Comments (5)
mkj
commented on July 18, 2024
It looks like it isn't reading /etc/passwd. I'm not sure where the shell is set for android, perhaps try adding /bin/sh to /etc/shells. Have a look at where the existing shell is running from the shell where you ran dropbear, I guess ps should work?
from dropbear.
biaocy
commented on July 18, 2024
Thank you for your response.
From the shell I ran dropbear, I check the existing shell by echo $0, it comes backsush, so I ran which sush, then I got /su/bin/sush, so I put /su/bin/sush in /etc/shells before.
Perhaps try adding
/bin/shto /etc/shells.
Wait a minute, I just bricked my device, I'll try that after I get my device back to normal.
from dropbear.
biaocy
commented on July 18, 2024
I got my device back to normal, and setup the environment like before.
My android device do not have /bin/sh, but have /system/bin/sh, and I checked echo $0 in adb shell, it comes back /system/bin/sh.
So I added /system/bin/sh to /etc/shells, the invalid shell issue was fix, but still can't ssh into my android device.
The dropbear daemon now log:
[7744] Jun 22 18:32:03 Child connection from 192.168.31.128:49982
[7744] Jun 22 18:32:04 Exit before auth from <192.168.31.128:49982>: (user 'root', 0 fails): Exited normallyAnd below is strace log from dropbear:
5054 [ Process PID=5054 runs in 32 bit mode. ]
5054 pselect6(7, [3 4], NULL, NULL, NULL, NULL) = 1 (in [4])
5054 accept4(4, {sa_family=AF_INET, sin_port=htons(49982), sin_addr=inet_addr("192.168.31.128")}, [128 => 16], 0) = 5
5054 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 6
5054 getsockopt(6, SOL_SOCKET, SO_DOMAIN, [1], [4]) = 0
5054 connect(6, {sa_family=AF_UNIX, sun_path="/dev/socket/fwmarkd"}, 110) = 0
5054 getsockopt(6, SOL_SOCKET, SO_DOMAIN, [1], [4]) = 0
5054 sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\0\0\0\0\0\0\0\0\0\0\0", iov_len=12}], msg_iovlen=1, msg_control=[{cmsg_len=16, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[5]}], msg_controllen=16, msg_flags=0}, 0) = 12
5054 recvfrom(6, "\0\0\0\0", 4, 0, NULL, NULL) = 4
5054 close(6) = 0
5054 openat(AT_FDCWD, "/dev/urandom", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "\222KHy\277\213\367\217\245\351n\t\351\302G\212\214\20Ll)\320\254\6\37\301\213\225\10\32\312\333", 32) = 32
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/timer_list", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "Timer List Version: v0.7\nHRTIMER"..., 4096) = 79
5054 read(6, "cpu: 4\n clock 0:\n .base: "..., 4096) = 4096
5054 read(6, "8 nsecs]\n #23: <0000000000000000"..., 4096) = 4096
5054 read(6, "8127560 nsecs [in 7750374699 to "..., 4096) = 4096
5054 read(6, "000000\n .index: 3\n .resol"..., 4096) = 4096
5054 read(6, "mode: 1\nPer CPU device: 5\nCl"..., 4096) = 1115
5054 read(6, "", 4096) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/interrupts", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, " CPU4 CPU5 "..., 4096) = 4031
5054 read(6, "200: 26 2 "..., 4096) = 4031
5054 read(6, "280: 514 130 "..., 4096) = 4051
5054 read(6, "521: 0 0 "..., 4096) = 941
5054 read(6, "", 4096) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/loadavg", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "5.17 4.97 3.45 1/1812 7743\n", 4096) = 27
5054 read(6, "", 4096) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/sys/kernel/random/entropy_avail", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "1246\n", 4096) = 5
5054 read(6, "", 4096) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/net/netstat", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "TcpExt: SyncookiesSent Syncookie"..., 4096) = 2140
5054 read(6, "", 1956) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/net/dev", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "Inter-| Receive "..., 4096) = 3136
5054 read(6, "", 960) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/net/tcp", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, " sl local_address rem_address "..., 4096) = 600
