Control your iPhone from ANYWHERE it goes

[Lintrix]

First, change your listening port (ssh) to something above 1201 like 5000, this will allow non-root administration.

I've tried to make the ssh port and tried to forward to 5002, which came up with the same error, failed to open port.

Ok, well I would prefer if you ran a Unix system ie mac linux... but if you cant... please learn/run cygwin (which is a full cli interface)

Thanks, i will install this tonight. Its a pretty big download if i install the whole package =P

You will have to sift through everything and make sure to do your own google research regarding "SSH" and "Windows loopback adapter"

Windows = winblows =P

If you believe you have properly created a loopback adapter for localhost (which may not be 127.0.0.1).. and still are having problems, contact me via michael_withe21@hotmail.com

Hm... the freeSSHd service actually has a "tunneling" service. I'm not sure what exactly it does but i highly doubt it creates any kind of loopback device drivers for windows. I'll play around with it for awhile.

 

[michaelwithe21]

UPDATE: So through testing...

The tunnel stays connected no matter where the phone goes, AND EVEN WHEN YOU LOCK THE PHONE!!!

just like when you SSH into your phone, when you lock your screen, the ssh is unable to work, BUT, the path is still there and the connection is stable.... meaning, this command only needs to be ran ONCE!!! If the user unlocks the iphone, all you have to do is connect... BUT WITHOUT HIM UNLOCKING IT... this is what happens...

Once the tunnel is created from terminal, the iPhone CAN be locked, when the remote user tries to connect to the iPhone via cotvnc or jolly, it will prompt the locked iPhone user to accept or deny, if accept is hit, the remote user can slide the bar to unlock...

SO, whenever saurik gets around to allowing passwords with Veency, it should no longer ask for iPhone holders permission to connect remotely... allowing for remote connection to your iPhone no matter who has it or where he is...

GET THIS KNOWN PEOPLE!!! THIS MEANS WE CAN RUN SERVERS TO ONLY SPECIFIC REMOTE USERS (Our home/work computers)!!!

 

[michaelwithe21]

Double posted my update.. you cant "delete" a post you made?!?!? you can only "edit" it?? no way, gatta be a way =P

 

[Lintrix]

I still can't my iPhone to open a remote port, but you'll be happy to hear, Michael, that Saurik has updated Veency to work great with 3GS.

 

[M-5]

Would you be able to access the iPhone camera as well? That would be neat.

 

[Lintrix]

Update:

Well I have some progress now. As you may know, i am running Windows XP, and apparently freeSSHd isn't very good for this so i installed Cygwin & openSSH.

I no longer get could not open remote port, however i get this error when trying to connect with command:

$ ssh -p 1201 localhost
ssh_exchange_identification: Connection closed by remote host

and on MobileTerminal i get this when it happens:
connect_to localhost: unknown host (nodename nor servname provided, or not known)


HOWEVER: VNC/Veency DOES work! Although extremely slow and i have to accept connection from "127.0.0.1" on the iPhone, it works. ( for a limited time )

After awhile i get an error:

$ Write failed: Operation not permitted

and both the VNC and SSH connection are terminated.

 

[Lintrix]

Would you be able to access the iPhone camera as well? That would be neat.

Technically you can do anything because you have administrator access to your phone at your fingertips.

As of right now the only tools available right now for that is to connect to your phone via VNC/Veency and choose Camera.

 

[michaelwithe21]

Update:

Well I have some progress now. As you may know, i am running Windows XP, and apparently freeSSHd isn't very good for this so i installed Cygwin & openSSH.

I no longer get could not open remote port, however i get this error when trying to connect with command:

$ ssh -p 1201 localhost
ssh_exchange_identification: Connection closed by remote host

and on MobileTerminal i get this when it happens:
connect_to localhost: unknown host (nodename nor servname provided, or not known)


HOWEVER: VNC/Veency DOES work! Although extremely slow and i have to accept connection from "127.0.0.1" on the iPhone, it works. ( for a limited time )

After awhile i get an error:

$ Write failed: Operation not permitted

and both the VNC and SSH connection are terminated.

first, make sure you are logged in as "root" (login root) on your iphone when giving commands, also make sure you are admin on the remote computer...

are you using DSA/RSA keys or passwords for ssh?

