Android has it’s ADB and it’s great. But for me, it’s not always enough, especially since it has no way to authenticate the user and there is no encryption. That’s why I need SSH too. OpenSSH is to big for embedded systems so I’m using dropbear.

Dropbear is already inside of Android tree, in external/dropbear directory. Problem is, is configured to only compile SSH client while I need a server. So there are two solutions - changing to also compile server or build it externally. In this article I will show the later approach.

I don’t want to deal with /etc/passwd, /etc/shell and similar files and I’m only interested in logging in as root user using public key (no password authentication). I also only need server side tools (specifically dropbear, scp and dropbearkey). I’ve configured my build to do exactly this, ignoring issues I might have without those simplifications. If you have some other needs, you may need to tweak your configuration accordingly.


First, download dropbear tarball from its official site. After decompressing it, you have to override ancient config.sub and config.guess files from the archive with the newest ones. You need newer versions so that android toolchain (androideabi) is recognized:

$ wget
$ tar -xjf dropbear-2013.58.tar.bz2
$ cd dropbear-2013.58

$ wget -O config.sub ";a=blob_plain;f=config.sub;hb=HEAD"
$ wget -O config.guess ";a=blob_plain;f=config.guess;hb=HEAD"

The build will use precompiled Android toolchain. It is required to specify sysroot path so that static libraries and include files can be found. This can be done with CFLAGS and LDFLAGS environment variables. As always, toolchain binaries have to be on the PATH:

$ ANDROID=/path/to/your/androidtree
$ SYSROOT=${ANDROID}/prebuilt/ndk/android-ndk-r6/platforms/android-9/arch-arm/
$ export CFLAGS=--sysroot=$SYSROOT
$ export LDFLAGS=--sysroot=$SYSROOT
$ export PATH=${ANDROID}/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/bin/:$PATH

Next, you have to patch couple of files. All the changes I’ve made are in this file. It changes some options in option.h, fixes problem with S_IWRITE in scp.c, changes svr-auth.c so that we can login without /etc/passwd and /etc/shell files and sets android specific environment variables (so that android utilities like am, setprop and getprop can be used) in svr-chansession.c file:

$ patch -p1 < dropbear-android.patch

After applying this patch, it’s time to configure build system. But before compiling the programs, you have to make small change to config.h file generated by configure script:

$ ./configure --host=arm-linux-androideabi --disable-utmp --disable-wtmp --disable-utmpx --disable-utmpx --disable-zlib --disable-syslog
$ echo "#define USE_DEV_PTMX 1" >> config.h
$ make PROGRAMS="dropbear dropbearkey scp" strip


That’s it. You have a small (about 260KB) SSH server, plus 100KB for dropbearkey and 40KB for scp binaries. None large changes were need, there are no dependencies to build and the steps are quite easy to follow. I also hope that you will find some of the steps useful when cross-compiling some other software for Android devices.