5054 read(6, "", 3496) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/net/rt_cache", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "Iface\tDestination\tGateway \tFlags"..., 4096) = 128
5054 read(6, "", 3968) = 0
5054 close(6) = 0
5054 openat(AT_FDCWD, "/proc/vmstat", O_RDONLY|O_LARGEFILE) = 6
5054 read(6, "nr_free_pages 365804\nnr_alloc_ba"..., 4096) = 1809
5054 read(6, "", 4096) = 0
5054 close(6) = 0
5054 gettimeofday({tv_sec=1655893923, tv_usec=940598}, NULL) = 0
5054 clock_gettime(CLOCK_PROCESS_CPUTIME_ID, {tv_sec=0, tv_nsec=283885113}) = 0
5054 openat(AT_FDCWD, "/dev/urandom", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 6
5054 fstat64(6, {st_mode=S_IFCHR|0666, st_rdev=makedev(0x1, 0x9), ...}) = 0
5054 ioctl(6, TCGETS, 0xffc18620) = -1 EINVAL (Invalid argument)
5054 getsockopt(6, SOL_SOCKET, SO_DOMAIN, 0xffc1860c, [4]) = -1 ENOTSOCK (Socket operation on non-socket)
5054 write(6, "\3642!\345\241\254\354\345\24\21d\235\244zh\326-\374\24\306\10\27K\360m_R\32\371\177\3302", 32) = 32
5054 close(6) = 0
5054 pipe2([6, 7], 0) = 0
5054 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xf73feb3c) = 7744
5054 close(7) = 0
5054 close(5) = 0
5054 pselect6(7, [3 4 6], NULL, NULL, NULL, NULL <unfinished ...>
7744 gettimeofday({tv_sec=1655893923, tv_usec=943456}, NULL) = 0
7744 getsockopt(2, SOL_SOCKET, SO_DOMAIN, 0xffc17d3c, [4]) = -1 ENOTSOCK (Socket operation on non-socket)
7744 write(2, "[7744] Jun 22 18:32:03 Child con"..., 66) = 66
7744 close(3) = 0
7744 close(4) = 0
7744 close(6) = 0
7744 fcntl64(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
7744 fcntl64(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
7744 setsockopt(5, SOL_IPV6, IPV6_TCLASS, [72], 4) = -1 ENOPROTOOPT (Protocol not available)
7744 setsockopt(5, SOL_IP, IP_TOS, [72], 4) = 0
7744 setsockopt(5, SOL_SOCKET, SO_PRIORITY, [6], 4) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=515920417}) = 0
7744 pipe2([3, 4], 0) = 0
7744 fcntl64(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
7744 fcntl64(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
7744 getpeername(5, {sa_family=AF_INET, sin_port=htons(49982), sin_addr=inet_addr("192.168.31.128")}, [128 => 16]) = 0
7744 sigaction(SIGCHLD, {sa_handler=0xab14ef60, sa_mask=[], sa_flags=SA_RESTORER|SA_NOCLDSTOP, sa_restorer=0xf7321548}, NULL) = 0
7744 getpeername(5, {sa_family=AF_INET, sin_port=htons(49982), sin_addr=inet_addr("192.168.31.128")}, [128 => 16]) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=520872240}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=521625834}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=522329323}) = 0
7744 pselect6(6, [3], [5], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (out [5], left {tv_sec=299, tv_nsec=999993177})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=523775417}) = 0
7744 getsockopt(5, SOL_SOCKET, SO_DOMAIN, [2], [4]) = 0
7744 getuid32() = 0
7744 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
7744 clock_gettime(CLOCK_BOOTTIME, {tv_sec=964, tv_nsec=421750626}) = 0
7744 getsockname(5, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("192.168.31.92")}, [28 => 16]) = 0
7744 futex(0xf720e030, FUTEX_WAKE_PRIVATE, 2147483647) = 0
7744 socket(AF_UNIX, SOCK_STREAM, 0) = 6
7744 connect(6, {sa_family=AF_UNIX, sun_path="/dev/socket/nims"}, 18) = 0
7744 socket(AF_UNIX, SOCK_STREAM, 0) = 8
7744 connect(8, {sa_family=AF_UNIX, sun_path="/dev/socket/dpmwrapper"}, 24) = 0
7744 sendmsg(8, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\2\0_\0\2\0\0\26\300\250\37\\\0\0\0\0\0\0\0\0\374X8\367\0\0\0\0\0\0\0\0"..., iov_len=95}], msg_iovlen=1, msg_control=[{cmsg_len=16, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[5]}], msg_controllen=16, msg_flags=0}, 0) = 95
7744 recvmsg(8, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\2\0\36\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", iov_len=30}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 30
