Is the file system you are putting the dropbear binary on mounted: "noexec" ?
Also note these:
Code:
root 463 0.4 0.2 2296 668 ? Ss 11:23 0:00 /bin/sh /etc/init.d/rcS
root 475 0.0 0.0 2296 252 ? S 11:23 0:00 /bin/sh /etc/init.d/rcS
root 476 0.3 0.2 2296 696 ? S 11:23 0:00 /bin/sh /etc/rcS.d/S50diags start
Which is:
1: Unusual
2: Probably indicates the kernel ran an "Early User Space" root before it got to where it is at now.
3: Indicates that 11 jobs ran to completion between pid 463 and pid 475
4: lookup code Ss, that is probably an rcS from the 'EUS' in the initramfs that did not get cleaned up, might be something else.
In init_sshd():
Ref:
http://linux.die.net/man/8/dropbear
Add -E and also redirect 2>to_some_/mnt/us/filename
Add -p 22 :: no address specified, will listen on all available interfaces
Add -g
Add -K 0 :: no time-out specified, disables keep-alives
- - - -
And if really desperate - add an strace -fF with output to /mnt/us/somefilename