The "accept connection" feature will be disabled when veency supports passwords.

VNC allows you to connect to the camera, it allows you to connect to anything, but if the thief is looking at the screen, he will see the same as the VNC remote.

Still working it out guys... but the connection seems to maintain, the only draw back seems to be located in the veency application, which is requiring permission every session created... but the TUNNEL is remaining, and the ssh allows VNC to tunnel through!

UPDATE:

I applied DSA keys, ran the script, and now a .command file can be launched from the iPhone's terminal to start SSH tunnel to computer...

I will be posting a youtube video demonstrating some of it very soon!

 

[michaelwithe21]

Posted Youtube

I demonstrated controlling your iphone over 3G internet on this video on youtube:

http://www.youtube.com/watch?v=2bxBr5ARrjA

hopefully bugz will be out soon!

 

[Lintrix]

btw Michael, its working for me now. abeit extremely slow at times.

Quick question though, wouldn't the "thief" technically be able to operate on your home computer under your username if you did this?

 

[Rescuer]

I demonstrated controlling your iphone over 3G internet on this video on youtube:

http://www.youtube.com/watch?v=2bxBr5ARrjA

hopefully bugz will be out soon!

You could edit out a lot of things from your video and make it 2 minutes

 

[michaelwithe21]

btw Michael, its working for me now. abeit extremely slow at times.

Quick question though, wouldn't the "thief" technically be able to operate on your home computer under your username if you did this?

IF you use the command that i gave (just -R), yes, if the theif opens up the mobileterminal app and sees that it is still logged into your computer... BUT

I used -R for testing reasons... Once you know it works, USE THIS COMMAND TO RUN IN BACKGROUND

ssh user@IP -f -N -R 1201:localhost:5900

ANYONE KNOW if you can use -fNR instead of -f -N -R?

This command does not show your computer's information, nor does it stay "logged in"... NOTE: it does show your computers ssh banner if you have one... BTW: I am currently using DSA ssh Keys (back and forward) with an SSH banner, the sshd_config file seams to be working flawlessly... NOTE: still unable to change iphone's default SSH listening port... hmm gatta do some research.

 

[michaelwithe21]

You could edit out a lot of things from your video and make it 2 minutes

hey man, im just a network IT guy, not a director =P

 

[michaelwithe21]

Update

updated youtube video, fixed lock screen glitch... but still waiting for veency to support passwords

http://www.youtube.com/watch?v=4sBInVH6ND0

 

[Rescuer]

hey man, im just a network IT guy, not a director =P

I look forward to easy instructions as the bugs get worked out with the password and whatnot

thanks for this

 

[michaelwithe21]

I look forward to easy instructions as the bugs get worked out with the password and whatnot

thanks for this

i know! i wish i could do the same =P

 

[JSteezy]

help...

Michael do u think u cud help me...? I tried making the tunnel wit mobileterminal. I logged into root and typed in
ssh -p 5900 Owner@**.***.***.*** -R 5002: localhost: 23

But it keeps telling me "Bad Remote Forewarding Specification"

I've googled trying to figure out how to fix this but haven't found anything yet.

Any help you cud give me wud be greatly be appreciated...i saw ur videos and it looks like it cud be REALLY useful! One thing that wud help too is if u cud make a video explaining how to set up the tunnel and how to get it working...it wud prolly make this process ten times easier seeing it done.

Thanks,

 

[michaelwithe21]

Michael do u think u cud help me...? I tried making the tunnel wit mobileterminal. I logged into root and typed in
ssh -p 5900 Owner@**.***.***.*** -R 5002: localhost: 23

But it keeps telling me "Bad Remote Forewarding Specification"

I've googled trying to figure out how to fix this but haven't found anything yet.

Any help you cud give me wud be greatly be appreciated...i saw ur videos and it looks like it cud be REALLY useful! One thing that wud help too is if u cud make a video explaining how to set up the tunnel and how to get it working...it wud prolly make this process ten times easier seeing it done.

Thanks,

the only reason i didnt make a video with those instructions is because it would show my IP address, so instead i just put the command in the background...

