├── META-INF └── com │ └── google │ └── android │ ├── update-binary │ └── updater-script ├── README.md ├── arch ├── arm │ ├── bin │ │ ├── rsync │ │ ├── scp │ │ ├── sftp │ │ ├── sftp-server │ │ ├── ssh │ │ ├── ssh-keygen │ │ └── sshd │ └── lib │ │ └── libcrypto.so ├── arm64 │ ├── bin │ │ ├── rsync │ │ ├── scp │ │ ├── sftp │ │ ├── sftp-server │ │ ├── ssh │ │ ├── ssh-keygen │ │ └── sshd │ └── lib │ │ └── libcrypto.so ├── x86 │ ├── bin │ │ ├── rsync │ │ ├── scp │ │ ├── sftp │ │ ├── sftp-server │ │ ├── ssh │ │ ├── ssh-keygen │ │ └── sshd │ └── lib │ │ └── libcrypto.so └── x86_64 │ ├── bin │ ├── rsync │ ├── scp │ ├── sftp │ ├── sftp-server │ ├── ssh │ ├── ssh-keygen │ └── sshd │ └── lib │ └── libcrypto.so ├── common ├── magisk_ssh_library_wrapper ├── opensshd.init ├── service.sh └── sshd_config ├── install.sh ├── module.prop └── uninstall.sh /META-INF/com/google/android/update-binary: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | # This is a dummy file that should be replaced with a proper installer script 3 | 4 | # If you are creating a module locally for personal usage or testing, 5 | # download the script in the following URL: 6 | # https://github.com/topjohnwu/Magisk/blob/master/scripts/module_installer.sh 7 | # And replace this script with the downloaded script 8 | 9 | # Error, this script should always be replaced 10 | exit 1 11 | -------------------------------------------------------------------------------- /META-INF/com/google/android/updater-script: -------------------------------------------------------------------------------- 1 | #MAGISK 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | MagiskSSH 2 | ========= 3 | 4 | This is an SSH server running as root using the great Magisk systemless root suite. It includes binaries for arm, arm64, x86, x86_64. However, only arm64 has been tested at all. It requires Android API version 24 or higher (Android 7.0 Nougat and higher). 5 | 6 | ## Included software 7 | 8 | * [OpenSSL 3.1.0](https://www.openssl.org/) (only needed for its libcrypto) 9 | * [OpenSSH 9.3p2](https://www.openssh.com/) 10 | * [Rsync 3.2.7](https://rsync.samba.org/) 11 | * [Magisk Module Installer](https://github.com/topjohnwu/magisk-module-installer) 12 | 13 | ## Installation 14 | 15 | Download the zip file and install it via the Magisk Manager app. Once this module is available in the Magisk module repository, you can just install it from there. 16 | 17 | ## Configuration 18 | 19 | SSH keys can be put into `/data/ssh/root/.ssh/authorized_keys` and `/data/ssh/shell/.ssh/authorized_keys` using your favorite method of editing files. 20 | Note that this file must be owned by the respective user and should have `600` permissions (owner: rw, everyone else: nothing). 21 | 22 | The sshd configuration file in `/data/ssh/sshd_config` can be edited as well, but please be aware that some features usually present in an OpenSSH installation may be missing. Most importantly, password login is not possible using this package. 23 | 24 | The ssh daemon automatically starts on device boot. If this is undesired, you can create a file `/data/ssh/no-autostart`. It will not start the service then. 25 | 26 | ## Usage 27 | 28 | Once you have written a valid SSH public key into an `authorized_keys` file (see section 'Configuration' above), you can connect to the device using `ssh shell@` (unprivileged access) or `ssh root@` (privileged access), while supplying the correct private key. You will drop into a shell on the device. sftp and rsync should work as usual. 29 | 30 | If you want to manually start/stop the sshd-service, you may do so using `/data/adb/modules/ssh/opensshd.init start` and `/data/adb/modules/ssh/opensshd.init stop`. This is usually not necessary but may be useful if you use the `no-autostart` file described earlier. 31 | Note that the `opensshd.init` script may be in a different place on your device. Magisk explicitly does not give any guarantees about the install location and is free to change it. 32 | 33 | ## Uninstallation 34 | 35 | Uninstalling the module via the Magisk Manager should also delete the `/data/ssh` directory. 36 | This contains the host keys for the SSH server and the home directories for the SSH users. 37 | Thus, uninstalling via the Manager should get rid of all traces of this module. 