IOS 7.x Jailbreak SSH Access / SSH Tunnel

created January 23, 2014, last updated July 27, 2015.

.
closeThis post was last updated 8 years 7 months 28 days ago, some of the information contained here may no longer be actual and any referenced software versions may have been updated!

 

There are 3 reasons why I always “Jailbreak” my iPad.

  1. The Apple iPad is a (bloody expensive) computer. When I buy a (bloody expensive) computer I expect to have 100% usability from it. The restrictions imposed by Apple on their i device operating system (IOS) inhibit it’s practical usability considerably, and I really don’t like that.
  2. When I am travelling I use the excellent MyWi app to turn my iPad into a wireless hotspot.
  3. For privacy and security I like to be able to tunnel my iPad traffic through a secure SSH connection to my server.

“Jailbreaking” exploits vulnerabilities in IOS to achieve root access to the operating system thus “liberating” IOS and allowing ad hoc software to be installed and executed. If you come from a Unix background this is great, because your (bloody expensive) computer now becomes really useful in accessing other Unix based systems and doing geeky Unix type stuff.

I have been Jailbreaking my iPad since IOS v.5 – I find little point in Jailbreaking my iPhone as the screen size limits use.

The Jailbreak process itself is always seamless:

  • Backup with iTunes
  • Install update from iTunes (not via OTA update)
  • Restore from iTunes
  • Jailbreak
  • Restore Cydia software and purchases, i.e. MyWi.

The IOS 7.x Jailbreak was released recently and I finally decided to upgrade my iPad from IOS 6.x to IOS 7.x and apply the Jailbreak, as usual this worked pretty well, but some changes in IOS 7 caused problems:

  • IOS 7 stops applications from connecting to localhost SSH on port 22
  • IOS 7 multi tasking affects SSH background connections

IOS 7 Stops Applications from Connecting to localhost SSH on Port 22

This was a devious software change by Apple. Normally after Jailbreaking the first task is to install Open SSH via Cydia – this gives you normal SSH terminal access to the device, and then use a terminal application such as iSSH to login to the device (localhost) as root.

With IOS 7 Apple have hardcoded a restriction into the operating system that stops (App Store) Apps from making an SSH connection to localhost on the default SSH port 22. When you try and connect with iSSH you will get a connection cancelled error. You can still SSH from an external device, but not locally.

The workaround for this is to change the listening TCP/UDP ports used by the SSH daemon to something other than 22.

To do this you need to edit a couple of system files. An easy way to edit the files is with the Cydia app iFile.

Take a look at /etc/services this file defines network services including SSH. Find the entries for SSH:

ssh    22/udp    # SSH Remote Login Protocol
ssh    22/tcp      # SSH Remote Login Protocol

and duplicate them creating a new service called ssh2

ssh2    52222/udp    # SSH Server
ssh2   52222/tcp      # SSH Server

Save the file.

Here I am using 52222 for the UDP/TCP ports, you can use other port numbers but stay clear of well known ports from 0 – 1023 (dynamic/private ports 49152 to 655535 are preferable).

Now edit /Library/LaunchDaemons/com.openssh.sshd.plist  and change the SockServiceName string to ssh2.

<key>SockServiceName</key>
<string>ssh2</string>

Save the file and reboot.

We are basically telling the operating system to continue using port 22 for SSH connections but to listen for SSH connections on a different port.

You can now connect using SSH on the port you specified i.e.

ssh root@my.ipad.address:52222

Remember to change the root and mobile default passwords of your i device when you login.

IOS 7 multi tasking affects SSH background CONNECTIONS

So now I have root access to my IOS 7.0 device I can run SSH to create a secure tunnel to my Ubuntu server:

ssh -N -g -D XXXX user@myserver.com

This creates a SOCKS proxy tunnel on port XXXX over SSH to my server, the i device can be configured to send all traffic via this proxy with a proxy auto config (PAC) file.

On IOS 7.0 this worked as expected, hurrah! I ran the shh tunnel changed my Wifi proxy settings to auto using my PAC file URL, switched apps to Chrome, checked my IP address to confirm I was proxying via the SOCKS tunnel and was happy that my iPad data was going through the “secure” tunnel –  until a few minutes later when it stopped working, doh!

The tunnel stops working because shortly after switching apps the SSH connection to the iPad is terminated, also terminating the SSH tunnel. This is because Apple has changed the way App multitasking works in IOS 7.x

When you switch apps in IOS 7 some apps continue to run for a short while and are then set to a suspended state to reduce system resources. They will “instantly” launch when you return to them. Of course when an app like iSSH switches to the background and is suspended by the operating system any active SSH connections will quickly timeout and terminate. This means our session running the SSH tunnel will be terminated, closing the tunnel.

Some apps are allowed to update in the background, and this is controlled via the background refresh options in settings, but as of the time of writing iSSH (and Prompt) do not appear in this list. (in IOS 6 apps were allowed to run for 10 minutes in the background and iSSH used to prompt you to return to the app to keep connections alive).

Fortunately there is a simple work around to this problem, install the mobile terminal app via Cydia and reboot. The mobile terminal app has been around for a while and gives you direct command line access as the mobile user. Although Cydia says it only supports IOS v4 to v6 it installs and runs perfectly on IOS v7.x too.

The great thing about mobile terminal is that it creates a direct local login session. When you switch the app to the background this session will keep running even when the mobile terminal app is suspended and reset. In fact if you install adv-cmds via Cydia you can login via SSH and see this login session running as a process with the ps command.

So we execute our SOCKS proxy ssh command in mobile terminal and setup the tunnel, when the mobile terminal app switches to the background the tunnel will stay open in the login session indefinitely, or until you kill the session manually from another command line using the kill process command.

If you don’t want to use mobile terminal have a look at the cydia implementations of screen and autossh.

Now I have full SSH functionality from my (bloody expensive) IOS 7.x computer again!

Here is the pac file I use for my proxy auto config:

function FindProxyForURL(url, host) {
return “SOCKS localhost:XXXX”;
}

 

Comments

  1. Konstantin says:

    Thank you so much, I was messing around with my iPad for two days trying to get Python to run through iSSH, it was so painful. And now it works! Damn Apple with their restrictions and other BS, thank g-d there is always somebody to find a workaround!

  2. Zdenek says:

    Thanks, most blogs forgot to mention those two files , instead they have lots of jpegs of how to press a install button in cydia..

This site uses Akismet to reduce spam. Learn how your comment data is processed.