- Change the root and mobile user password
- Understand the use of an ssh key and get a basic understanding of how they work
- Their pros
- How to create an ssh key
- How to add the ssh key to the target device
So, the majority of you will have a password which prevents prying eyes from just going into your device, and taking a look at all of your sensitive information. Well, as soon as we've installed openssh on our device, it only takes someone (who is on the same wifi network) to find our IP address, and enter the password alpine and they've gained full access to the device.
As soon as a person has remote access over ssh, they can do whatever they want, but here's a few examples:
- They could bootloop your device
- They could fill up your device storage (for example, sending lots of IPSWs)
- They could download content from your apps
- They could install spyware...
However, the most simplest way we can fix this is by changing both our root and mobile passwords.
On iOS devices, the main two users are root and mobile. Mobile has less privileges than root, meaning that you would have to run sudo in order to do higher privileged things. For example, if I tried to delete a file which is write protected as a mobile user, I might have to use sudo in order to achieve that. However, a root user is free to do what they want. But access by a malicious person could be troublesome for us, so let's secure the device.
- Make sure that you've logged in with ssh, see chapter 1
- Type
passwd. It will say:
changing password for root
New password
- Type in your new password, it can't be longer than 8 characters (this is a limitation of iOS not me). Once that's done, you've successfully changed your root password. When you login after following chapter 1's instructions, enter this new password.
- Make sure that you've logged in with ssh, see chapter 1
- Type
passwd mobile. It will say:
changing password for mobile
New password
- Type in your new password, it can't be longer than 8 characters (this is a limitation of iOS not me). Once that's done, you've successfully changed your mobile password.
One of the most convincing reasons for using a ssh key is that you don't have to enter your password! This means that your password can be a lot more complex, without you having to remember it. In addition, ssh keys are much more secure than password based authentication as they can be much longer, and are extremely difficult to break if not impossible.
I'll try to explain how ssh keys work as best as I can with my analogy.
Imagine I have a padlock which I give to you and I keep the key. You have the ability to lock the padlock, but that is it. You cannot unlock it. (This is the public key:) You can keep the contents of a thing safe (in other words, you can encrypt something.) However, I am the one with the key, so only I can access that thing which you kept safe (I am the only one who can decrypt it.) So in practice, this means that the public key (the padlock) can be given to anyone: wether it be my Mum, the next door neighbour or GitHub. However, when they send a message to me which is encrypted with my public key (padlock) only I can read it. So when we transfer our public key to the iOS device, it will create a message which only my private key can decrypt. If the keys validate, then I am logged in.
Note: You should never give out your private key to anyone**
- First, open your terminal app, (whether it is ish, or the terminal app on macOS or Linux)
Note: do not ssh into your device - Type in the following:
ssh -v localhost
The output should be something like this:
OpenSSH_8.4p1, OpenSSL 1.1.1j 16 Feb 2021
Note your ssh version: Mine is8.4p1. - Log into your device over ssh and again, log its ssh version: my output is the following:
OpenSSH_8.4p1, OpenSSL 1.1.1i 8 Dec 2020
Again, my ssh version is8.4p1and again, I will note this down somewhere. - Type in
exitto disconnect from the iOS device. - Now determine wether you will need to create an RSA key or an ed25519 key. If both of your ssh versions (the one on the host machine and the ios device) are greater than 6.5, type in
ssh-keygen -t ed25519 -b length_of_the_key -C "[email protected]".
Else, type in
ssh-keygen -t rsa -b length_of_the_key -C "[email protected]".
Note: The minimum length of the key is 1024 and the max is 16384, the larger the key the longer it will take to generate and the more secure it will be.
Example:ssh-keygen -t ed25519 -b 16384 -C "[email protected]"
This will generate a 16384 bit long ssh key (the max). When generating the key, it will say:
Generating public/private ed25519 key pair
(You will need to be patient for this as it may take a while.) - After that, the following message will be displayed:
Enter file in which to save the key (/root/.ssh/id_ed25519)
Note: Yours might be different for example, it might say:
Enter file in which to save the key (/etc/.ssh/id_ed25519) - It will then say
Enter passphrase (empty for no passphrase):
Type a passphrase if you wish (strongly recommended) - Confirm the passphrase if you entered it, otherwise just press enter again.
You've successfully created an ssh key, now let's transfer our padlock (public key) to our iOS device.
- Type in
ssh-copy-idfollowed by how you would login with ssh, for example
ssh-copy-id root@localhost -p2222
It will say something like
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
expr: warning: '^ERROR: ': using '^' as the first character
of a basic regular expression is not portable; it is ignored
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@localhost's password:
- Enter the appropriate password,
It will then say:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '2222' 'localhost'" and check to make sure that only the key(s) you wanted were added.
- Now, login normally over ssh, you should not be asked for a password but rather, for your ssh key pass phrase (if you set one).
- Finally, do the same again, but this time do this for your mobile user.
You may find it cumbersome to continuously enter your pass phrase. To fix this, let's make sure that ssh auto fills it in for us.
- From terminal, type:
eval "$(ssh-agent -s)"
The output should be something like this:
Agent pid 37.
This initiates the ssh agent. - Finally, to add the ssh key to the agent, type the following:
ssh-add /path/to/your/ssh/directory/.ssh/id_ed25519
Note: If you are using rsa, then this command should be writtten like this:
ssh-add /path/to/your/ssh/directory/.ssh/id_rsa
An example of what this may look like is this:
ssh-add /root/.ssh/id_ed25519
If you are unsure where this folder is, it was specified when creating an ssh key with ssh-keygen.
Finally, you should be prompted for your pass phrase. Upon entering it, ssh will manually enter it for you. To test this, try to login again with ssh.
It is a good idea to disable password logins completely. This ensures maximum security for the device, but it also means an individual wil not be able to brute force the password. Let's set this up:
- Open Filza and navigate to
/etc/ssh - Open the file
sshd_configwith the text editor - Look for the following line:
#PubkeyAuthentication yes
Change it to:
PubkeyAuthentication yes - Look for the following line:
#PasswordAuthentication yes
Change it to:
PasswordAuthentication no
If I try to login to my device without an ssh key, I get the following output:
mobile@localhost: Permission denied (publickey,keyboard-interactive).
As you can see, I can only login if I have the key.