Comments on: iPhone SSH

Question: iPhone SSH

yesno — Tue, 28 Aug 2007 14:34:34 -0800

After installing OpenSSH on your iPhone, is there a way to disable it except when needed?

In order to easily put files on my iPhone, I installed the BSD subsystem, ssh, and a terminal. Of course, I changed the root password. But I find it strange that I can log on to the iPhone through ssh all the time, not just when I have launched the terminal and run ssh in some way. Is there a way to turn off the ssh service except when needed? I am bothered by the security and possible battery life implications. Or am I misunderstanding what is going on?

By: rhizome

rhizome — Tue, 28 Aug 2007 15:12:41 -0800

You're going to have to add some more detail, namely what you mean by "log on to the iPhone" and "just when I have launched the terminal." Are you talking about two separate environments?

By: andrew cooke

andrew cooke — Tue, 28 Aug 2007 15:35:33 -0800

(i assume they want the bsd equivalent of "chkconfig -d sshd")

By: andrew cooke

andrew cooke — Tue, 28 Aug 2007 15:36:51 -0800

and if i google that the answer is here - just change the "yes" to "no", i assume.

By: andrew cooke

andrew cooke — Tue, 28 Aug 2007 15:38:22 -0800

is that clear? you want to follow those instructions except use sshd_enable="NO". disclaimer: i have no idea if this also applies to iphones.

By: andrew cooke

andrew cooke — Tue, 28 Aug 2007 15:42:09 -0800

battery life implications, incidentally, are unlikely to be important. if you are worried about security you may want to configure sshd to only allow certain users, etc. example config. i'll shut up now...

By: mrg

mrg — Tue, 28 Aug 2007 15:46:29 -0800

OpenSSH on the iPhone wouldn't be much different from OpenSSH anywhere else - there's a daemon called sshd that deals with incoming ssh connections. you could always chmod -x it (on my Mac, it's in /usr/sbin but might be elsewhere) and reboot. then chmod +x and reboot to re-enable. it'll also put a script somewhere to automatically start it on boot; you could always just do chmod -x on it and then run it manually (/bin/bash whatever-the-script-is-called start, probably) when needed.

By: Good Brain

Good Brain — Tue, 28 Aug 2007 16:03:09 -0800

The iPhone doesn't have a typical init.d setup.

I think this file is controlling the launch of sshd: /Library/LaunchDaemons/com.openssh.sshd.plist

By: Good Brain

Good Brain — Tue, 28 Aug 2007 16:08:55 -0800

Yeah, it uses launchd, which seems to be assuming an inetd/xinetd-like role in this case. I think maybe just moving or getting rid of the sshd plist will take care of the issue

By: evariste

evariste — Tue, 28 Aug 2007 16:56:23 -0800

The plist that ships with OpenSSH for iPhone specifies it as an "on-demand" launchd service, meaning it runs when someone tries to contact the correct port. You can see it in /Library/LaunchDaemons/com.openssh.sshd.plist. So it isn't sitting there draining your battery all day, and I wouldn't worry about this, beyond of course changing the passwords on the root and mobile accounts.

By: yesno

yesno — Tue, 28 Aug 2007 17:48:26 -0800

@rhizone

What it means is, you can log into the iPhone remotely through ssh. Launching the terminal means running a terminal emulator directly on the iPhone.

@evariste

Ok, thank you for the information and piece of mind.

By: yesno

yesno — Tue, 28 Aug 2007 18:30:08 -0800

Update: I confirmed evariste's information by running "top" on the vt-100 emulator on the iPhone and seeing that ssh would only start up when I made a connection from my computer.