I did this with the latest
CyanogenMod 11 snapshots on a
Nexus 4 and a
Nexus 5. I recommend buying a device with an unlockable bootloader, like the
Google Nexus devices, because it makes rooting and installing custom ROMs, etc, much more straightforward. Besides, if you buy a device you ought to own it, so why give your money to a company that tries to lock you out of your own devices, as if they still own it even after you have bought and paid for it? If you already have a device that is locked down, you may have to search the web to find a hack to get access to it (Good luck!), but I won’t be covering that here. What I found to be difficult to find and poorly documented elsewhere was how to configure your device for root login via ssh, after installing CyanogenMod. This can be useful for a variety of reasons, for instance, you can easily make a full back up of the phone securely over your wireless network. But as always, exercise caution when using root!
Before you begin, make sure you have a few options set on the Android device. Under “Developer options” make sure that “Android debugging” is enabled, “Root access” is set to “Apps and ADB”, and while you are here, set “Device hostname” to something memorable. (You should have learned to access the hidden “Developer options” menu while install CyanogenMod.) Now, with phone connected by USB, login from your computer with:
adb shell
then start setting up ssh by copying over the template configuration file:
cp /system/etc/ssh/sshd_config /data/ssh
vim
/data/ssh/sshd_config
and add the line:
PermitRootLogin without-password
This does not do what it sounds like. It will not allow you to login without authenticating, rather, it disables authentication with a password and requires you to use public key authentication which we will set up in a minute. Next:
mkdir /data/local/userinit.d
cd /data/local/userinit.d
cp /system/bin/start-ssh 90sshd
vim 90sshd
and change:
# don't daemonize - otherwise we can't stop the sshd service
/system/bin/sshd -f /system/etc/ssh/sshd_config -D
to:
# don't daemonize - otherwise we can't stop the sshd service
## Actually, yes, do daemonize (remove -D option)
/system/bin/sshd -f /system/etc/ssh/sshd_config
Now, if you don’t already have one, you will need to generate an RSA key for ssh. On your computer (not the adb shell that is already logged into your Android device) run:
ssh-keygen
and with the default options you will get a ~/.ssh containing id_rsa and id_rsa.pub. You will need to copy id_rsa.pub to your Android device in order to be able to login. Still working from your computer:
adb push ~/.ssh/id_rsa.pub /sdcard/
Now, on the Android device:
cd /data/.ssh
touch authorized_keys
cat /sdcard/id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
Note that the authorized keys file must not be readable by anyone else or ssh will refuse to use it and authentication will fail. Now, you should be able to reboot and login to your Android device:
ssh root@AndroidHostname
If you set a password for the RSA key you generated for ssh, it will prompt you for that password, but it will not prompt for a password for root on the Android device (because it is using the key instead). If you want to login from other devices, make sure you have an authorized key on that device as well. To add more authorized keys, simply concatenate them onto the
authorized_keys
file, the same way we did the first one. Now you can remotely access your Android device via ssh.