7744 clock_gettime(CLOCK_BOOTTIME, {tv_sec=964, tv_nsec=428734428}) = 0
7744 writev(5, [{iov_base="SSH-2.0-dropbear_2022.82\r\n", iov_len=26}, {iov_base="\0\0\1\334\10\24\244lE\16\22\240\370\2151\344U1\343Y\346\202\0\0\0\273curve2"..., iov_len=480}], 2) = 506
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=535443125}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=999995313})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=536887240}) = 0
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999997083})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=538516459}) = 0
7744 read(5, "S", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999996666})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=541012032}) = 0
7744 read(5, "S", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993489})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=545085105}) = 0
7744 read(5, "H", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=548853282}) = 0
7744 read(5, "-", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=552646615}) = 0
7744 read(5, "2", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=556413073}) = 0
7744 read(5, ".", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=560183490}) = 0
7744 read(5, "0", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=563962552}) = 0
7744 read(5, "-", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=567723177}) = 0
7744 read(5, "O", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=571503542}) = 0
7744 read(5, "p", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993646})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=575264688}) = 0
7744 read(5, "e", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=579037709}) = 0
7744 read(5, "n", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=582943750}) = 0
7744 read(5, "S", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=586730157}) = 0
7744 read(5, "S", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993855})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=590510261}) = 0
7744 read(5, "H", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=594271511}) = 0
7744 read(5, "_", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=598467709}) = 0
7744 read(5, "8", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993438})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=602402969}) = 0
7744 read(5, ".", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=606175000}) = 0
7744 read(5, "4", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=610049063}) = 0
7744 read(5, "p", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=613809532}) = 0
7744 read(5, "1", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=617549219}) = 0
7744 read(5, " ", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993542})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=621089115}) = 0
7744 read(5, "D", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=624850886}) = 0
7744 read(5, "e", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=629040521}) = 0
7744 read(5, "b", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=632855365}) = 0
7744 read(5, "i", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993803})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=636646927}) = 0
7744 read(5, "a", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993750})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=640537032}) = 0
7744 read(5, "n", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993646})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=644295469}) = 0
7744 read(5, "-", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993698})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=648049532}) = 0
7744 read(5, "5", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=651853125}) = 0
7744 read(5, "\r", 1) = 1
