Use Your Phone to Remotely Access Server Terminal: A Blitz Tutorial
In this blitz of a tutorial I will show you how to use your smartphone to access bash shell on a remote unix-like machine. I will be using a droplet I created using the DigitalOcean cloud computing service. This droplet is an Ubuntu server based in NYC available for a mere $5 a month.
We will use a secure tunneling technology for accessing this remote server’s terminal — secure shell or SSH. While this is entirely possible from personal computer, we will focus on using an iPhone 6 to SSH into the Ubuntu droplet.
What is SSH?
Designed as a replacement for Telnet, SSH is a cryptographic network protocol for remotely accessing server through a public-key private-key authentication system.
Connect With Computer
Open System Preferences and Sharing and enable “Remote Login” by clicking the checkbox.
Make note of the “ssh username@ip” — in this example it’s “ssh email@example.com” — and enter this information into terminal to establish a secure remote connection to 100.68.121.46 as user “ivorybook” upon sucessful submission of the password.
Resist Brute Force Attacks — Public/Private Key Pairs
We will shift our authentication strategy to one involving public-key private-key pairs instead of password submission. This will help us resist brute force attempts to access our remote machine by allowing us to maintain a private-key while uploading a public-key to our remote server.
The public-key is uploaded to the server by adding the key to the server’s ~/.ssh/authorized_keys file. The public-key is used to encrypt messages that only the private-key can decrypt.
Generate SSH Keys on Local Machine
On the machine that will be making the SSH connection to a remote server public-key and private-key pair will need to be generated.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
By default the key-pair will save to /.ssh directory as id_rsa (private) and id_rsa.public (public). Generating a new key-pair will over write an existing pair. Optionally enter a password when prompted to require password authentication every-time the key is used.
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
Embed Your Public Key on a Remote Server
Now that you have your key-pair you will need to upload your public key to the target remote server ~/.ssh/authorized_keys file. In your key-pair directory, view your public key with:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNqqi1mHLnryb1FdbePrSZQdmXRZxGZbo0gTfglysq6KMNUNY2VhzmYN9JYW39yNtjhVxqfW6ewc+eHiL+IRRM1P5ecDAaL3V0ou6ecSurU+t9DR4114mzNJ5SqNxMgiJzbXdhR+j55GjfXdk0FyzxM3a5qpVcGZEXiAzGzhHytUV51+YGnuLGaZ37nebh3UlYC+KJev4MYIVww0tWmY+9GniRSQlgLLUQZ+FcBUjaqhwqVqsHe4F/woW1IHe7mfm63GXyBavVc+llrEzRbMO111MogZUcoWDI9w7UIm8ZOTnhJsk7jhJzG2GpSXZHmly/a/buFaaFnmfZ4MYPkgJD firstname.lastname@example.org
To embed our public key on a target remote server we will need to have password-based SSH access to our server.
We transfer our public-key to the server with ssh-copy-id tool included with the OpenSSH package.
The authenticity of host '22.214.171.124 (126.96.36.199)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes
Upon agreeing to connect, the utility will scan the local account looking for the id_rsa.pub key generated earlier and this key will be copied to the remote server’s directory /.ssh/authorized_keys.
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'email@example.com'"
and check to make sure that only the key(s) you wanted were added.
Connect to the Remote Server Using iPhone and ServerAuditor
To connect to your remote server using your phone, no jailbreaking is required. Simply download the ServerAuditor application from the App Store.
Select the ‘Keychain’ option from the menu to create an identity which will consist of your remote server’s username and password and associated key.
To connect to your server, use the Quick Connect option and select the Identity you created for accessing your remote server. This should populate the key field as the identity is tied to the key. For the hostname field enter the IP address of your remote server.