Is there a way to remote into an android device, either ADB, SSH, or VNC? I know there are various daemons for these methods, but none are 'reverse', meaning that no port-forwarding is required.
Say a device sits behind a firewall/NAT and I want to administer it from it's WAN IP. Instead of configuring a port-forward on the router, I'd connect to the WAN IP on a specific port.
Is this possible?
I see that there's Dropbear for SSHd. I'll have to play with it to see if it can do reverse SSH.
Related
is that possible?i tried sshing to my phone and i got a connection refused error.(the phone's rooted).does anybody know a way to sshing to android?thanks
You should be able to initiate a reverse ssh on the phone to the computer, and then get a terminal from the phone, not sure about an app for reverse ssh though.
On Wifi networks you just need to run an SSH daemon on your phone. There are threads here on XDA discussing how to install dropbear manually, or you can get my (paid) app QuickSSHd from the Market.
If you want to do it via cellular, then it depends on your carrier. Many carriers block incoming connections. If they do, then it would be possible to use SSH tunneling (Use an ssh client on your phone to ssh to your PC and do a port map of the PC's port 2222 to your phone's port 22, finally on your PC ssh to localhost:2222 and get to your phone's ssh daemon)
QuickSSHd on Android Market
QuickSSHd is a secure shell daemon and when setup correctly, it will allow you to ssh from your PC to your Android phone (or other Android device).
Sorry for the late and redundant reply, but I recently got an Android phone and stumbled across QuickSSHd. Of course, I already rooted my phone.
I have given up on working out VPN to my home network so I am giving SSH with ConnectBot a go. I can SSH to my home PC through my modem firewall ok now using key passwordless login (safest I understand) but I can't work out port forwarding.
Is it even possible to tunnel certain ports through my home Ubuntu PC using SSH? I want to access local web servers without opening them out on the Internet, for example sanzbd using the nzbair app or my other home media devices, web cams, etc.
I don't feel comfortable opening anything out on the Internet, even SSH makes me nervous although I understand it is fairly secure using key based log combined with a modem firewall and IDS, so I'd like to access my home network but securely.
I understand SSH is the next best option to VPN. But I can't find any guides.
I also have dyndns set up on my modem so (once that propagates I assume) I should be able to reliably SSH to my home PC.
I am very tired, so I'm sorry if this post is absolutely wrong.
I'm 90% certain you'd want to setup squid on your ubuntu box, so you can proxy through. Then connect with connectbot and then set up a portforward to send all port 80 traffic through on whatever port you got squid running on.
I think that should be at least a decent starting place.
Yeah I agree. I have the port tunelling working for sabnzbd now even if it's a bit flakey (drops out sometimes or the port forward can't be created).
So I'll read up on Squid and enable that on my home PC. That may cover a lot of general traffic from my phone too. I imagine a lot of apps use HTTP.
Synopsis:
Need to bypass corporate web proxy for unfiltered Internet access. Google Chrome is the preferred and tested browser, but Firefox should work as well. Corporate environment utilizes an automated global proxy setting, which must be bypassed using run-time arguments. Since I have a Squid proxy running at home on my cable connection, all I need to do is establish a port-forwarding tunnel from my phone to my house, then another from my laptop to my phone. This will allow me to browse the web and proxy any traffic through my phone to my proxy server at home, around our corporate proxy and firewall. The phone utilizes a DSL connection typically used for testing and other non-business traffic and is isolated from the corporate LAN.
Requirements:
A Web Proxy (Squid instance or other third-party available)
Atrix 2 Rooted (others not tested)
SSHDroid from Google Play
BusyBox (with ssh binary)
Google Chrome or Firefox
Putty SSH Client for Windows or other SSH client software AND a familiarization with SSH tunneling.
Procedure
On the Atrix 2, be sure 'Motorola Phone Portal' mode is configured for the USB connection. This will tell the phone to assign an IP address to the USB interface of the phone. In my case, it is 192.168.16.2. Once that is done, connect your phone to your PC via the USB cable. This may auto-launch IE on your desktop to your phone to the web portal on port 8080 and is not necessary.
On the Atrix 2, launch SSHDroid to enable inbound SSH connections. No special settings were configured in that app for any of this to work.
On your PC, manipulate your Chrome shortcut to use different proxy settings than the default. By default Chrome utilizes the Internet Settings on the PC, so this is necessary if you already have a proxy defined at the OS level. To do this, you must create a new shortcut to Chrome, then right-click on that shortcut, go to properties, and change the 'Target' field to include this information:
--proxy-server="localhost:3128" (don't forget the quotes)
Be sure to use this shortcut to launch Chrome or you will continue to use the OS-level Internet Settings.
Now, launch the Putty SSH client and create a new SSH session to your Android device. Enter the appropriate connection information, and under the Connection/SSH/tunnel section, define the port forward information for the web proxy. In my case I set it to port 3128 forwarding to 192.168.16.2:3128. Save this session. This will tell your PC when the SSH session is established to set up local TCP port 3128 to listen for requests, then forward them to the Android phone across the USB connection on the same port.