7744 pselect6(6, [5], NULL, NULL, {tv_sec=1, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=0, tv_nsec=999993802})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=655607813}) = 0
7744 read(5, "\n", 1) = 1
7744 mmap2(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7100000
7744 prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, 0xf7100000, 262144, "libc_malloc") = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=660876927}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=999991980})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=663403907}) = 0
7744 read(5, "\0\0\5\344\n\24#\205", 8) = 8
7744 read(5, "\274\366g'^P\365\247.<\213\371m\304\0\0\0\361curve25519-sha"..., 1504) = 1504
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=667219636}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=668631667}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=999992032})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=671278854}) = 0
7744 read(5, "\0\0\0,\6\36\0\0", 8) = 8
7744 read(5, "\0 Z\344\240\351\366\314\343\262\0\252o\231\1#E\375\21\337\325\26\30\26pQ\221\326\304-w\234"..., 40) = 40
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=675074011}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=879791563}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=880846719}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=881619584}) = 0
7744 getsockopt(5, SOL_SOCKET, SO_DOMAIN, [2], [4]) = 0
7744 getuid32() = 0
7744 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
7744 clock_gettime(CLOCK_BOOTTIME, {tv_sec=964, tv_nsec=779629271}) = 0
7744 writev(5, [{iov_base="\0\0\2d\v\37\0\0\1\27\0\0\0\7ssh-rsa\0\0\0\3\1\0\1\0\0\1\1"..., iov_len=616}, {iov_base="\0\0\0\f\n\25\221\36!\315\376\332\341K\255\347", iov_len=16}, {iov_base="+H\337]\3404\24\200\307\264ib\342K\202T3\320\277d%\r}G\260\346k\317\277\36\36o"..., iov_len=220}], 3) = 852
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=886318021}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=981134948})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=907261823}) = 0
7744 read(5, "\0\0\0\f\n\25\0\0", 8) = 8
7744 read(5, "\0\0\0\0\0\0\0\0", 8) = 8
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=911410677}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=912849271}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=914097917}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=999989635})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=916647604}) = 0
7744 read(5, "A\\\270\351\265\251\371\246", 8) = 8
7744 read(5, "\243\v\276\311G\307OQ\337\251\302\2126o\36|\26\t\10\332\243\216e\206%\f6\276\307Y\237g"..., 36) = 36
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=920451042}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=921743646}) = 0
7744 getsockopt(5, SOL_SOCKET, SO_DOMAIN, [2], [4]) = 0
7744 getuid32() = 0
7744 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
7744 clock_gettime(CLOCK_BOOTTIME, {tv_sec=964, tv_nsec=821889323}) = 0
7744 writev(5, [{iov_base="\261\247%\242G\250\245\247gf[\307\34\204\30\361f\\O\37l\305\336Ag\340\363\277\235\303\232\311"..., iov_len=44}], 1) = 44
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=929686667}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=995890781})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=936411146}) = 0
7744 read(5, "\367\255t\255\10V\212\4", 8) = 8
7744 read(5, "%$g\346=\375\245\341\373R\245\37\314H\10\256\265\26d\244,\207\375\372\201\211\260\200pI\245\265"..., 52) = 52
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=940184323}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=941550365}) = 0
7744 geteuid32() = 0
7744 openat(AT_FDCWD, "/etc/shells", O_RDONLY|O_LARGEFILE) = 10
7744 fstat64(10, {st_mode=S_IFREG|0600, st_size=15, ...}) = 0
7744 fstat64(10, {st_mode=S_IFREG|0600, st_size=15, ...}) = 0
7744 read(10, "/system/bin/sh\n", 4096) = 15
7744 close(10) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=950451302}) = 0