38 | 39 | If you wish to keep the runtime data for a later reinstallation of the module, create a file `/data/ssh/KEEP_ON_UNINSTALL` and the uninstaller will skip this step. 40 | 41 | ## Contributing 42 | 43 | Please don't file Pull Requests against the module repository. The module building is an automated process and will overwrite any changes to the files in the module repository. 44 | Feel free to create a Merge Request against the [source repository](https://gitlab.com/d4rcm4rc/MagiskSSH), instead. 45 | 46 | ## License 47 | 48 | [GPL v3](https://gitlab.com/d4rcm4rc/MagiskSSH/blob/master/LICENSE) 49 | 50 | ## Links 51 | 52 | [Source Code Repository](https://gitlab.com/d4rcm4rc/MagiskSSH) 53 | 54 | ## Changelog 55 | 56 | ###### 2023-07029, v0.16 57 | 58 | - Adress CVE-2023-38408, even though we don't ship the affected agent. 59 | - Version bump. 60 | - OpenSSH 9.3p2 61 | 62 | ###### 2023-03-26, v0.15 63 | 64 | - Version bump. 65 | - OpenSSL 3.1.0 66 | - OpenSSH 9.3p1 67 | - Rsync 3.2.7 68 | - Drop mips and mips64 support 69 | - Build using NDK r25c, simplify building and updating a bit 70 | - Shrink package (strip binaries, use stronger compression) 71 | - Add updateJson mechanism for updating on Magisk v24 and later (thanks tamas646) 72 | 73 | ###### 2022-02-19, v0.14 74 | 75 | - Add uninstaller script (see section 'Uninstallation') (thanks cl-ement05 and osm0sis) 76 | - Use user handles instead of names for credits (thanks osm0sis) 77 | - Ensure correct home directory permissions on install (thanks nazar-pc) 78 | - Put temp files into /data/local/tmp instead of /tmp (thanks F-i-f) 79 | 80 | ###### 2022-02-19, v0.13 81 | 82 | - Version bump. 83 | - OpenSSL 3.0.1 84 | - OpenSSH 8.8p1 85 | - Magisk installer v24.1 86 | 87 | ###### 2021-04-30, v0.12 88 | 89 | - Version bump. 90 | - OpenSSL 1.1.1k 91 | - OpenSSH 8.6p1 92 | - Rsync 3.2.3 93 | - Magisk installer v22.1 94 | - Fix build repository's commit hash bleeding into rsync --version 95 | - Properly set library path for rsync (thanks adorkablue) 96 | 97 | ###### 2020-07-18, v0.11 98 | 99 | - Version bump. 100 | - OpenSSL 1.1.1g 101 | - OpenSSH 8.3p1 102 | - Rsync 3.2.2 103 | - Magisk installer v20.4 104 | 105 | ###### 2019-11-26, v0.10 106 | 107 | - Version bump. 108 | - OpenSSL 1.0.2t 109 | - OpenSSH 8.1p1 110 | - Magisk installer v20.1 111 | 112 | ###### 2019-04-06, v0.9 113 | 114 | - Remove downloading Magisk template, directly include the installer structure instead 115 | 116 | ###### 2019-03-23, v0.8 117 | 118 | - Bugfix. 119 | - Correctly apply permissions to bin/raw files 120 | 121 | ###### 2019-03-16, v0.7 122 | 123 | - Bugfixes. 124 | - Avoid hardcoding MODDIR in opensshd.init 125 | - Use wrapper script for setting LD_LIBRARY_PATH instead of setting it in init script 126 | 127 | ###### 2019-03-10, v0.6 128 | 129 | - Version bump. 130 | - OpenSSL 1.0.2r 131 | 132 | ###### 2018-11-04, v0.5 133 | 134 | - Version bumps (except rsync). 135 | - Set owner and permissions for shell directory 136 | - OpenSSL 1.0.2p 137 | - OpenSSH 7.9p1 138 | - Magisk Module Template v17000 139 | 140 | ###### 2018-07-16, v0.4 141 | 142 | - Derive paths from $MODDIR instead of hardcoding /magisk 143 | 144 | ###### 2018-04-06, v0.3 145 | 146 | - Version bumps. 147 | - Fix sftp rename on filesystems without hardlinks (ie. FAT32) 148 | - OpenSSL 1.0.2o 149 | - OpenSSH 7.7p1 150 | - Rsync 3.1.3 151 | - Magisk Module Template v1500 152 | 153 | ###### 2017-11-23, v0.2 154 | 155 | - Version bumps. 156 | - OpenSSL 1.0.2m 157 | - OpenSSH 7.6p1 158 | - Rsync 3.1.2 159 | - Magisk Module Template v1400 160 | 161 | ###### 2017-10-03, v0.1 162 | 163 | - Initial release. 