Thursday, August 9, 2012

Securing SSH - Tips & Tricks

Strong Usernames/Passwords
To most of us, this comes as a no-brainer.  To others, not so much...  Regardless, the strength of username/password combinations is extremely important.  If the password being used is a dictionary word or could be derived from the username, there may as well be no password at all...  Ideally, passphrases should be used.  A passphrase is just like a password except for instead of using a word, a phrase would be used.  Passwords and passphrases alike should also be mangled.

iPhone Home - Remote Access to iPhone

Often I have wanted a reliable way to access the contents of my phone remotely (incase I misplace my phone or if my phone gets stolen).  While there are other apps to determine the location of the phone, remotely lock or wipe, etc...  But I still want MORE!  So I decided to try this on my own.

Lets start by simply SSHing into the iPhone...  NOPE!  Wait, you mean to say that you can’t SSH directly into an iPhone connected only to mobile broadband? Yes, it’s sad but true.  Fortunately, we already know how to bypass those pesky firewalls using Reverse SSH!

By following the tutorial “Bypassing Firewalls - Reverse SSH Tunneling” the iPhone can be forced to phone home.  On jailbroken iPhones, this can be achieved manually by running the following command in the terminal or by running the script provided previously.  Currently, there is no way to accomplish such a task on a non-jailbroken device.