SSH, OpenSSH

SSH

  • Secure is an abbreviation for Secure shell protocol that provides security for remote login
  • With SSH, all transmitted data can be encrypted, while man-in-the-middle attacks cannot be implemented, preventing DNS spoofing and IP spoofing

OpenSSH

  • SSH is a free open source implementation of the SSH protocol
  • We can use OpenSSH to remotely log in Mac to iPhone

How to use OpenSSH to remotely log in to iPhone?

Install OpenSSH

  • First, you need to install the OpenSSH tool on your iPhone via Cydia by adding the software source apt.saurik.com.
  • After the installation is complete, you can view DESCRIPTION under OpenSSH to see how to use it.

Use OpenSSH to remotely log in to aN iPhone

  • SSH communicates over TCP, so ensure that the Mac and iPhone are on the same LAN

  • Specific connection steps:

    • On the Mac terminal, enter the SSH account name@server host address
    SSH [email protected]Copy the code
    • If you log in for the first time, the permission verification is displayed. Enter Yes
    • It then asks you to enter your password, which is alpine by default
    • Enter the password and log on to the iPhone.
    • To log out, type Exit

  • There are two types of users on the iPhone, root and mobile

    • $HOME is /var/root
    • $HOME is /var/mobile. The login method of a mobile user is the same as that of the root user
    • After logging in to the root and mobile accounts, run the following command to change the passwords of the root and mobile accounts:
    passwd
passwd mobile
Copy the code

SSL, OpenSSL

SSL

  • Short for Secure Sockets Layer, a security protocol that provides security and data integrity for network communications, encrypting network connections at the transport Layer

OpenSSL

  • SSL is an open source implementation of SSL
  • Most CURRENT Https requests are equivalent to Http+OpenSSL
  • The OpenSSH encryption we used before is actually implemented through OpenSSL.

SSH communication process

SSH communication consists of three phases

Establishing a Secure Connection

  • During the establishment of a secure connection, the server provides its own proof of identity.
  • If the client does not have the public key information of the server, it will ask whether to connect to the server.
  • If the connection is confirmed, the client stores the public key information of the server in ~/. SSH /known_hosts
  • If the server IP address is changed, you can delete the existing public key information in ~/. SSH /known_hosts and access it again.
  • In addition to manually deleting public key information, you can also run the following command to delete public key information
Ssh-keygen -r Indicates the IP address of the serverCopy the code

Client Authentication

Ssh2 provides two account authentication modes

Password-based client authentication

Client-side authentication based on secret keys (password-free login)

  • Run the following command to generate a Pair of associated keys on the client: a Public Key, a Private Key,
ssh-keygen
Copy the code

In this case, two additional files id_rsa and id_rsa.pub are stored in the ~/. SSH folder

  • Append the client’s public key to the end of the server’s authorization file (~/.ssh/authorized_keys)
Ssh-copy-id root@Host ADDRESS of the serverCopy the code

  • You can also manually append the public key to the authorization file on the server

    • Copy the public key of the client to a path on the server
    SCP ~/. SSH /id_rsa.pub root@ Server host IP address :~Copy the code
    • Logging In to the Server over SSH
    SSH root@Host ADDRESS of the serverCopy the code
    • Create an.ssh folder on the server
    mkdir .ssh
Copy the code
    • Appends the public key content to the end of the authorization file
    cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
Copy the code
    • Delete the public key
    rm ~/id_rsa.pub
Copy the code

If password-free login is enabled, you still need to enter the password. To set file permissions on the server, run the following command:

chmod 755 ~
chmod 755 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
Copy the code

The data transfer

Log in over SSH using a USB device

22 port

  • A port is a window for the device to provide external services. Each port has a port number (2^16 in the range of 0 to 65535).
  • Some port numbers are reserved and have specified uses
  • By default, the iPhone uses PORT 22 for SSH communication and uses TCP

Log in over SSH using a USB device

  • By default, the Mac uses SSH to log in to the iPhone over a network connection because SSH uses TCP, requiring the iPhone to connect to WiFi
  • To speed up the transfer speed, you can also log in over SSH over a USB connection.
  • There’s a service on the Mac called USBMUxd (which starts automatically when you start up) that transfers Mac data to the iPhone via USB. It’s at the following address:
/System/Library/PrivateFrameworks/MobileDevice.framework/Resources/usbmuxd
Copy the code

Use the USBMUxD tool to map ports

  • Download the USBMUxD toolkit at the following address (download v1.0.8, using the two Python scripts in it: tcprelay.py and usbmux.py)

Both Python scripts fail to run under Python 3 and need to be run under Python 2

  • Run the following command to map port 22 (SSH port) on the iPhone to port 10088 on the Mac

Port 10088 here can be defined arbitrarily, as long as the reserved port number is not used.

cd~/Documents/ usbmuxD-1.0.8 /python-client Python tcprelay.py -t 22:1088Copy the code

-t is added to support multiple SSH connections at the same time. Note: Do not terminate this command line to preserve port mapping status (open a new terminal interface if you want to execute another terminal command line)

  • After the port mapping is complete, if you want to communicate with iPhone port 22, you can directly communicate with Mac local port 10088
  • Open a terminal and run the following command to log in to local Mac 10088 using SSH
ssh root@localhost -p 10088
Copy the code

The USBMUxD forwards TCP data from port 10088 on the Mac to port 22 on the iPhone over a USB connection

  • Remote copy files can also communicate directly with the local Mac port 10010
# copy the ~/Desktop/1. TXT file from Mac to ~/test on iPhone
scp -P 10088 ~/Desktop/1.txt root@localhost:~/test
Copy the code

Use the ITNL tool for port mapping

  • First download the ITNL tool
  • CD Go to the itNL tool directory
  • Execute the command
./itnl --lport 22 --lport 10088
Copy the code

If permission deny occurs, use chmod 755 itnl to add execution permission to ITNL

  • Instead of closing the current window, open a new terminal window and log in to port 10088 on the MAC using the following command
ssh root@localhost -p 10088
Copy the code

Chinese garbled characters on iOS terminals are abnormal

By default, terminals cannot display Chinese characters. The solution is as follows: Create a ~/. Inputrc file.

# Do not convert Chinese characters to escape sequences
set convert-meta off 

Allow Chinese output to terminal
set output-meta on

Allow Chinese input to terminal
set meta-flag on 
set input-meta on
Copy the code

If you want to edit file contents from your terminal, you can install a Vi IMproved via Cydia (http://apt.saurik.com)