[michaelwithe21]

awww, i thought i was the first to think of it... hmm, i cant believe i havnt seen one topic about it... but my "intentions" on the "virus" were to show a vulnerability to mac, which i sent them a copy =P

i guess i have to believe that you have been using 3G to access your iphone through Reverse SSH tunnels further more forwarding a vnc service to track/control...

btw... can you please over look your instructions...

1) in autossh, the home ssh listening port is after -M right, im using a non-default port?

2) is there any reason why no passphrazed dsa keys wouldnt work (u used rsa)?

3) or what if i change the name of the .sh file? (note: i did go through both .plist and .sh file to change anything that said autohome/.sh)

I cant get it to work with autossh:

after giving chmoding both .plist and .sh to 644 and testing dsa keys with manual reverse tunnel (worked fine)... I tried to complete the steps:

iPhone:/bin root# sh othername.sh
iPhone:/bin root#

i checked netstat with no luck, and tried to connect to localhost:1201 using chicken of the vnc (mac) with no luck...

I then rebooted/turned off /on the phone, with no connections formed, hmmm...

tried running it without sh aka # othername.sh and tried bash othername.sh...

none of which made a connection...

once again... it works when i give command:

ssh -p MYHOMESSHPORT User@IP -fNR PortToConnectTo:localhost:5900

NOTE: MY VNC CLIENT ALLOWS ME TO SPECIFY PORT via localhost:1201

but for some reason it wont work, maybe im missing something... here is my autorssh.sh:

#!/bin/sh
export HOME=/var/root
export AUTOSSH_GATETIME=0
autossh -M SecretHomeSSHPort -f -2 -N -C -R *:1202:localhost:22 -R *:1201:localhost:5900 User@MyHomeSSHServerIP

here is my /System/Library/LaunchDaemons/com.autorssh.startup.plist:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>com.autorssh.startup</string>
<key>Program</key>
<string>/bin/autorssh.sh</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

NOTE: i havnt tried it with the tabs aka, what is being used now is:

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>com.autorssh.startup</string>
<key>Program</key>
<string>/bin/autorssh.sh</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

4) are the tabs required for the script to run properly? (i test it l8r)

tried both Wifi and 3G, worked manually, does work with autossh...

please help!!!

[llemarie]

Hi,

Quote:

ssh -p MYHOMESSHPORT User@IP -fNR PortToConnectTo:localhost:5900

Using autossh is like using ssh. It calls ssh with the parameters you pass it, adding additional forwarded ports it uses to test the state of the connection (provided by the -M port parameter).

In you case you want:

autossh -M KEEPALIVEPORT -p MYHOMESSHPORT User@IP -fNR PortToConnectTo:localhost:5900

I would use -C as well, compressing the data over slow connections should provide a measurable speed improvement.

Hope this helps,
Lionel.

[michaelwithe21]

"Using autossh is like using ssh. It calls ssh with the parameters you pass it, adding additional forwarded ports it uses to test the state of the connection (provided by the -M port parameter)."

THANK YOUR REPLYING, I REALLY REALLY WANT THIS TO WORK =P

ok... so im a bit confused...

i now understand that -M does not represent the ssh port, but now your saying that it "adds additional forwarded ports it uses to test the state of the connection"...

1) Does this mean i need to forward another port on my home router (other than the ssh server port)??

2) what is this KEEPPORTALIVE? you used 20000?? wtf?? please explain what I should use!! =) for right now im gunna try what u used =/

3) WTF does -2 do to an ssh tunnel? are you sure I should not use the same format you used? ex -f -2 -N -C -R

4) should the *'s be there in the autossh.sh tunnel?

here is my new .sh:

#!/bin/sh
export HOME=/var/root
export AUTOSSH_GATETIME=0
autossh -M 20000 -p HomeSSHPort -f -2 -N -C -R *:1203:localhost:22 -R *:1201:localhost:5900 User@ExternalIP

I will also try:

autossh -M 20000 -p HomeSSHPort -fNCR 1201:localhost:5900 User@ExteralIP

Update: So it is finally making connections via autossh.sh, BUT...

im still curious about the -2 command for ssh, what does it do?

I understand that compression and decompression on both ends is faster if you have minimal bandwidth... but if battery life is a concern, the compression is always in place right? or is the compression only used when vnc client connects to localhost?

Im gunna run a couple runs on 3G and see if -C is ANY faster... seeing as we have to compress on the iphone (Reverse tunnel)... but any thoughts?

again, please that -2 concerns me, as does not knowing what PORTTOSTAYALIVE 20000 is doing???


Update: So it is finally making connections via autossh.sh, BUT...

the start-at-boot is not running at all... do i have do something more to make the .sh start at startup??

im still curious about the -2 command for ssh, what does it do?

I understand that compression and decompression on both ends is faster if you have minimal bandwidth... but if battery life is a concern, the compression is always in place right? or is the compression only used when vnc client connects to localhost?

Im gunna run a couple runs on 3G and see if -C is ANY faster... seeing as we have to compress on the iphone (Reverse tunnel)... but any thoughts?

again, please that -2 concerns me, as does not knowing what PORTTOSTAYALIVE 20000 is doing???

[llemarie]

Hi,

Sorry for the delay.

About the keep-alive port, please read up on autossh in the documentation: autossh(1): monitor/restart ssh sessions - Linux man page
The -M argument opens the port for you, that's all you need to do. It uses it to test that the connection is up. When the connection goes down, it attempts to restart ssh to renew the tunnels. You don't need to open a new port for it on your router, it's part of the tunnels. I simply used the port from the docs, it's arbitrary.

