SSHD on LineageOS 14.1
As I’m currently switching phones I had to revisit the issue of how to get sshd running on a pristine LineageOS install. I decided to collect the steps here as the how-to formerly available on the CM wiki has vanished together with CM itself. Note that some steps are not incredibly detailed and you really should be aware of the security implications before going ahead with this.
Prerequisites
- a device with a current LineageOS 14.1 build installed
- USB debugging enabled
- root access (preferably by installing the official SU addon)
- if you want sshd to run automatically after boot, you have to be willing to install my little RunUserInit hack and allow it to acquire root privileges
Configuring SSHD
While LineageOS includes all necessary software, the configuration of sshd must be completed manually:
- Connect the device via USB
- Run adb with root privileges:
adb root - Upload your public ssh key to the device:
adb push ~/.ssh/id_rsa.pub /data/ssh/authorized_keys - Now, open a root shell and switch to bash to get vim to behave nicely on the device through adb:
adb shell
bash - Use cat or vim to make the following fragment the contents of /data/ssh/sshd_config:
AuthorizedKeysFile /data/ssh/authorized_keys
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitRootLogin no
Subsystem sftp internal-sftp
pidfile /data/ssh/sshd.pid - Place a modified version of the start script in the userinit.d directory:
mkdir /data/local/userinit.d
sed 's#/system/etc/ssh#/data/ssh#' /system/bin/start-ssh
> /data/local/userinit.d/99sshd - Now correct the file privileges:
chmod 755 /data/local/userinit.d/99sshd
chmod 600 /data/ssh/authorized_keys
chown shell /data/ssh/authorized_keys
chmod 644 /data/ssh/sshd_config
Running SSHD
Now you should be able to run sshd manually by executing
/data/local/userinit.d/99sshd
If so you can log on as user shell to the device using your ssh key. See my previous post to find out how you can make sure sshd is started whenever the device is booted.