Skip to main content

"But the really cool thing that I just got going is doing SSH tunneling with an app called ConnectBot."

Secure port forwarding with ConnectBot on Android

Android is a pretty hot hacker platform. You can pretty much do whatever you want with an Android device, even to the point of bricking it (be careful with those 3rd-party kernels!). I recently gave in to my irresponsible streak and shelled out for a used Nexus One. The first thing I did was gleefully root it and flash the CyanogenMod-flavored kernel that everybody’s been raving about. Supposedly, CM runs slicker and faster, and is rumored to even provide better reception, on the N1. The custom-kernel thing really excites me; it sounds like the Cyanogen team are going to add in a driver to turn on Wireless-N on the Broadcom chip in the N1 in an upcoming release. That same Broadcom chip also includes an FM receiver/transmitter just waiting to be turned on.
I’m not a kernel hacker (I may be some day, but I’m certainly not starting with a mobile device). But I am a hacker, and so the whole portable-console idea of Android gets me all flustered. Yeah, Google Apps integration is great. Yeah, there are lots of cool 3rd-party apps to look at the SD card, sync with Dropbox, remote-control your torrent downloads, add as a drop-in replacement browser, etc. But the really cool thing that I just got going is doing SSH tunneling with an app called ConnectBot.
SSH tunneling is an amazing feature. With it, you can add transport-layer security (TLS) to any program where you have a server-side SSH account. This comes in quite handy for anything where passwords are sent in clear-text (i.e., via HTTP-Auth). When using a device over the air (e.g., any and all smartphones) you should always employ some form of encryption, be it password-level or session-level.
For running on a mobile device, ConnectBot is a very impressive SSH client. It facilitates SSH shell sessions, local/remote SSH port forwarding, shell-less SSH sessions (for port-forwarding only), and public key management. It also makes good progress in overcoming the ridiculous barrier of using a touchscreen keyboard to command a UNIX shell.
I’m going to walk through the steps required to setup port forwarding with ConnectBot. I’m going to assume here that I’ve got SSH access on a box running a webserver on port 80. By the end, we will have our own home-rolled http+TLS.
  • Download ConnectBot from the Android market (it’s free).
  • Launch ConnectBot. It’ll give you a nice little overview of the features, i.e., how to use the Ctrl key.
  • Enter an username@server in the bottom text box.
  • ConnectBot will initiate the connection. As this is very likely a key new to your phone, ConnectBot will ask you if you want to continue connecting (anybody who’s SSH’d into a box for the first time has seen this). Select “Yes”.
(On the N1, the onscreen keyboard stays up and hides the dialog box at the bottom of the screen. Hold down the menu softkey at the bottom until the keyboard disappears, then select “Yes”.)
  • Enter your password. You’ve now got a live connection to the server!
  • Tap the Menu key. Select the “Port Forwards” option. Tap the Menu key again and select “Add port forward”.
  • Ok, you’re now at the point where you can set up the forward. ConnectBot gives the option of local forwards (equivalent to the “-L” ssh command-line flag) and remote forwards (equivalent to “-R”). I always use local forwarding for this sort of thing, but YMMV (your method may vary). Enter the “Source port”, i.e., which point you want to connect to on your local device, and the “Destination”, where you want to connect to on the destination network. For a webserver running on the same box we’re connecting to, we’ll use these values:
Source port: 8080 Destination: localhost:80
What this means is that we’re going to connect to “localhost:8080” in our browser, and that will tunnel a connection to the “localhost” on the remote end (the server we’re connected to) on port 80 (the standard port reserved for HTTP).
  • Tap “Create port forward”.
And that’s it! You can now load your browser of choice, type “localhost:8080” into the location, and voila, you have a TLS-enabled connection to the remote server! Now, of course you’re not going to be using this much for remote web browsing, as you likely don’t have SSH accounts on all of your favorite web servers. But you can definitely use this for any sort of web interface that you might have on a box at home or at work.

Popular posts from this blog

Giveaway Tools

After looking at an article on InsightScope about contest giveaways, I just read the FAQs for one of the tools, which is KingSumo Giveaway and I see that as at the time the FAQs were prepared, the tool doesn't integrate with Mailchimp. Instead you have to download a CSV and upload.Also, there is a warning that the tool may not be compatible with Facebook's terms in the future.Finally, there is a long, convoluted way you have to deal with duplicate content, which is described in the FAQs as follows: I’m concerned about duplicate pages for SEO We don’t create new pages, just add a parameter to your URLS. Google just sees the original page and URL structure. What we recommend if Google results are important is to run the tool, then once it looks like a winner I’d change the Title to the winner and the original URL. Remove the other titles. We are working on a fix to make this easier.Advanced users:Utilize the parameter tools in Google’s Webmaster Tools and set the Headline plugi…

My Blog Is Carbon Neutral

I am pleased to be able to make the statement in the title to this article and I want to explain how I have done it and how I came to hear about the scheme that enables it.

The first step along the path that brought me to this happy state is that I have joined Seeded Buzz.

The idea behind Seeded Buzz is for the members to plant seeds - which means telling other bloggers about their blog posts and inviting them to continue the conversation on their blogs with a link back to the original post on their blog.

Well I have found a blog post from one of the members that covers a subject that interests me.

Seeded Buzz points out that better the Seed conversation and the more extendable / debatable it is, the more other bloggers will Buzz about it on their blogs and link to the original post.

And as we all know, links are the engine that pumps searches - and these are the lifeblood of the internet.

The seeder profile I found was from Thomas Chasm who blogs about a lot of different categories …

Jean-François Millet and John Everett Millais

Jean-François Millet and John Everett Millais - How not to mix them up

John Everett Millais John Everett Millais (1829 – 1896)was a Pre-Raphaelite painter (one of the founders of the Pre-Raphaelite Brotherhood) who painted colourful (too colourful?) paintings - mostly of people. His most famous is probably Ophelia, lying back arms surrendering to the current.

Jean-François Millet
Jean-François Millet (1814 – 1875) was a French painter and one of the founders of the Barbizon school in rural France. Millet painted realistic rural scenes - peasant farmers, sheep, trees - in a muted pallette that were nontheless romantic.