I have to assume you are jailbroken, you have Veency and openSSH installed on your iphone...

YOUR command has many errors... the most obvious being the spaces before and after the localhost, here are the correct commands

Command for forwarding iPhone's VNC server to an SSH server on port 22 (this port 22 can remain default for VNC ONLY):

ssh -p 22 Owner@IPAddress -f -N -R 1201:localhost:5900

THE -f -N will make the reverse connection stay connected (warning, using -f -N will require full restarts on both ends to kill connection) 1201 being the port on your computers localhost and 5900 being the iphone's VNC server that is being forwarded

Command for forwarding iPhone's SSH to an SSH server on port 2222 (Setup SSH server on any other than 22 as to not require root permissions and/or conflict when forwarding same ports) NOTE: this will allow for remote SSHing to your iPhone no matter where it goes.

ssh -p 2222 OwnerIPAddress -f -N -R 1202:localhost:22

1201 being the port you will ssh into on your computers localhost.


Once tunnels are created, use these to connect your computer to its localhost:

Open a VNC Client and use this information

VNC IP: localhost or 127.0.0.1
VNC Port: 1201
VNC Password: (Blank)

Open Terminal and enter this command to ssh to the iPhone:

ssh -p 1202 root@localhost


Hope this helps!

 

[JSteezy]

Hmm...

Thank you for replying! And soo quickly too!! =D

So i logged into root.
Then i typed in the first command you gave me:
ssh -p 22 Owner@**.***.***.*** -f -N -R 1201:local host:5900

And it came back with a message saying:
"connect to host on (my i.p address) port 22: connection refused"

I dont really know what this means...or if its going to require me to do something else. (sorry..these questions probably sound really stupid to you)

I'm waiting to typing in the second command you gave me. I'm not sure if it will work properly without the first one, so I don't know how that one will turn out.

Thank you SOOOO much,

 

[H2os]

Well, I have to say the concept is pretty smart.
But did you think about the consequences?
By setting-up a SSH session to your server / PC you are giving the THIEF ACCESS TO YOUR PC!
Only thing he has to do is start the terminal app and he's on YOUR MACHINE! He can then install some keyloggers, spyware or whatever!

Please be wise, and close or delete this thread. The concept is smart, but it has not been thought over well enough and is NOT SAFE

 

[gr8whtd0pe]

Well, I have to say the concept is pretty smart.
But did you think about the consequences?
By setting-up a SSH session to your server / PC you are giving the THIEF ACCESS TO YOUR PC!
Only thing he has to do is start the terminal app and he's on YOUR MACHINE! He can then install some keyloggers, spyware or whatever!

Please be wise, and close or delete this thread. The concept is smart, but it has not been thought over well enough and is NOT SAFE

yeah... except you cant just install stuff on os x with out your password, and since he isnt logged into terminal as sh then there is no real worry..

 

[michaelwithe21]

Well, I have to say the concept is pretty smart.
But did you think about the consequences?
By setting-up a SSH session to your server / PC you are giving the THIEF ACCESS TO YOUR PC!
Only thing he has to do is start the terminal app and he's on YOUR MACHINE! He can then install some keyloggers, spyware or whatever!

Please be wise, and close or delete this thread. The concept is smart, but it has not been thought over well enough and is NOT SAFE

Please be wise and NEVER ask n e 1 to DELETE/CLOSE their post, especially if you are half retarded.


The Tunnel Command I show above DOES NOT ALLOW THE THEIF TO LOGIN TO YOUR SSH, IT RUNS IT IN THE BACKGROUND OFF OF ROOT... so the theif would need your IP/sshpassword/rootpassword and so on to access your home server... If the theif opens up terminal, he will see the same thing as n e one's iphone... test method before claiming something people! =P

SSH servers are one of the MOST secure "servers" that you can run to remotely access your home computer. I have used an SSH server on my home computer using a non-default port, DSA keys with pass-phrases (which is really paranoid), A firewall only allowing ATT and other IP addresses.

Running any server on your computer is "less secure", so unless your a CEO of a billion dollar corporation, keep it on a default port with a password. Computer security relies on the user not the computer, dont hand your passwords out, and set up your SSH server on a non-default port and you will be fine...

