~/.android/adbkey
(adbkey is text file which stores privatekey of your computer used for purpose of ADB over USB)All,I am trying to figure out how to lock down ADB so only people that have the pre-generated private key can access ADB through USB or WiFi/Ethernet. I have generated a key pair using adb keygen (also tried with ssl-keygen) but I can't seem to get things locked down. When my device is deployed to production I don't want to allow anyone to shell into the OS using ADB. I have set /vendor/build.prop: ro.adb.secure=1 (also tried ro.adb.secure=0) and copied my public key to /data/misc/adb/adb_keys and also tried at the root /adb_keys and rebooted the device. I moved my private key to a hidden location (outside of .Android) so it would not know the private key. However, anytime I do adb devices it shows the device and allows me to connect. I would have expected it to show "unauthorized" or something to that effect. Also I have the following build.prop setting: persist.sys.usb.config=adb. Any help would greatly be appreciated.
--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-platform.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/664cf2d1-c90b-4c1e-8bee-a2b4f90aa735%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
All,I am trying to figure out how to lock down ADB so only people that have the pre-generated private key can access ADB through USB or WiFi/Ethernet. I have generated a key pair using adb keygen (also tried with ssl-keygen) but I can't seem to get things locked down. When my device is deployed to production I don't want to allow anyone to shell into the OS using ADB. I have set /vendor/build.prop: ro.adb.secure=1 (also tried ro.adb.secure=0) and copied my public key to /data/misc/adb/adb_keys and also tried at the root /adb_keys and rebooted the device. I moved my private key to a hidden location (outside of .Android) so it would not know the private key. However, anytime I do adb devices it shows the device and allows me to connect. I would have expected it to show "unauthorized" or something to that effect. Also I have the following build.prop setting: persist.sys.usb.config=adb. Any help would greatly be appreciated.
--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-platform.
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/664cf2d1-c90b-4c1e-8bee-a2b4f90aa735%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi Bob,You will have to add the public key to the
- store adb private key in file ( lets call it adbkey.user)
- adb kill-server
- Copy/Replace the adbkey.user file to
~/.android/adbkey
(adbkey is text file which stores privatekey of your computer used for purpose of ADB over USB)- adb shell (voila!)
That should work.Regards,
Meet Thakkar
On Mon, 15 Jul 2019 at 12:25, Bob Pfingsten <bobpfi...@gmail.com> wrote:
All,--I am trying to figure out how to lock down ADB so only people that have the pre-generated private key can access ADB through USB or WiFi/Ethernet. I have generated a key pair using adb keygen (also tried with ssl-keygen) but I can't seem to get things locked down. When my device is deployed to production I don't want to allow anyone to shell into the OS using ADB. I have set /vendor/build.prop: ro.adb.secure=1 (also tried ro.adb.secure=0) and copied my public key to /data/misc/adb/adb_keys and also tried at the root /adb_keys and rebooted the device. I moved my private key to a hidden location (outside of .Android) so it would not know the private key. However, anytime I do adb devices it shows the device and allows me to connect. I would have expected it to show "unauthorized" or something to that effect. Also I have the following build.prop setting: persist.sys.usb.config=adb. Any help would greatly be appreciated.
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-...@googlegroups.com.