164 | - OpenSSL 1.0.2l 165 | - OpenSSH 7.5p1 166 | - Rsync 3.1.2 167 | - Magisk Module Template v1400 168 | -------------------------------------------------------------------------------- /arch/arm/bin/rsync: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/rsync -------------------------------------------------------------------------------- /arch/arm/bin/scp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/scp -------------------------------------------------------------------------------- /arch/arm/bin/sftp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/sftp -------------------------------------------------------------------------------- /arch/arm/bin/sftp-server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/sftp-server -------------------------------------------------------------------------------- /arch/arm/bin/ssh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/ssh -------------------------------------------------------------------------------- /arch/arm/bin/ssh-keygen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/ssh-keygen -------------------------------------------------------------------------------- /arch/arm/bin/sshd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/bin/sshd -------------------------------------------------------------------------------- /arch/arm/lib/libcrypto.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm/lib/libcrypto.so -------------------------------------------------------------------------------- /arch/arm64/bin/rsync: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/rsync -------------------------------------------------------------------------------- /arch/arm64/bin/scp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/scp -------------------------------------------------------------------------------- /arch/arm64/bin/sftp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/sftp -------------------------------------------------------------------------------- /arch/arm64/bin/sftp-server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/sftp-server -------------------------------------------------------------------------------- /arch/arm64/bin/ssh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/ssh -------------------------------------------------------------------------------- /arch/arm64/bin/ssh-keygen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/ssh-keygen -------------------------------------------------------------------------------- /arch/arm64/bin/sshd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/bin/sshd -------------------------------------------------------------------------------- /arch/arm64/lib/libcrypto.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/arm64/lib/libcrypto.so -------------------------------------------------------------------------------- /arch/x86/bin/rsync: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/rsync -------------------------------------------------------------------------------- /arch/x86/bin/scp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/scp -------------------------------------------------------------------------------- /arch/x86/bin/sftp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/sftp -------------------------------------------------------------------------------- /arch/x86/bin/sftp-server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/sftp-server -------------------------------------------------------------------------------- /arch/x86/bin/ssh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/ssh -------------------------------------------------------------------------------- /arch/x86/bin/ssh-keygen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/ssh-keygen -------------------------------------------------------------------------------- /arch/x86/bin/sshd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/bin/sshd -------------------------------------------------------------------------------- /arch/x86/lib/libcrypto.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86/lib/libcrypto.so -------------------------------------------------------------------------------- /arch/x86_64/bin/rsync: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/rsync -------------------------------------------------------------------------------- /arch/x86_64/bin/scp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/scp -------------------------------------------------------------------------------- /arch/x86_64/bin/sftp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/sftp -------------------------------------------------------------------------------- /arch/x86_64/bin/sftp-server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/sftp-server -------------------------------------------------------------------------------- /arch/x86_64/bin/ssh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/ssh -------------------------------------------------------------------------------- /arch/x86_64/bin/ssh-keygen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/ssh-keygen -------------------------------------------------------------------------------- /arch/x86_64/bin/sshd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/bin/sshd -------------------------------------------------------------------------------- /arch/x86_64/lib/libcrypto.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Magisk-Modules-Repo/ssh/9c325e5f335d7231d88cab587c7eb236777f31e2/arch/x86_64/lib/libcrypto.so -------------------------------------------------------------------------------- /common/magisk_ssh_library_wrapper: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | 3 | bindir="$(dirname "$0")" 4 | execname="$(basename "$0")" 5 | 6 | libdir="$(realpath "$bindir/../lib")" 7 | 8 | exec env LD_LIBRARY_PATH="$libdir" "$bindir/raw/$execname" "$@" 9 | -------------------------------------------------------------------------------- /common/opensshd.init: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | # Donated code that was put under PD license. 3 | # 4 | # Stripped PRNGd out of it for the time being. 5 | 6 | umask 022 7 | 8 | CAT=/system/bin/cat 9 | KILL=/system/bin/kill 10 | 11 | : ${MODDIR:="$(realpath "$(dirname "$0")")"} 12 | export MODDIR 13 | prefix="$MODDIR/usr" 14 | sysconfdir=/data/ssh 15 | piddir=/data/ssh 16 | 17 | SSHD=$prefix/bin/sshd 18 | PIDFILE=$piddir/sshd.pid 19 | 20 | 21 | SSH_KEYGEN=$prefix/bin/ssh-keygen 22 | 23 | stop_service() { 24 | if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then 25 | PID=`${CAT} ${PIDFILE}` 26 | fi 27 | if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then 28 | ${KILL} ${PID} 29 | else 30 | echo "Unable to read PID file" 31 | fi 32 | } 33 | 34 | start_service() { 35 | # XXX We really should check if the service is already going, but 36 | # XXX we will opt out at this time. - Bal 37 | 38 | # Check to see if we have keys that need to be made 39 | ${SSH_KEYGEN} -A 40 | 41 | # Start SSHD 42 | echo "starting $SSHD... \c" ; $SSHD 43 | 44 | sshd_rc=$? 45 | if [ $sshd_rc -ne 0 ]; then 46 | echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." 47 | exit $sshd_rc 48 | fi 49 | echo done. 50 | } 51 | 52 | case $1 in 53 | 54 | 'start') 55 | start_service 56 | ;; 57 | 58 | 'stop') 59 | stop_service 60 | ;; 61 | 62 | 'restart') 63 | stop_service 64 | start_service 65 | ;; 66 | 67 | *) 68 | echo "$0: usage: $0 {start|stop|restart}" 69 | ;; 70 | esac 71 | -------------------------------------------------------------------------------- /common/service.sh: -------------------------------------------------------------------------------- 1 | #!/system/bin/sh 2 | # Do NOT assume where your module will be located. 3 | # ALWAYS use $MODDIR if you need to know where this script 4 | # and module is placed. 5 | # This will make sure your module will still work 6 | # if Magisk change its mount point in the future 7 | MODDIR=${0%/*} 8 | 9 | # This script will be executed in late_start service mode 10 | [ -f /data/ssh/no-autostart ] || $MODDIR/opensshd.init start 11 | -------------------------------------------------------------------------------- /common/sshd_config: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ 2 | 3 | # This is the sshd server system-wide configuration file. See 4 | # sshd_config(5) for more information. 5 | 6 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 7 | 8 | # The strategy used for options in the default sshd_config shipped with 9 | # OpenSSH is to specify options with their default value where 10 | # possible, but leave them commented. Uncommented options override the 11 | # default value. 12 | 13 | #Port 22 14 | #AddressFamily any 15 | #ListenAddress 0.0.0.0 16 | #ListenAddress :: 17 | 18 | #HostKey /etc/ssh/ssh_host_rsa_key 19 | #HostKey /etc/ssh/ssh_host_dsa_key 20 | #HostKey /etc/ssh/ssh_host_ecdsa_key 21 | #HostKey /etc/ssh/ssh_host_ed25519_key 22 | 23 | # Ciphers and keying 24 | #RekeyLimit default none 25 | 26 | # Logging 27 | #SyslogFacility AUTH 28 | #LogLevel INFO 29 | 30 | # Authentication: 31 | 32 | #LoginGraceTime 2m 33 | #PermitRootLogin prohibit-password 34 | #StrictModes yes 35 | #MaxAuthTries 6 36 | #MaxSessions 10 37 | 38 | #PubkeyAuthentication yes 39 | 40 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 41 | # but this is overridden so installations will only check .ssh/authorized_keys 42 | #AuthorizedKeysFile .ssh/authorized_keys 43 | 44 | #AuthorizedPrincipalsFile none 45 | 46 | #AuthorizedKeysCommand none 47 | #AuthorizedKeysCommandUser nobody 48 | 49 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 50 | #HostbasedAuthentication no 51 | # Change to yes if you don't trust ~/.ssh/known_hosts for 52 | # HostbasedAuthentication 53 | #IgnoreUserKnownHosts no 54 | # Don't read the user's ~/.rhosts and ~/.shosts files 55 | #IgnoreRhosts yes 56 | 57 | # To disable tunneled clear text passwords, change to no here! 58 | PasswordAuthentication no 59 | #PermitEmptyPasswords no 60 | 61 | # Change to no to disable s/key passwords 62 | #ChallengeResponseAuthentication yes 63 | 64 | # Kerberos options 65 | #KerberosAuthentication no 66 | #KerberosOrLocalPasswd yes 67 | #KerberosTicketCleanup yes 68 | #KerberosGetAFSToken no 69 | 70 | # GSSAPI options 71 | #GSSAPIAuthentication no 72 | #GSSAPICleanupCredentials yes 73 | 74 | # Set this to 'yes' to enable PAM authentication, account processing, 75 | # and session processing. If this is enabled, PAM authentication will 76 | # be allowed through the ChallengeResponseAuthentication and 77 | # PasswordAuthentication. Depending on your PAM configuration, 78 | # PAM authentication via ChallengeResponseAuthentication may bypass 79 | # the setting of "PermitRootLogin without-password". 80 | # If you just want the PAM account and session checks to run without 81 | # PAM authentication, then enable this but set PasswordAuthentication 82 | # and ChallengeResponseAuthentication to 'no'. 83 | #UsePAM no 84 | 85 | #AllowAgentForwarding yes 86 | #AllowTcpForwarding yes 87 | #GatewayPorts no 88 | X11Forwarding no 89 | #X11DisplayOffset 10 90 | #X11UseLocalhost yes 91 | #PermitTTY yes 92 | PrintMotd no 93 | PrintLastLog no 94 | #TCPKeepAlive yes 95 | #UseLogin no 96 | #PermitUserEnvironment no 97 | #Compression delayed 98 | #ClientAliveInterval 0 99 | #ClientAliveCountMax 3 100 | #UseDNS no 101 | #PidFile /run/sshd.pid 102 | #MaxStartups 10:30:100 103 | #PermitTunnel no 104 | #ChrootDirectory none 105 | #VersionAddendum none 106 | 107 | # no default banner path 108 | #Banner none 109 | 110 | # here are the new patched ldap related tokens 111 | # entries in your LDAP must have posixAccount & ldapPublicKey objectclass 112 | #UseLPK yes 113 | #LpkLdapConf /etc/ldap.conf 114 | #LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ 115 | #LpkUserDN ou=users,dc=phear,dc=org 116 | #LpkGroupDN ou=groups,dc=phear,dc=org 117 | #LpkBindDN cn=Manager,dc=phear,dc=org 118 | #LpkBindPw secret 119 | #LpkServerGroup mail 120 | #LpkFilter (hostAccess=master.phear.org) 121 | #LpkForceTLS no 122 | #LpkSearchTimelimit 3 123 | #LpkBindTimelimit 3 124 | #LpkPubKeyAttr sshPublicKey 125 | 126 | # override default of no subsystems 127 | Subsystem sftp internal-sftp 128 | 129 | # the following are HPN related configuration options 130 | # tcp receive buffer polling. disable in non autotuning kernels 131 | #TcpRcvBufPoll yes 132 | 133 | # disable hpn performance boosts 134 | #HPNDisabled no 135 | 136 | # buffer size for hpn to non-hpn connections 137 | #HPNBufferSize 2048 138 | 139 | # allow the use of the none cipher 140 | #NoneEnabled no 141 | 142 | # Example of overriding settings on a per-user basis 143 | #Match User anoncvs 144 | # X11Forwarding no 145 | # AllowTcpForwarding no 146 | # PermitTTY no 147 | # ForceCommand cvs server 148 | 149 | # Allow client to pass locale environment variables #367017 150 | AcceptEnv LANG LC_* 151 | 152 | UsePrivilegeSeparation no -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################## 2 | # 3 | # Magisk Module Installer Script 4 | # 5 | ########################################################################################## 6 | ########################################################################################## 7 | # 8 | # Instructions: 9 | # 10 | # 1. Place your files into system folder (delete the placeholder file) 11 | # 2. Fill in your module's info into module.prop 12 | # 3. Configure and implement callbacks in this file 13 | # 