For the SUPER PARANOID with Router's and Firewalls:


Setup SSH on port above 50000 (thwarts basic port scanners), forward ONLY that port to ONLY a single internal IP

ONLY Allow ONE account (admin or not) to have access to this server (this can be done through mac/systempreferences/sharing)

Create DSA Private Keys with Pass-phrases. Passworded DSA keys have never been cracked, RSA have been, but ONLY with NO-PASSWORDED keys.

Allow ONLY DSA keys (not passwords) to your server by editing the sshd_config file within private/etc

PasswordAuthentication no
#PermitEmptyPasswords no

Setup VNC server on any port above 50000, allowing ONLY access from localhost 127.0.0.1 (require loopback SSH)

ONLY Allow Certain ranges of IP's to access your server (any incoming firewall like flyingbuttress)
AT&T IP Ranges:
32.0.0.0 - 32.255.255.255
166.128.0.0 - 166.128.255.255
166.135.0.0 - 166.135.255.255
166.191.0.0 - 166.191.255.255
166.134.0.0 - 166.134.255.255
166.205.0.0 - 166.205.255.255
166.190.0.0 - 166.190.255.255


If you are not behind a router AND do not have a firewall, I would not recommend running ANY servers on your home computer. But if you are going to run one, this is by far one of the most secure servers of the world...

We are only as "safe" or "secure" as the Admin makes us, doesnt matter what OS your running, you NEED a firewall, and you NEED to change your passwords every once in a while... opening ports for torrents or other reasons leave you open... UPNP is too slow to rely on

THIS POST IS NOT DEDICATED TO DEBATING THE SECURITY OF SERVERS, IT IS HERE TO DESCUS HOW TO USE SSH into the iPHONE NO MATTER WHERE IT GOES!!

But... if you ask me, its the safest thing in the world =P

 

[michaelwithe21]

Thank you for replying! And soo quickly too!! =D

So i logged into root.
Then i typed in the first command you gave me:
ssh -p 22 Owner@**.***.***.*** -f -N -R 1201:local host:5900

And it came back with a message saying:
"connect to host on (my i.p address) port 22: connection refused"

I dont really know what this means...or if its going to require me to do something else. (sorry..these questions probably sound really stupid to you)

I'm waiting to typing in the second command you gave me. I'm not sure if it will work properly without the first one, so I don't know how that one will turn out.

Thank you SOOOO much,

First off, your command is incorrect AGAIN... please be carefull when typing it in... your command has a SPACE between localhost.... this should not be there... Also, make sure your IP address is your EXTERNAL IP, not internal... google "what is my ip" and use that IP...

So lets assume you think you did enter the correct command, the error you show states your SSH server is not running properly... DO THIS:

go into your computer's terminal, type:

ssh -p 22 User\ Name@localhost

Example: ssh -p 22 Michael\ Withe@localhost

PAY CLOSE ATTENTION TO THE \, it needs to be there LIKE THAT for spaces to work within a User Name.

Tell me what happens after you hit enter, this is a command that will check to see if you are running the server localy at all... if you are, you should be prompted for password, if you get rejected, your SSH server may not be properly set up.

Please make sure you understand SSH and running a server behind a firewall/router before attempting this.

Follow me on Twitter people for simple questions:
Twitter:
yartpb

Email:
michael_withe21@hotmail.com

 

[thep33t]

NOTE: still unable to change iphone's default SSH listening port... hmm gatta do some research.

Changing the ssh port should be no different from any other linux machine...

vi /etc/ssh/sshd_config


a few lines down you will see port 22, change that to whatever you wish... voila!

I haven't tested this yet, but no reason it should not work.

 

[michaelwithe21]

Changing the ssh port should be no different from any other linux machine...

vi /etc/ssh/sshd_config


a few lines down you will see port 22, change that to whatever you wish... voila!

I haven't tested this yet, but no reason it should not work.

oh i tested it =P, was the first thing i tried =/

ya, mac requires alot more to change listening port... I changed it on the iPhone's:
Private/etc/ssh/sshd_config

rebooted my phone, and still no listening change... hmm, maybe someone els can take a shot at it...