openvpn/openvpn.zip
Extracted the zip file.
Edited the location specific .ovpn file (see below), changing the 'remote', 'ca', 'crl' and 'auth' lines to the following--
client
dev tun
proto udp
remote us-florida.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /storage/sdcard0/openvpn/ca.crt
tls-client
remote-cert-tls server
auth-user-pass /storage/sdcard0/openvpn/pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify /storage/sdcard0/openvpn/crl.pem
Then, save the USFlorida.ovpn file.
Upload ca.crt, crl.pem, pass.txt, and .ovpn file to FireTV to /storage/sdcard0/openvpn/
Open terminal on FireTV. I use jackpal's terminal app below, but you can also use adb.
http play.google.com/store/apps/details?id=jackpal.androidterm
In terminal, type the following--
su
openvpn cd /storage/sdcard0/openvpn/USFlorida.ovpn
But I get several errors. Anyway, that's where I'm at. Maybe someone else more knowledgeable than me can figure it out. Sorry about the links, my low post-count will not allow me to post url's.
Also, you can sideload the following app to verify your external ip address, and it works great with the FireTV remote--
http play.google.com/store/apps/details?id=igit.WhatIsMyIp
The approach you've taken is where I'd be headed next on the client side.
One thing you might want to try is to do the same setup a less locked-down device and confirm that the config files work as expected there.
There's also a good discussion of the hardware approach (setting up a tunnel from your edge to a VPN provider) in the other VPN thread, http://forum.xda-developers.com/showthread.php?t=2797005
also, private internet access will sell a preconfigured router for this purpose!

Make a phone encrypted with Lineage OS see a file as unencrypted (for Termux)

Introduction:
Hello smarter people. I've been trying to run an ssh server on my phone. My phone is encrypted with the standard tools provided by Lineage OS. I believe the phone's encryption is causing the ssh daemon to loose access to the file found in /data/data/com.termux/files/home/.ssh/authorized_keys (reasoning in My Possible Solution and Question section). If I could make this file unencrypted somehow, it would likely solve the issue and allow me to ssh into my phone's server from my Ubuntu machine (or at least let me start troubleshooting further arising issues. ).
I know the version of Lineage OS that I am using is unofficial, but if this is possible, it should be the same process.
Specific Technologies:
Unofficial Lineage OS Android 8.0.0 on Moto G5 Plus..
This phone is encrypted using the encryption tool found at Settings --> Security & Location --> Encryption & credentials --> Encrypt phone
Using the latest version of the Termux application installed through the Google Play store.
Using the latest version of the openssh package installed through through Termux's apt package manager.
Specific Problem
I am familiar with setting up ssh servers, so I believe I did the configuration correctly. Since this was on my phone and I wanted manual control, I installed openssh through Termux's apt package manager, appended my public key to the ~.ssh/authorized_hosts file (the only thing in the file), started the daemon with sshd, and finally ssh'ed in from my Ubuntu computer. Here is a link on how to do this from Termux.
On my Ubuntu computer I get this:
Code:
[email protected]:~$ ssh 192.168.0.101 -p 8022
Permission denied (publickey,keyboard-interactive).
When viewing the logs with logcat -s 'syslog:*' I get the following output:
Code:
12-24 16:29:01.209 13972 13972 I syslog : sshd - Server listening on :: port 8022.
12-24 16:29:01.210 13972 13972 I syslog : sshd - Server listening on 0.0.0.0 port 8022.
12-24 16:29:52.029 14131 14131 I syslog : /data/data/com.termux/files/usr/bin/sshd - Connection closed by authenticating user myusername 192.168.0.123 port 59614
My Possible Solution and Question
Based on a few hours of troubleshooting I believe that since my phone is encrypted, the ssh daemon cannot read the authorized_keys file correctly, or some other issue origination from the phone's encryption to the authorized_keys file. I found someone having a similar issue at this link, which is why I believe the encryption is the source of the problem. Unfortunately the encrypted environment that was causing them issues was on a CentOS server with an encrypted home folder and mine is on a Lineage OS phone with pretty much total encryption(?).
If you were wondering if the solution posted to the link above works, here is the log output:
Code:
[12-24 17:00:00.768 17585 17585 I syslog : /data/data/com.termux/files/usr/bin/sshd - Authentication refused: bad ownership or modes for directory /data/data
12-24 17:00:02.146 17585 17585 I syslog : /data/data/com.termux/files/usr/bin/sshd - Connection closed by authenticating user myusername 192.168.0.123 port 59760
I do not believe a change in that /data/data directory's permissions would stop the root error as the full path to each authorized_keys file is /data/data/com.termux/files/home/.ssh/authorized_keys and /data/data/com.termux/files/usr/etc/ssh/mytermuxusername/authorized_keys which are both contained in the /data/data directory.
Does anyone know how to make my authorized_key file unencrypted on Lineage OS (just for Termux) by either moving it to a non encrypted directory or through some other, fancier means? I would love to hear how to do this. Or if you have identified a different source of the issue, that would be equally appreciated!
I know this is old, but it really might be the permissions.
I do not have enabled encryption on the phone I use ssh on, however, but you could try it.
A very similar issue happened to me, so I created a bug report (BUGBASH-2624 on lineageos' jira, I may not post links yet)
tl;dr: Try setting
Code:
StrictModes no
in /etc/ssh/sshd_config (or whatever implementation you use, that's where stock lineage has its config file) and restart sshd. This might not be a permanent solution, but at least it lets you rule out what the actual problem is.

Categories

Resources