As I’m currently switching phones I had to revisit the issue of how to get sshd running on a pristine LineageOS install. I decided to collect the steps here as the how-to formerly available on the CM wiki has vanished together with CM itself. Note that some steps are not incredibly detailed and you really should be aware of the security implications before going ahead with this.
Prerequisites
- a device with a current LineageOS 14.1 build installed
- USB debugging enabled
- root access (preferably by installing the official SU addon)
- if you want sshd to run automatically after boot, you have to be willing to install my little RunUserInit hack and allow it to acquire root privileges
Configuring SSHD
While LineageOS includes all necessary software, the configuration of sshd must be completed manually:
- Connect the device via USB
- Run adb with root privileges:
adb root - Upload your public ssh key to the device:
adb push ~/.ssh/id_rsa.pub /data/ssh/authorized_keys - Now, open a root shell and switch to bash to get vim to behave nicely on the device through adb:
adb shell
bash - Use cat or vim to make the following fragment the contents of /data/ssh/sshd_config:
AuthorizedKeysFile /data/ssh/authorized_keys
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitRootLogin no
Subsystem sftp internal-sftp
pidfile /data/ssh/sshd.pid - Place a modified version of the start script in the userinit.d directory:
mkdir /data/local/userinit.d
sed 's#/system/etc/ssh#/data/ssh#' /system/bin/start-ssh \
> /data/local/userinit.d/99sshd - Now correct the file privileges:
chmod 755 /data/local/userinit.d/99sshd
chmod 600 /data/ssh/authorized_keys
chown shell /data/ssh/authorized_keys
chmod 644 /data/ssh/sshd_config
Running SSHD
Now you should be able to run sshd manually by executing
/data/local/userinit.d/99sshd
If so you can log on as user shell to the device using your ssh key. See my previous post to find out how you can make sure sshd is started whenever the device is booted.
Nice tutorial
I battled with this for a while, but eventually started sshd in debug to see why I couldn’t connect. It was permissions on /data
Not wanting to make /data more restrictive, I set StrictMode to no in the config.
Anyone got a better approach?
Hello,
thank you for your tutorial! I have set up SSHD on my Fairphone 2 with LineageOS 15.1 by your tutorial, but all attempts to log in ended up with the message “Permission denied (publickey).”. It seems that there is something with the permission settings of the file authorized_keys or, most likely, with the directories above it, that the server doesn’t like.
So I added the line “StrictModes no” to sshd_config and I can log in since.
Your tutorial is based on LineageOS 14.1. Is this issue caused by a difference between the permission settings of 14.1 and 15.1? I did not make any changes to them.
With best regards
Rolf Lucius
Sorry for the latency, just ran the procedure on a new phone with Lineage 17 and it works just fine. The only thing that didn’t work right away was getting a root shell through “adb root”, but using su from an unprivileged shell worked fine.