7744 getsockopt(5, SOL_SOCKET, SO_DOMAIN, [2], [4]) = 0
7744 getuid32() = 0
7744 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
7744 clock_gettime(CLOCK_BOOTTIME, {tv_sec=964, tv_nsec=846604376}) = 0
7744 writev(5, [{iov_base="7\370\335\322)c*\236\237\361\214\314^<l\357\363\225P\26\323X\327\321\335\376\273u\16jMr"..., iov_len=44}], 1) = 44
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=952111719}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=994001094})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=960082865}) = 0
7744 read(5, "\275\4\347\37hH^\346", 8) = 8
7744 read(5, "\357\273\2641\360\316\270\246\250P\311\347\271\217\353\366\311i\374\230\263i\25\214\235\272\265\237\305\201.C"..., 620) = 620
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=963993125}) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=965229323}) = 0
7744 geteuid32() = 0
7744 openat(AT_FDCWD, "/etc/shells", O_RDONLY|O_LARGEFILE) = 10
7744 fstat64(10, {st_mode=S_IFREG|0600, st_size=15, ...}) = 0
7744 fstat64(10, {st_mode=S_IFREG|0600, st_size=15, ...}) = 0
7744 read(10, "/system/bin/sh\n", 4096) = 15
7744 close(10) = 0
7744 getuid32() = 0
7744 getgid32() = 0
7744 setresgid32(-1, 0, -1) = 0
7744 setresuid32(-1, 0, -1) = 0
7744 fstatat64(AT_FDCWD, "/", {st_mode=S_IFDIR|S_ISVTX|0755, st_size=1460, ...}, 0) = 0
7744 fstatat64(AT_FDCWD, "//.ssh", 0xffc183e8, 0) = -1 ENOENT (No such file or directory)
7744 setresuid32(-1, 0, -1) = 0
7744 setresgid32(-1, 0, -1) = 0
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=984322761}) = 0
7744 getsockopt(5, SOL_SOCKET, SO_DOMAIN, [2], [4]) = 0
7744 getuid32() = 0
7744 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0
7744 clock_gettime(CLOCK_BOOTTIME, {tv_sec=964, tv_nsec=884861719}) = 0
7744 writev(5, [{iov_base="\311\362y\6\220\377\264\372\361\313CXJ\\\f.\267\255\315Q(]&OeAc*v\342\246\324"..., iov_len=44}], 1) = 44
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=950, tv_nsec=992423281}) = 0
7744 pselect6(6, [3 5], [], NULL, {tv_sec=300, tv_nsec=0}, NULL) = 1 (in [5], left {tv_sec=299, tv_nsec=992197135})
7744 clock_gettime(CLOCK_MONOTONIC, {tv_sec=951, tv_nsec=2757084}) = 0
7744 read(5, "", 8) = 0
7744 close(5) = 0
7744 gettimeofday({tv_sec=1655893924, tv_usec=447704}, NULL) = 0
7744 getsockopt(2, SOL_SOCKET, SO_DOMAIN, 0xffc17804, [4]) = -1 ENOTSOCK (Socket operation on non-socket)
7744 write(2, "[7744] Jun 22 18:32:04 Exit befo"..., 109) = 109
7744 futex(0xf73895b4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ|PROT_WRITE) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ) = 0
7744 close(0) = 0
7744 close(1) = 0
7744 close(2) = 0
7744 futex(0xf7382640, FUTEX_WAKE_PRIVATE, 2147483647) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ|PROT_WRITE) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ|PROT_WRITE) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ|PROT_WRITE) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ|PROT_WRITE) = 0
7744 mprotect(0xf73b4000, 4096, PROT_READ) = 0
7744 munmap(0xf73b4000, 4096) = 0
7744 exit_group(0) = ?
7744 +++ exited with 0 +++
5054 <... pselect6 resumed>) = 1 (in [6])
5054 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7744, si_uid=0, si_status=0, si_utime=21, si_stime=0} ---
5054 wait4(-1, NULL, WNOHANG, NULL) = 7744
5054 wait4(-1, NULL, WNOHANG, NULL) = -1 ECHILD (No child processes)
5054 sigaction(SIGCHLD, {sa_handler=0xab151694, sa_mask=[], sa_flags=SA_RESTORER|SA_NOCLDSTOP, sa_restorer=0xf7321548}, NULL) = 0
5054 sigreturn({mask=[]}) = 1
5054 close(6) = 0
5054 pselect6(7, [3 4], NULL, NULL, NULL, NULLThe ssh command report the same log as before, and I add -vv to the command to generate more verbose log:
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data <home path>/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname <android's ip> is address
debug2: ssh_connect_direct
debug1: Connecting to <android's ip> [<android's ip>] port 22.
debug1: Connection established.