4. If you need boot scripts, add them into common/post-fs-data.sh or common/service.sh 14 | # 5. Add your additional or modified system properties into common/system.prop 15 | # 16 | ########################################################################################## 17 | 18 | ########################################################################################## 19 | # Config Flags 20 | ########################################################################################## 21 | 22 | # Set to true if you do *NOT* want Magisk to mount 23 | # any files for you. Most modules would NOT want 24 | # to set this flag to true 25 | SKIPMOUNT=true 26 | 27 | # Set to true if you need to load system.prop 28 | PROPFILE=false 29 | 30 | # Set to true if you need post-fs-data script 31 | POSTFSDATA=false 32 | 33 | # Set to true if you need late_start service script 34 | LATESTARTSERVICE=true 35 | 36 | ########################################################################################## 37 | # Replace list 38 | ########################################################################################## 39 | 40 | # List all directories you want to directly replace in the system 41 | # Check the documentations for more info why you would need this 42 | 43 | # Construct your list in the following format 44 | # This is an example 45 | REPLACE_EXAMPLE=" 46 | /system/app/Youtube 47 | /system/priv-app/SystemUI 48 | /system/priv-app/Settings 49 | /system/framework 50 | " 51 | 52 | # Construct your own list here 53 | REPLACE=" 54 | " 55 | 56 | ########################################################################################## 57 | # 58 | # Function Callbacks 59 | # 60 | # The following functions will be called by the installation framework. 61 | # You do not have the ability to modify update-binary, the only way you can customize 62 | # installation is through implementing these functions. 63 | # 64 | # When running your callbacks, the installation framework will make sure the Magisk 65 | # internal busybox path is *PREPENDED* to PATH, so all common commands shall exist. 66 | # Also, it will make sure /data, /system, and /vendor is properly mounted. 67 | # 68 | ########################################################################################## 69 | ########################################################################################## 70 | # 71 | # The installation framework will export some variables and functions. 72 | # You should use these variables and functions for installation. 73 | # 74 | # ! DO NOT use any Magisk internal paths as those are NOT public API. 75 | # ! DO NOT use other functions in util_functions.sh as they are NOT public API. 76 | # ! Non public APIs are not guranteed to maintain compatibility between releases. 77 | # 78 | # Available variables: 79 | # 80 | # MAGISK_VER (string): the version string of current installed Magisk 81 | # MAGISK_VER_CODE (int): the version code of current installed Magisk 82 | # BOOTMODE (bool): true if the module is currently installing in Magisk Manager 83 | # MODPATH (path): the path where your module files should be installed 84 | # TMPDIR (path): a place where you can temporarily store files 85 | # ZIPFILE (path): your module's installation zip 86 | # ARCH (string): the architecture of the device. Value is either arm, arm64, x86, or x64 87 | # IS64BIT (bool): true if $ARCH is either arm64 or x64 88 | # API (int): the API level (Android version) of the device 89 | # 90 | # Availible functions: 91 | # 92 | # ui_print 93 | # print to console 94 | # Avoid using 'echo' as it will not display in custom recovery's console 95 | # 96 | # abort 97 | # print error message to console and terminate installation 98 | # Avoid using 'exit' as it will skip the termination cleanup steps 99 | # 100 | # set_perm [context] 101 | # if [context] is empty, it will default to "u:object_r:system_file:s0" 102 | # this function is a shorthand for the following commands 103 | # chown owner.group target 104 | # chmod permission target 105 | # chcon context target 106 | # 107 | # set_perm_recursive [context] 108 | # if [context] is empty, it will default to "u:object_r:system_file:s0" 109 | # for all files in , it will call: 110 | # set_perm file owner group filepermission context 111 | # for all directories in (including itself), it will call: 112 | # set_perm dir owner group dirpermission context 113 | # 114 | ########################################################################################## 115 | ########################################################################################## 116 | # If you need boot scripts, DO NOT use general boot scripts (post-fs-data.d/service.d) 117 | # ONLY use module scripts as it respects the module status (remove/disable) and is 118 | # guaranteed to maintain the same behavior in future Magisk releases. 