Try to connect to your SSH server on your phone. By default, the username is 'root' and password is 'admin' for SSHdroid. You should now be successfully logged into your phone.
In the Putty SSH session on your phone, you will now have to launch a command-line SSH session where you will establish the real tunnel to the real proxy server. Enter 'ssh <REMOTE SSH USERNAME>@<REMOTE SSH HOST> -L <IP OR HOSTNAME OF PROXY>:<PROXYPORT>:<USB NETWORK IP ADDRESS>:<LOCAL PROXY PORT>' (without quotes) to establish the SSH tunnel. Here is what my connection (sanitized) looks like. You can also run 'ssh -?' to get an idea of command-line options for the ssh binary.
ssh [email protected] -L 192.168.1.1:3128:192.168.16.2:3128
This will set your phone to listen on TCP port 3128 on the 192.168.16.2 interface and forward any requests to 192.168.1.1 on the same port. It is important to specify the USB interface as by default it will only set up connections on the localhost (127.0.0.1) interface, which won't accept connections from other remote hosts.
Finally, launch Chrome using the shortcut you created and you should now be sending all web traffic out the USB interface and through your phone to your remote proxy server. You can verify this by connecting to a resource such as your home Internet router on the LAN interface to verify. If you are running Squid at home, you should also be able to view your /var/log/squid/access.log and see your requests.
I have not tested remote web proxies or other methods, but in principle it should work.
Feedback and ideas for improvement are welcome!
I just USB tether and use Tunnelier (because putty does not have auto reconnect) and Proxifier (so I don't have to set the proxy settings in each application I want proxied)
Hi guys.
I'm using my Nexus S as WiFi hotspot. It creates a WiFi LAN, 192.168.43.0/24 subnet.
Phone gets of course two IP: internal IP 192.168.43.1 which serves as gateway for connected clients, and external IP from my ISP.
When I start an SSH server (such as SSHDroid or Dropbear SSH Server), it is listening on external IP,
but I want it to listen only on internal IP (192.168.43.1), so I can connect only from a LAN client.
In the apps settings I didn't found anything related to this, so I ask you.. Is there any way to get an SSH server listening on 192.168.43.1 ?
Thanks
Check the dropbear and sshdroid documentation. You might be able to set this up in a config file, pushed to the phone with adb. Dropbear open_wrt example. If the internal address is tied to a virtual interface, you might be able to have sshd only listen on that interface.
I want to set my Mum's new tablet so that it can only access the Internet via the SSH server running on her Buffalo router (with Tomato firmware).
I've got the server working and accessible remotely and so far the only app I've found that has a Global Proxy setting to redirect everything via the SSH server is SSHTunnel, although I gather that it's not totally reliable when connections drop/change and I can't expect my Mum to cope with monitoring it and re-enabling it manually. When it's disabled, all traffic will just go over local connection unencrypted so that's a concern.
Ideally there'd be some way to setup the SSH settings at a system level, with no way to disable them and force all the traffic go out like this but I'm not sure if there is any way to achieve this.
The other part is setting a firewall (AFWall+ or Android Firewall seem to be the main ones) to only allow traffic via the SSH server. I'm not sure what whitelist rules would be required for this. For example, SSHTunnel connects to the server at x.x.x.x:x, so I presume I'd need a rule to allow connections to this address and this port (I had a quick play with the Avast firewall, which only allows creating custom rules for IP or port, so I'd need two rules with that and it doesn't allow entering the DynDNS name, only a IP address, so that's no good).
Then SSHTunnel has a Local Port (1984) and remote addressort (127.0.0.1:3128) so I presume I'd need rules to allow all of those as well (I'm not sure which of these need to be incoming/outgoing or both). Then there's the question of whether I need to allow other ports like DNS (53) and so on, or if that all goes over the SSH tunnel and doesn't require setting allow rules specifically.
It might be that a VPN server would be more suitable for what I'm trying to acheive than a SSH server and I think the Tomato firmware on the router has that facility (or if the version currently flashed doesn't, there's probably another version I could flash that does), so if that's the case, I'd appreciate advice on locking it down that way instead. Android has built-in VPN support, so it might be possible to use that but it depends on whether it will auto-connect and stay connected all the time or if it requires user intervention and I'll still need to setup firewall rules to prevent data being sent without the VPN in case it does get disabled.
Another issue is whether these firewall rules will prevent the device even being able to connect to any public Wi-Fi points before redirecting the traffic via the SSH/VPN server, which would obviously be no good.
OK, maybe there's another way
I was thinking of setting up a VPN on a Raspberry Pi installed at my parent's house, as they have reasonable broadband speeds, something like 100/10MB. Is there anyway that I could setup my Mum's tablet so that it passes everything through the VPN whether at home or away, so that she doesn't have to worry about toggling the VPN or firewall?
I can point it to the No-IP domain name I've setup but then I think every request would go out onto the Internet (albeit encrypted) before coming back in to the VPN, which would then have to go out again to retrieve whatever webpage, etc is being requested, which would obviously be stupid. If I point it to the LAN IP of 192.168.1.66, that will avoid doing that when at home but won't work when away.
So, any ideas?