Two, connect the mobile phone
2.1 wifiLog in to check your phone
Use the OpenSSH plug-in to connect to the mobile phone through WIFI, and enter the format of SSH username @mobile phone IP on the MAC terminal
SSH [email protected]Copy the codeIn this case, the mobile phone is the server and the PC is the client. OpenSSH enables the mobile phone to enable the SSH login service.
Default password: alpine
The system prompts you to save the file for the first time. You need to enter Yes to save the file and continue
➜ ~ ssh [email protected]
The authenticity of host '192.168.2.186 (192.168.2.186)' can't be established.
RSA key fingerprint is SHA256:Ae5Y7TUos3lIHFOyPSy4/HcQmYmcjeN4oxYI4goC7NBWqaf.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Copy the codePs: The hash value of the public key has not been tampered with.
Type in your password: alpine (default) and login is successful:
[email protected] 's password: iPhone - XS - Max: ~ root#Copy the codeSh mobile: sh mobile: sh mobile: sh mobile: sh mobile: sh mobile
2.2 Viewing File Directories
In the root directory, you can see the following system files. You can also access the root directory by CD / :
iPhone-XS-Max:~ root# ls
Library/ Media/
iPhone-XS-Max:~ root# cd /
iPhone-XS-Max:/ root# ls
Applications/ Developer/ Library/ System/ User@ bin/ boot/ cores/ dev/ etc@ lib/ mnt/ private/ sbin/ tmp@ usr/ var@
iPhone-XS-Max:/ root#
Copy the codeYou can also see the list of apps on your phone.”
iPhone-XS-Max:/ root# cd Applications/
iPhone-XS-Max:/Applications root# ls
AXUIViewService.app/ FieldTest.app/ SLGoogleAuth.app/
AccountAuthenticationDialog.app/ FindMy.app/ SLYahooAuth.app/
ActivityMessagesApp.app/ FindMyiPhone.app/ SMS\ Filter.app/
Copy the codeCheck the current process of the phone through PS-A,
Do you want to see an app on your phone installation directory (WeChat, for example: need to WeChat first run in the foreground) : ps – A | grep WeChat
iPhone-XS-Max:/Applications root# ps -A PID TTY TIME CMD 1 ?? 299? What. 67 / sbin/launchd is that it? Besides, 48 / usr/libexec/substituted 300?? 0:00. 00 (amfid) 376?? 0:00. 00 / usr/libexec/amfid 387?? 0:00. 30 / System/Library/PrivateFrameworks/AppleCredentialManager framework/AppleCredentialManagerDaemon some -- -- -- -- - is omitted 33511?? 0:00. 08 / usr/libexec/GPSD? 33514? 0:00. 17 / System/Library/PrivateFrameworks/MobileBackup framework/backupd 33030 ttys000 0:00. 07 - sh 33521 ttys000 0:00. 02 ps - A - branch here to see more clear the iPhone - XS - Max: / Applications root# ps - A | grep WeChat? 815? 2560:27.65 / var/containers/Bundle/Application / 0 fbc53d3 - FEDF - 464 - d - A855-7 a32cc595764 / WeChat app/WeChat. 33506 ?? 0:03. 75 / var/containers/Bundle/Application / 0 fbc53d3 - FEDF - 464 - d - A855-7 a32cc595764 / WeChat app / 33525 ttys000 WeChat 0:00.02 grep iphone-XS-max :/Applications Root#Copy the codeAt this point the MachO file path is found.
2.3 Exit the Mobile phone
Control + D or exit to log out
Iphone-xs-max :/Applications Root# exit logout Connection to 192.168.2.186 closedCopy the code2.4 user
There are two iOS users: root and mobile.
-
Root: the user with the highest permission can access any file.
-
Mobile: a common user can access only /var/mobile in the user directory
Mobile users can create files in their own directories, but do not have permissions in the root directory:
Root user can test
2.5 Changing a User Password
-
The root user can change the passwords of all users.
-
Passwd command to change the password:
-
Passwd username
-
Enter the new password twice to confirm the change. You do not need to enter the original password because you are logged in.
Ps: change the password of a mobile user as user root.
~ ssh
iPhone-XS-Max:~ root# passwd mobile
Changing password for mobile.
New password:
Retype new password:
iPhone-XS-Max:~ root#
Copy the codeGenerally, it is not recommended to change the password. You can directly configure the login without password. If you change your password and forget it, reinstall it.
2.6 Key Preservation Verification
According to 1.3 SSH Login Process, the system prompts you to verify the hash value of the public key at the first login and saves the public key to known_hosts in ~/. SSH. Therefore, the public key should also exist in the mobile phone.
Go to the phone CD /etc/ssh directory:
iPhone-XS-Max:~ root# cd /etc/ssh
iPhone-XS-Max:/etc/ssh root# ls
moduli ssh_host_dsa_key ssh_host_rsa_key sshd_config
ssh_config ssh_host_dsa_key.pub ssh_host_rsa_key.pub
iPhone-XS-Max:/etc/ssh root#
Copy the codeYou can view the public and private keys of ssh_host_rsa_key. This validates the login process above.
As you can see from the comparison, if the IP address changes and access is unavailable, a man-in-the-middle attack will appear
2.7 Encryption-free Login (Public Key Login)
2.5.1 Mechanism of Encryption-free Login
Password-free login is also called public key login. The principle is that users store their public keys on a remote host. On login, the remote host sends the user a random string, which is encrypted with the user’s private key and sent back. The remote host decrypts the user with a stored public key and, if successful, proves that the user is trusted.
2.5.2 Configuring Encrypted Login
- . The client is in
~/.ssh/Generate public and private keys in the directorySSH - the keygen:
If you set the password, you will enter the RSA password every time.
- Copy the public key to
SSHServer:Ssh-copy-id Username @server IP addressInput is required when copyingrootPassword of account
At this time to log in again do not need to enter the password:
~ SSH [email protected] iphone-XS-max :~ root#Copy the codeSsh-copy-id Specifies a file by using -i. Some systems fail to specify -i. (Although the copy is successful, the key generated by ssh-copy-id is verified.)
3. Copy the public key in the ~/.ssh/authorized_keys server.
In some versions, ssh-copy-id does not require the public key generation. The command generates public and private keys for copying. If you encounter a mismatch between the generated public key and the copy in authorized_keys, you may have this problem.
2.8 Configuring Quick Login
Join us if we have multiple phones or don’t want the hassle of entering an IP address to log in. Create a config file under ~/.ssh and configure the alias for SSH login:
Host iPhone7
Hostname 172.20.10.11
User root
Port 22
Copy the codeUse:
~ SSH iPhoneXsMax iphone-XS-max :~ root#Copy the code2.9 Other SSH Operations
-
Delete the saved server address key: ssh-keygen -r server IP address (when logging in to the phone over SSH, the phone is the server)
-
The know_hosts file is used to save the keys accepted for SSH login to the server. The file is stored in the ~/. SSH directory
-
Pub file: the ssh_host_rsa_key.pub file is used as the key sent to the connection by the SSH server in the /etc/ssh directory of the system
-
Config file: Create a config file in the ~/. SSH directory. You can configure an internal alias for SSH login.