debug1: identity file <home path>/.ssh/id_4_android type 0
debug1: identity file <home path>/.ssh/id_4_android-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version dropbear_2022.82
debug1: no match: dropbear_2022.82
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <android's ip>:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected]
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,[email protected]
debug2: host key algorithms: rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: [email protected],aes128-ctr,aes256-ctr
debug2: ciphers stoc: [email protected],aes128-ctr,aes256-ctr
debug2: MACs ctos: hmac-sha1,hmac-sha2-256
debug2: MACs stoc: hmac-sha1,hmac-sha2-256
debug2: compression ctos: [email protected],none
debug2: compression stoc: [email protected],none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:RVDNUx8rdZBumHXkFTrel2kFltT3lBcwR8cKthsFiy4
debug1: Host '<android's ip>' is known and matches the RSA host key.
debug1: Found key in <home path>/.ssh/known_hosts:23
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: <home path>/.ssh/id_4_android RSA SHA256:VelJsFZErj9lKQVgrGBL0bu7GlfEzyrd7ABE68+LiAQ explicit
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],rsa-sha2-256,ssh-rsa,ssh-dss>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: <home path>/.ssh/id_4_android RSA SHA256:VelJsFZErj9lKQVgrGBL0bu7GlfEzyrd7ABE68+LiAQ explicit
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
root@<android's ip>: Permission denied (publickey).from dropbear.
biaocy
commented on July 18, 2024
7744 fstatat64(AT_FDCWD, "/", {st_mode=S_IFDIR|S_ISVTX|0755, st_size=1460, ...}, 0) = 0
7744 fstatat64(AT_FDCWD, "//.ssh", 0xffc183e8, 0) = -1 ENOENT (No such file or directory)
Finally, I found the issue.
After I added the correct shell, which is /system/bin/sh, to the file /etc/shells.
Then the strace log above indicate the .ssh directory missing, so I move the .ssh directory from /root/.ssh to /.ssh.
After that, the dropbear daemon shows Pubkey auth succeeded for 'root' , but can't allocate a pty due to some reason I don't know.
But I ran ssh -i <key> root@<device's ip> /system/bin/sh -i, so that the shell can run interactively.
It works like a charm, after some PATH env modification.
Again, thank you very much for creating this wonderful project, and provided much helpful responses.
from dropbear.
mkj
commented on July 18, 2024
7744 fstatat64(AT_FDCWD, "//.ssh", 0xffc183e8, 0) = -1 ENOENT (No such
file or directory)
That looks like it isn't finding the home directory to use for the
authorized_keys, it should be /root/.ssh or similar.
Another repo has a patch to add some flags to specify authorized_keys,
though I haven't tried it myself. It would require compiling though.
https://github.com/ubiquiti/dropbear-android/blob/master/android-compat.patch
from dropbear.
Related Issues (20)
- How limit maxsession per user ? HOT 1
- Invalid signature key type allows to trigger an assertion via remote HOT 4
- SSH command execution will overwrite stderr HOT 2
- dropbear hangs when bringing down secondary network interface HOT 3
- Deprecate DSA/DSS support HOT 5
- Feature request: Add support for /etc/nologin
- OpenSSH Client(but not dbclient) connection times out HOT 6
- Building with glibc-1.31+ HOT 4
- cant use -i options!! HOT 1
- build error when SK_KEYS is set and only one of ECDSA or ED25519 HOT 4
- configure --disable-plugin will actually enable it
- musl build fails with --disable-pututline HOT 4
- error: 'struct AuthState' has no member named 'pubkey_options' HOT 1
- Dropear on musl uses utmp/wtmp invalidated paths from paths.h HOT 1
- Request: disable weak and suspect crypto HOT 3
- Does it support Windows? HOT 1
- compression issue
- Noob question: I want to change host key on my Remarkable 2 tablet HOT 2
- Feature request: Certificate-based SSH logins HOT 1
- ssh-audit result for dropbear 2022.83 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dropbear.