Mobileread
ssh shell/ftp access for PocketBook Pro readers
#1  rkomar 12-03-2011, 06:10 PM
I've put together a package for running a secure shell daemon on the PocketBook Pro readers without needing root privileges. This allows one to use scp, sftp and ssh from a computer to access the reader. Unfortunately, because the daemon runs under the non-root reader account, it can't use passwords for logging in. Instead, authorization keys have to be used instead of passwords. This isn't difficult to do, but does make the set-up a little harder than just copying the files over and clicking the start application. I've attached the zip file with the necessary programs and scripts, and also attached the README.txt file from inside the zip file so people can judge if they want to bother with this or not.

The ssh shell is pretty rudimentary because of problems with creating ptys from non-privileged accounts. If enough people want this, maybe we can convince PB to fix that within their firmware.

The ssh programs were built using LoneTech's qemu-based build system. They are for arm-eabi systems only, so won't work on the older 30X and 360 systems. However, the configuration options for building the openssh package are given in the README.txt file, and anyone with an older arm build system should be able to create programs for the readers using the older ABI.

Edit: The first time you run sshd_start, it takes a while to run because it is generating host keys for the system. Please be patient.

Edit 2: Re-uploaded new files that include the "create-keys" functionality suggested by @apos.

Edit 3: Added sreader account as allowed login name, and updated README.txt. Users of new firmware versions should use sreader as the login name rather than reader

Edit 4: Added pop up dialog stating the IP address and port.

Edit 5: Added a version for devices with firmware 5 (since they use new openssl libraries).

Edit 6: Added a version for devices with firmware 6. Log in as user "reader" on those devices.
[txt] README.txt (7.9 KB, 1947 views)
[zip] pbsshd_1.3.zip (336.8 KB, 872 views)
[zip] pbsshd_1.3_fwv5.zip (298.8 KB, 902 views)
[zip] pbsshd_1.3_fwv6.zip (1,005.0 KB, 51 views)
Reply 

#2  MartinZ 12-04-2011, 05:48 PM
Hi rkomar,

thanks a lot for that attempt.

I do not get logged in though:

Code
sftp -P 1124 reader@192.168.2.34
prompts me for a password for user reader (which i do not know).

I created a key pair before and copied the public key to the "authorized_keys2" file.

Besides that:

i think a normal ftp instead of sftp could be even more useful. Windows users could connect via ftp in explorer this way (like it was possible by "get_root").
Even better a Samba server on PBs side would be to Windows users.
Reply 

#3  rkomar 12-04-2011, 05:59 PM
Quote MartinZ
Hi rkomar,

thanks a lot for that attempt.

I do not get logged in though:

Code
sftp -P 1124 reader@192.168.2.34
prompts me for a password for user reader (which i do not know).

I created a key pair before and copied the public key to the "authorized_keys2" file.

Besides that:

i think a normal ftp instead of sftp could be even more useful. Windows users could connect via ftp in explorer this way (like it was possible by "get_root").
Even better a Samba server on PBs side would be to Windows users.
Look in pb_sshd/sshd.log to see if the problem was logged. If not, you can edit sshd_start.app and change the "-q" option to sshd to "-d" to get even more debugging information. It looks like it isn't getting a match on the key. Maybe you can try the "-i" option with sftp to specify the exact location of the id_rsa (or whatever) private key file.

As far as the other stuff goes, I don't think you can run telnetd or ftpd as non-root user. The whole point of this was to provide something for a non-rooted device. I agree that the secure versions of ftp, telnet and rcp are much less common, but I don't see what else to do about it.
I haven't looked into running samba under a non-privileged account. I don't know if it is possible or not, but I'll have a look. I agree that it would be pretty useful.
Reply 

#4  MartinZ 12-04-2011, 06:05 PM
Code
/mnt/ext1/applications/pb_sshd/usr/sbin/sshd: /lib/libcrypto.so.0.9.8: no version information available (required by /mnt/ext1/applications/pb_sshd/usr/sbin/sshd)
Reply 

#5  rkomar 12-04-2011, 06:50 PM
I've looked around a bit online, and apparently it is possible to run a samba server under a non-root account, but the port it listens on has to be above 1024. After a quick look, the only way I saw to get a Windows machine to access a different port is to map port 139 to the new one using ssh tunneling. The process is pretty involved, and needs putty installed on the system. If you have putty installed, then you might as well use it to copy files over to the reader's sshd server.

Anyway, I'm willing to give someone a hand building samba for the PocketBook Pro devices if they want to pursue this, but I don't use Windows much myself, so I wouldn't want to do the bulk of the work.
Reply 

#6  rkomar 12-04-2011, 06:51 PM
Quote MartinZ
Code
/mnt/ext1/applications/pb_sshd/usr/sbin/sshd: /lib/libcrypto.so.0.9.8: no version information available (required by /mnt/ext1/applications/pb_sshd/usr/sbin/sshd)
This is just a warning. It doesn't actually affect anything.
Reply 

#7  Seneca 12-04-2011, 08:04 PM
Quote rkomar
The ssh shell is pretty rudimentary because of problems with creating ptys from non-privileged accounts. If enough people want this, maybe we can convince PB to fix that within their firmware.
Hi rkomar,

I have run into the /dev/ptmx problem earlier. Your work on sshd finally made me asking Fork to change the default access modes for /dev/ptmx. See my post here http://www.mobileread.com/forums/sho...31#post1863531
(the post is in the German forum, scroll down to see the English version)
Reply 

#8  rkomar 12-04-2011, 08:48 PM
Quote Seneca
Hi rkomar,

I have run into the /dev/ptmx problem earlier. Your work on sshd finally made me asking Fork to change the default access modes for /dev/ptmx. See my post here http://www.mobileread.com/forums/sho...31#post1863531
(the post is in the German forum, scroll down to see the English version)
Good. Maybe the more people ask for it, the more chance it will be changed. Did you not need to change the line for /dev/pts in /etc/fstab?
Reply 

#9  jbaach 12-05-2011, 07:25 AM
Thanks a lot for the sshd, rkomar - its fantastic to have it.

Because I am running 2.1.2 rc3, and don't know how to root it, I wrote myself a little ssh command line wrapper that allows me to still use ssh in a somewhat 'natural' way.

It needs python to be installed on your host, run it like 'python pbshell.py address', with address being the ip or hostname of the pocketbook (which defaults to pb in my local setup)

http://baach.de/static/pbshell.py
Reply 

#10  Seneca 12-05-2011, 01:35 PM
Quote rkomar
Quote Seneca
I have run into the /dev/ptmx problem earlier. Your work on sshd finally made me asking Fork to change the default access modes for /dev/ptmx. See my post here http://www.mobileread.com/forums/sho...31#post1863531
(the post is in the German forum, scroll down to see the English version)
Good. Maybe the more people ask for it, the more chance it will be changed. Did you not need to change the line for /dev/pts in /etc/fstab?
No, I think /dev/pts is uncritical. At least on my local Linux system it has the same modes as on the pocketbook. You don't need write access there, because the ptyX nodes are created by the kernel (actually the devpts pseudo filesystem) and not by the application creating a pseudo tty pair.
Reply 

  Next »  Last »  (1/11)
Today's Posts | Search this Thread | Login | Register