Skip to main content

"But the really cool thing that I just got going is doing SSH tunneling with an app called ConnectBot."

Secure port forwarding with ConnectBot on Android

Android is a pretty hot hacker platform. You can pretty much do whatever you want with an Android device, even to the point of bricking it (be careful with those 3rd-party kernels!). I recently gave in to my irresponsible streak and shelled out for a used Nexus One. The first thing I did was gleefully root it and flash the CyanogenMod-flavored kernel that everybody’s been raving about. Supposedly, CM runs slicker and faster, and is rumored to even provide better reception, on the N1. The custom-kernel thing really excites me; it sounds like the Cyanogen team are going to add in a driver to turn on Wireless-N on the Broadcom chip in the N1 in an upcoming release. That same Broadcom chip also includes an FM receiver/transmitter just waiting to be turned on.
I’m not a kernel hacker (I may be some day, but I’m certainly not starting with a mobile device). But I am a hacker, and so the whole portable-console idea of Android gets me all flustered. Yeah, Google Apps integration is great. Yeah, there are lots of cool 3rd-party apps to look at the SD card, sync with Dropbox, remote-control your torrent downloads, add as a drop-in replacement browser, etc. But the really cool thing that I just got going is doing SSH tunneling with an app called ConnectBot.
SSH tunneling is an amazing feature. With it, you can add transport-layer security (TLS) to any program where you have a server-side SSH account. This comes in quite handy for anything where passwords are sent in clear-text (i.e., via HTTP-Auth). When using a device over the air (e.g., any and all smartphones) you should always employ some form of encryption, be it password-level or session-level.
For running on a mobile device, ConnectBot is a very impressive SSH client. It facilitates SSH shell sessions, local/remote SSH port forwarding, shell-less SSH sessions (for port-forwarding only), and public key management. It also makes good progress in overcoming the ridiculous barrier of using a touchscreen keyboard to command a UNIX shell.
I’m going to walk through the steps required to setup port forwarding with ConnectBot. I’m going to assume here that I’ve got SSH access on a box running a webserver on port 80. By the end, we will have our own home-rolled http+TLS.
  • Download ConnectBot from the Android market (it’s free).
  • Launch ConnectBot. It’ll give you a nice little overview of the features, i.e., how to use the Ctrl key.
  • Enter an username@server in the bottom text box.
  • ConnectBot will initiate the connection. As this is very likely a key new to your phone, ConnectBot will ask you if you want to continue connecting (anybody who’s SSH’d into a box for the first time has seen this). Select “Yes”.
(On the N1, the onscreen keyboard stays up and hides the dialog box at the bottom of the screen. Hold down the menu softkey at the bottom until the keyboard disappears, then select “Yes”.)
  • Enter your password. You’ve now got a live connection to the server!
  • Tap the Menu key. Select the “Port Forwards” option. Tap the Menu key again and select “Add port forward”.
  • Ok, you’re now at the point where you can set up the forward. ConnectBot gives the option of local forwards (equivalent to the “-L” ssh command-line flag) and remote forwards (equivalent to “-R”). I always use local forwarding for this sort of thing, but YMMV (your method may vary). Enter the “Source port”, i.e., which point you want to connect to on your local device, and the “Destination”, where you want to connect to on the destination network. For a webserver running on the same box we’re connecting to, we’ll use these values:
Source port: 8080 Destination: localhost:80
What this means is that we’re going to connect to “localhost:8080” in our browser, and that will tunnel a connection to the “localhost” on the remote end (the server we’re connected to) on port 80 (the standard port reserved for HTTP).
  • Tap “Create port forward”.
And that’s it! You can now load your browser of choice, type “localhost:8080” into the location, and voila, you have a TLS-enabled connection to the remote server! Now, of course you’re not going to be using this much for remote web browsing, as you likely don’t have SSH accounts on all of your favorite web servers. But you can definitely use this for any sort of web interface that you might have on a box at home or at work.


Popular posts from this blog

MarsEdit 4

I've been using MarsEdit for just over seven years. I started with version 2, and then upgraded to version 3 in 2010.Now, in 2018, I just upgraded to version 4. This is my first post with the upgrade and I'll report on it in a little while as I get used to the new version.Here is what Daniel of Red Sweater Software has to say about his product:Browser-based interfaces are slow, clumsy, and require you to be online just to use them. Browsers are perfect for reading web content, but not ideal for creating it. If you're serious about writing for the web, you need a desktop blog editor. If you're lucky enough to have a Mac, nothing is more powerful, or more elegant than MarsEditRich and Plain Text Editing MarsEdit's editor switches easily from Plain to Rich Text, so you can work in whichever format you prefer. Love Markdown? MarsEdit can preview it and convert it to HTML if needed.Wildly Compatible Works with WordPress, Blogger, Tumblr, TypePad, Movable Type, and any …

Resistance Is Futile

Some of the trains that run from London Kings Cross to Cambridge divide at Cambridge. Part of the train goes on to Kings Lynn and the rest stops at Cambridge and does the run back to London. Perhaps it picks up other carriages coming from somewhere else, I don’t know but it seems likely.When you get on the train and before it sets off, there’s a public announcement announcing how the train divides. It explains that the train is composed of eight carriages and that passengers wanting to travel beyond Cambridge should ensure that they are in the front four carriages.The rear four carriages are of course nearest the barrier, so we choose to sit in one of those carriages if for no other reason than that we don’t have to walk so far to find a seat.So there we are and the voice comes over with the announcement. And then there is a pause and then a voice tells you what carriage you are in. So we hear ‘Six of Eight’ or ‘Seven of Eight’ – and every time I hear it I think of Star Trek, ‘Three o…

Business For Britain Is Concerned With Business For Britain

This report in the New York Times today

LONDON — Is British business fretting about the risks of the country drifting out of the European Union? Or does it crave a looser relationship with Continental allies, one free from meddlesome regulation?
The answer to that question remained unclear Monday after a newly formed group of business leaders argued for a renegotiation of Britain’s membership terms — echoing the policy of Prime Minister David Cameron, who in January promised voters a referendum on whether the country would remain in the Union.
The new group, called Business for Britain, is intended to counter the intervention of pro-E.U. business leaders who have warned of the dangers of Britain slipping out of the 27-nation bloc and its single market of 500 million people. A statement released Monday to announce the group’s formation was signed by about 500 executives.
I think this opinion in the New York Times article is interesting:

Never much attracted to the idea of European unity,…