- Nov 22, 2010
- 1,470
- 473
- 0
Secure shell, more commonly known as SSH, allows for two devices to communicate over a secure, encrypted protocol.
Scenario: You're in a public restaurant, hotel, street, etc. and want to access the free wifi connection to access the internet, your bank account app, Gmail, and facebook but don't want to compromise your security. "Why not use 3G?" you say. Using wifi will save battery life and increase internet speed for apps that are data intensive ie, Netflix, Pandora, etc. 3G also isn't always the best option as 3G is dependent of towers and signal strength.
Solution: Create a secure connection to a trusted host to route all of your traffic from your phone!
Okay, at this point, if it is not clear what is being discussed here, please do a little reading on ssh tunneling. There are many capabilities and benefits to it. Mainly, securing all of the information being sent over a connection to a secure, trusted connection.
This writeup will contain the information needed to setup an Android phone properly. Setting up the ssh server or your own, home ssh server are another topic. This is not for the unexperienced, however I have attempted to make this tutorial for the phone as user-friendly as possible. Running a ssh connection from home is free and requires some setup. Using a host requires a small monthly payment and doesn't require any setup.
Issue: SSH connections with passwords can be sniffed and "stripped" for information and the information can be read by hackers. Even worse, hackers could ghost the connection and get into all of the user's personal information, codes, account info, etc.
Solution: Create SSH connection using public/private keys. A side benefit to the use of keys is not having to type in a password everytime the phone is connected to the server.
Issue #2: Some public/private keys can be decyphered and decrypted to obtain the contained information.
Solution: Use only RSA keys with 4096 size creating the unlikely possibility that anyone can decypher your information. (the two types are DSA and RSA of which DSA is less secure, RSA is said to be uncrackable) reference (Do not follow instructions in the link, it is only provided as an explanation of the two algotrithms.)
Issue #3: Currently, solutions offering ssh public/private key capabilities do exist, however they only allow for ssh or terminal interaction. Very command heavy interface which is not desireable.
Solution: Use a way that will route all phone traffic through the secure connection and to an end host, then to the internet. Therefore, use of Android apps is normal and no command line/terminal interface is necessary. Very user friendly.
There is a way to create a completely secure connection. One that can not be sniffed (technically, can be sniffed on an open connection, but nothing is gained from the sniffing because the information is going through a secure tunnel) for information, nor can be decrypted. In order to do this on an Android phone, there are two processes that need to be completed. The SSH connection must be established with SSH keys and then all of the traffic must be forwarded through the tunnel. The following instructions provide the process to accomplish this. There are other ways of doing this. This is the most user-friendly method of doing this.
The first part of this tutorial will explain how to create the connection using ssh and the connectbot app to access the ssh server and transfer the ssh key.
The second part of this tutorial will explain how to tunnel all of the Android phone traffic through the ssh connection created by the first part.
Requirements:
-SSH server/host computer
-Rooted phone
-ROM with iptables binary and NAT supported (if your ROM doesn't have this, ask your dev to support it
)
-Follow instructions provided
-Two downloads provided
NOTE: There is a way to have this connection tunnel through a normal home computer. It involves setting it up as a server. This could compromise security if not done properly. However, there are options to purchase a secure shell at low cost. Again, these instructions will not include how to setup these servers, but how to connect the Android device to the server. This tutorial is assuming that the ssh server is up and running prior to starting the following insructions.
Scenario: You're in a public restaurant, hotel, street, etc. and want to access the free wifi connection to access the internet, your bank account app, Gmail, and facebook but don't want to compromise your security. "Why not use 3G?" you say. Using wifi will save battery life and increase internet speed for apps that are data intensive ie, Netflix, Pandora, etc. 3G also isn't always the best option as 3G is dependent of towers and signal strength.
Solution: Create a secure connection to a trusted host to route all of your traffic from your phone!
Okay, at this point, if it is not clear what is being discussed here, please do a little reading on ssh tunneling. There are many capabilities and benefits to it. Mainly, securing all of the information being sent over a connection to a secure, trusted connection.
This writeup will contain the information needed to setup an Android phone properly. Setting up the ssh server or your own, home ssh server are another topic. This is not for the unexperienced, however I have attempted to make this tutorial for the phone as user-friendly as possible. Running a ssh connection from home is free and requires some setup. Using a host requires a small monthly payment and doesn't require any setup.
Issue: SSH connections with passwords can be sniffed and "stripped" for information and the information can be read by hackers. Even worse, hackers could ghost the connection and get into all of the user's personal information, codes, account info, etc.
Solution: Create SSH connection using public/private keys. A side benefit to the use of keys is not having to type in a password everytime the phone is connected to the server.
Issue #2: Some public/private keys can be decyphered and decrypted to obtain the contained information.
Solution: Use only RSA keys with 4096 size creating the unlikely possibility that anyone can decypher your information. (the two types are DSA and RSA of which DSA is less secure, RSA is said to be uncrackable) reference (Do not follow instructions in the link, it is only provided as an explanation of the two algotrithms.)
Issue #3: Currently, solutions offering ssh public/private key capabilities do exist, however they only allow for ssh or terminal interaction. Very command heavy interface which is not desireable.
Solution: Use a way that will route all phone traffic through the secure connection and to an end host, then to the internet. Therefore, use of Android apps is normal and no command line/terminal interface is necessary. Very user friendly.

There is a way to create a completely secure connection. One that can not be sniffed (technically, can be sniffed on an open connection, but nothing is gained from the sniffing because the information is going through a secure tunnel) for information, nor can be decrypted. In order to do this on an Android phone, there are two processes that need to be completed. The SSH connection must be established with SSH keys and then all of the traffic must be forwarded through the tunnel. The following instructions provide the process to accomplish this. There are other ways of doing this. This is the most user-friendly method of doing this.
The first part of this tutorial will explain how to create the connection using ssh and the connectbot app to access the ssh server and transfer the ssh key.
The second part of this tutorial will explain how to tunnel all of the Android phone traffic through the ssh connection created by the first part.
Requirements:
-SSH server/host computer
-Rooted phone
-ROM with iptables binary and NAT supported (if your ROM doesn't have this, ask your dev to support it

-Follow instructions provided
-Two downloads provided
NOTE: There is a way to have this connection tunnel through a normal home computer. It involves setting it up as a server. This could compromise security if not done properly. However, there are options to purchase a secure shell at low cost. Again, these instructions will not include how to setup these servers, but how to connect the Android device to the server. This tutorial is assuming that the ssh server is up and running prior to starting the following insructions.
Last edited: