by

Busybox Ssh Server



  1. BusyBox httpd
  2. Run SSH in an alternative port
  3. kitty compatibility

You won't, because #1. Because busybox in itself does not provide an SSH server nor client. Now that your question is answered: The usual way to add an SSH server to a busybox based system is to add dropbear, first on the list of 'tiny utilities whose functionality is not provided by busybox ': https://busybox.net/tinyutils.html. Compatible with OpenSSH /.ssh/authorizedkeys public key authentication; The server, client, keygen, and key converter can be compiled into a single binary (like busybox) Features can easily be disabled when compiling to save space; Multi-hop mode uses SSH TCP forwarding to tunnel through multiple SSH hosts in a single command.

As part of my practice for AWS Solutions Architect certification, I needed to run a test web server to test security group (a virtual firewall attached to an instance, specifically its network interface), NACL (network access control list, a subnet-level cloud firewall) and Route 53 DNS failover. Most (all?) study guides suggest installing and running an Apache web server, the most popular web server (it’s the ‘A’ of an LAMP stack).

This article assumes Ubuntu Linux AMI is used

So yourhost is the busybox router. Ssh -R 11111:nearhost:22 remotehost Now when you are at the remotehost, you type again. Ssh -p 11111 busyboxuser@localhost to connect to the green port 11111 which is then forwarded through the tunnel to the busybox, and from there it is connected to the pink port 22 of the nearhost (representing your home computer).

BusyBox httpd

It’s little known that there is already a web server included in most Linux distributions, the ubiquitous BusyBox has a tiny and simple httpd web server. It doesn’t support TLS and PHP (you could run PHP via CGI, which httpd supports, but it’s not recommended). Since I only needed a static “index.html”, httpd fits the bill. Not all Busybox installation includes httpd, for example Alpine doesn’t have one, you need to install busybox-extras package to get it.

By default, a normal user cannot starts a web server that binds to port 1 - 1023 without root privilege in Linux. A common solution is to grant CAP_NET_BIND_SERVICE capability to the web server’s binary (BusyBox in this case). Alternatively, you could start it using root and then run it as an unprivileged user:

Ubuntu includes a www-data user that has minimal privilege, “33” is its uid/gid:

Ntp

Notice www-data has its shell disabled via /usr/sbin/nologin. We can verify that httpd is listening on port 80 using www-data:

But we still can’t escape the fact that httpd was started using root:

I guess the workaround is fine for a temporary test server, you shouldn’t do this in production; well, you wouldn’t use httpd in production anyway.

Example usage

  1. Create an index.html:
  1. Starts httpd:
  1. From your local workstation, verify the server is responding:

Obviously you should already have a rule in the relevant security group to allow inbound port 80.

Run SSH in an alternative port

SSH uses port 22 by default, if you prefer strangers not to knock on that door (figuratively speaking, not to be confused with port knocking), you can change to another port using a user data script.

First, create a shell script (in your local workstation):

Then, specify the script as a --user-data when you create an EC2 instance using AWS CLI:

Busybox Ssh Server

The file should be specified with file:// prefix, if the script is located at “/home/example/script.sh”, it should be file:///home/example/script.sh.

Refer to “Ubuntu Cloud Image Finder“ for the latest Ubuntu AMIs in your AWS region.

Terminate EC2 instance using a tag

Notice I tag/name the instance as “test-ec2”, this helps me to easily terminate it without manual input of instance id:

SSH config

Instead of,

Server

you could use an SSH config.

  1. Move the private key to “.ssh” of your home folder:
  1. SSH is fussy about the folder/file permission:
Busybox Ssh Server
  1. Create SSH config:

The username differs depending on the AMI that you use, refer to the AWS documentation.

To find out your instance’s public IP using its tag (e.g. “test-ec2”):

  1. To SSH into your EC2 instance:

Encrypt private key

Server

Busybox Ssh Server

Latest bollywood songs 720p download. AWS generates a private key without any encryption by default, to secure it with a password:

SSH will prompt for password after this:

kitty compatibility

Busybox Ntp Client

If you use kitty terminal to ssh into your Linux instance, you may find the backspace doesn’t work. That is because kitty uses different terminfo.

You can view the xterm-kitty by:

There are two ways to fix this. Deezer logos.

Send kitty terminfo

This seems like a common issue and the fix is mentioned in kitty’s FAQ. In this approach, kitty can upload and install its terminfo when you ssh into your server:

Install terminfo using user data

Alternatively, you could also install it using user data:

Change the home folder name according to the Linux distribution that you use