-2 is an ssh argument, please read up on it here: ssh(1): OpenSSH SSH client - Linux man page
It simply sets the protocol version to SSH2.

-f tells autossh to run in the background.

-N is important, it tells SSH to not start a shell. This goes together with my instructions to set the user shell to /bin/false for added security.

Adding * before the tunnel parameters changes the bind address. It can be necessary if the machine running VNC is not the SSH home server.

-

Running the script at startup is another problem. What you can do is add "touch /var/root/test.txt" to your sh script. That way after boot you can check that the file was created. If it is created you can try adding:
export AUTOSSH_LOGLEVEL=7
export AUTOSSH_LOGFILE=/var/root/autossh.log

That will show what connection errors there are.

Obviously, check the shell script ownership (should be root), should be executable (chmod 755), should be in /bin to be accessed at boot time, check the startup script for spelling, etc...


By the way. The name of the script in my instructions is autohome.sh, calling it simply .sh is not very descriptive.

Regards,
Lionel.

[michaelwithe21]

i apologize for the generalization of my .sh file, i changed autohome.sh to autorssh.sh...

WAIT!! **DO U MEAN THE TOP OF MY autohome.sh file is WRONG? it shows below that the first line is:

#!/bin/sh

Should that be

#!/bin/autorssh.sh

??????

Thank you for being responsive, i cant tell u how much i appreciate this!!

I will try chmoding the autorssh.sh file 755, ive been using 644...

New questions:

1) What is the purpose of the "push" feature you mentioned in tip forum if your iphone already starts it on boot?

2) Did you get this to work on boot? (you are kinda unclear in tutorial)

3) When I manually run autorssh.sh from terminal, and i change IP/Internet source the connection drops until i return to the source i gave the command during... why do u think that is?

4) IMPORTANT** When i am on my home computer clients, and i wish to connect, I still use localhost:1201 and ssh -p 1203 root@localhost right? IE, because I used an * do i need to connect to my computers local IP (192.blabla) or localhost? NOTE: both of those commands work when i run the autorssh.sh file manually from mobileterminal


here r copies of my 2 files... (minus my personal info):

/bin/autorssh.sh

#!/bin/sh
export HOME=/var/root
export AUTOSSH_GATETIME=0
autossh -M 20000 -p SecretSSHPort -f -2 -N -C -R *:1203:localhost:22 -R *:1201:localhost:5900 User@IP

CHMOD 755


/System/Library/LaunchDaemons/com.autorssh.startup.plist (TAB represents space out)

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
TAB<key>Label</key>
TAB<string>com.autorssh.startup</string>
TAB<key>Program</key>
TAB<string>/bin/autorssh.sh</string>
TAB<key>RunAtLoad</key>
TAB<true/>
</dict>
</plist>

chmod 644

should the top line be something els? should "label" be something els? ignore if answer is no =)

PLEASE HELP =P

UPDATE:

OK, so i got boot up to work, it was 755 permissions on .sh file, you should include this in your tutorial for stupid people like me...

BUT, every time i switch to another source or IP, the phone will not connect, example:
I boot iphone and my wifi is on, i can connect, if i turn off wifi, i cannot connect, if i turn wifi back on, i can connect...

it seams every time i switch IP/source, i cannot connect, and i am forced to rollback to original source that was used when .sh was given!!

maybe autossh just takes some to time to adjust, but i waited for quite some time... maybe this is what you were referring to when you said "push" feature...

[llemarie]

Hi,

The top of your script is fine. It should start with #!/bin/sh.

The 'push' idea I mentioned is purely theoretical. Instead of starting autossh at boot time, I'd like to start it on demand. I'd want to send a message to the phone using APN (maybe via Prowl?), and catch the event on the phone (using GRiP?) to start autossh.

Please look up any terms you're not familar with.

-

Regarding the change of IP, you are right, I'm seeing the same behaviour. There is a period of time where the tunnel is still up, but on the wrong interface. It is possible to send a signal to autossh (via killall) to tell it to renew the connection manually, but that is not desirable.

If the tunnel is started from the data side (Edge/3G), then I believe it's a little better. The tunnel still doesn't switch to wifi, but at least it doesn't go down.

Regards,
Lionel.

[michaelwithe21]

PERFECT!!

I coundt say it any better, i wish i had the ability to explain a situation (the IP/3G/WIfi glitch) as well as yourself... by all means, take over ;P...

i was just upset u didnt reference my nickname in any way, if u really have been using this for a long time, and u know other people who have, thats great...

but as far as i knew, No one (even on android) didnt know how to run a server accessible by public (specific servers only obv) over 3G on the iPhone/other phones....

but u obviously deserve major cutos for realizing what i did =)

[ddarko777]

If someone with the know-how would be willing to automate these tasks via a Cydia app for the rest of us tards that would be awesome.

Related question: is there also a way to trigger the iphone's native VPN client at startup and have it auto reconnect?
[EDIT] Tried fooling around with com.apple.raccoon.plist but no go. It looks like there are a couple of options in there for VPN auto-starting and keeping-alive that are set to false. Switching to 'true' didn't produce any noticeable change on restart. Ok ending edit, sorry for momentary hijack.[/EDIT]

[Quick5oh]

I love the idea of this.

[ddarko777]

FYI, I got veency working over 3G on demand =)

It doesn't involve using VPN but that did set me on the right track to discovering what I needed to do... essentially, overcoming the reason why veency doesn't work over 3G in the first place. Get a public IP!

Full details of my experience posted here:
http://modmyi.com/forums/native-ipho...ml#post4966442