119 | # Enable boot scripts by setting the flags in the config section above. 120 | ########################################################################################## 121 | 122 | # Set what you want to display when installing your module 123 | 124 | print_modname() { 125 | ui_print "*******************************" 126 | ui_print " OpenSSH for Android " 127 | ui_print "*******************************" 128 | } 129 | 130 | # Copy/extract your module files into $MODPATH in on_install. 131 | 132 | on_install() { 133 | local TMPDIR="$MODPATH/tmp" 134 | ui_print "[0/7] Preparing module directory" 135 | mkdir -p "$TMPDIR" 136 | mkdir -p "$MODPATH/usr/bin/raw" 137 | 138 | ui_print "[1/7] Extracting architecture unspecific module files" 139 | unzip -o "$ZIPFILE" 'common/opensshd.init' -d "$MODPATH/tmp" >&2 140 | unzip -o "$ZIPFILE" 'common/magisk_ssh_library_wrapper' -d "$MODPATH/tmp" >&2 141 | mv "$TMPDIR/common/opensshd.init" "$MODPATH" 142 | mv "$TMPDIR/common/magisk_ssh_library_wrapper" "$MODPATH/usr/bin/raw" 143 | 144 | ui_print "[2/7] Extracting libraries and binaries for $ARCH" 145 | unzip -o "$ZIPFILE" "arch/$ARCH/*" -d "$TMPDIR" >&2 146 | mv "$TMPDIR/arch/$ARCH/lib" "$MODPATH/usr" 147 | mv "$TMPDIR/arch/$ARCH/bin"/* "$MODPATH/usr/bin" 148 | 149 | ui_print "[3/7] Configuring library path wrapper" 150 | for f in scp sftp sftp-server ssh ssh-keygen sshd rsync; do 151 | mv "$MODPATH/usr/bin/$f" "$MODPATH/usr/bin/raw/$f" 152 | ln -s ./raw/magisk_ssh_library_wrapper "$MODPATH/usr/bin/$f" 153 | done 154 | 155 | ui_print "[4/6] Creating SSH user directories" 156 | mkdir -p /data/ssh 157 | mkdir -p /data/ssh/root/.ssh 158 | mkdir -p /data/ssh/shell/.ssh 159 | 160 | if [ -f /data/ssh/sshd_config ]; then 161 | ui_print "[5/6] Found sshd_config, will not copy a default one" 162 | else 163 | ui_print "[5/6] Extracting sshd_config" 164 | unzip -o "$ZIPFILE" 'common/sshd_config' -d "$TMPDIR" >&2 165 | mv "$TMPDIR/common/sshd_config" '/data/ssh/' 166 | fi 167 | 168 | ui_print "[6/6] Cleaning up" 169 | rm -rf "$TMPDIR" 170 | } 171 | 172 | # Only some special files require specific permissions 173 | # This function will be called after on_install is done 174 | # The default permissions should be good enough for most cases 175 | 176 | set_permissions() { 177 | # The following is the default rule, DO NOT remove 178 | set_perm_recursive $MODPATH 0 0 0755 0644 179 | 180 | set_perm_recursive "$MODPATH/usr/bin" 0 0 0755 0755 181 | set_perm "$MODPATH/opensshd.init" 0 0 0755 182 | set_perm /data/ssh/sshd_config 0 0 0600 183 | chown shell:shell /data/ssh/shell 184 | chown shell:shell /data/ssh/shell/.ssh 185 | chown root:root /data/ssh/root 186 | chown root:root /data/ssh/root/.ssh 187 | chmod 700 /data/ssh/{shell,root} 188 | chmod 700 /data/ssh/{shell,root}/.ssh 189 | } 190 | 191 | # You can add more functions to assist your custom script code 192 | -------------------------------------------------------------------------------- /module.prop: -------------------------------------------------------------------------------- 1 | id=ssh 2 | name=SSH for Magisk 3 | version=v0.16 4 | versionCode=15 5 | author=D4rCM4rC and Contributors 6 | description=OpenSSH and Rsync bundled with simple start scripts for Android with Magisk 7 | updateJson=https://gitlab.com/d4rcm4rc/MagiskSSH/-/raw/master/update.json 8 | -------------------------------------------------------------------------------- /uninstall.sh: -------------------------------------------------------------------------------- 1 | if ! test -e /data/ssh/KEEP_ON_UNINSTALL ; then 2 | rm -rf /data/ssh 3 | fi 4 | --------------------------------------------------------------------------------