digg

Join DiggAbout

Donkeys and Elephants and Delegates,oh my!
Check out the most popular Elections 2008 content on Digg.

Slick iPhone SSH client

churchturing.org — A slick web 2.0 SSH client for you iPhone with that nice iPhone look and feel. Give it a try. Works great in a normal web browser too. Contains helpful security tips.

Bury
show profanity settings
expand all
  • kalleboo, on 10/11/2007, -38/+14Haha, this is awesome, try it out! Works in Safari 3 as well!
    • KibibyteBrain, on 10/11/2007, -4/+33Yeah, its really awesome...that is, for an SSH client that sends my SSH usernames and password, albiet encrypted through the Internet, to a 3rd party I don't really know or trust. Thats a great idea. SSH clents are not really a good tool to go web based.
      • randomgeek, on 10/11/2007, -10/+2I understand what you're getting at, but I think you're glossing over the encryption thing.
        • archlich, on 10/11/2007, -1/+17You are sending... your passwords... to... another... untrusted... computer...

          Slower?
          • loginx, on 10/11/2007, -0/+8Just leave all the field values as their default and click submit to see what it did. That's what I did.
            All it does is show you an alert box that tells you how stupid it is to send ssh creds through a web-app...
            Sorry for the spoiler.
    • WiseWeasel, on 10/11/2007, -1/+13Yes, everyone should avoid using this through an untrusted server. You can get the code to run this yourself securely on your home computer here:
      http://www-personal.umich.edu/~mressl/webshell/
      That site seemed to be down when I last checked, so here's the google cache:
      http://72.14.253.104/search?q=cache:23cA-2-an0QJ:www-personal.umich.edu/~mressl/webshell/

      If properly set up on your personal computer, this can be a secure and powerful tool, but DO NOT EVEN THINK of using this tool running on random websites!
    • brundlefly76, on 10/11/2007, -1/+13anyone who submits their ssh login credentials in a web form to anyone is a moron, has nothing to do with iphone.
    • Pepper, on 10/11/2007, -1/+16I love it how the above comments are so defensive. Just by looking at the HTML source you can tell it's not for real.

      function idiot() {
      alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
      window.location.href = "http://applepedia.com/IPhone";
      }
  • anisotropy, on 10/11/2007, -38/+11Perfect, this is just what I required. Works like a charm.
    • Konstantino, on 10/11/2007, -1/+6Too bad you didn't actually try to use it...
      • kalleboo, on 10/11/2007, -2/+2Too bad you don't have a sense of humor
  • revmischa, on 10/11/2007, -35/+8Works great, I've been waiting for something like this for a long time!
  • sharkpal, on 10/11/2007, -33/+7It's like mindterm for my iPhone! I don't even need to be home to telecommute. Wow.
    • oneSaint, on 10/11/2007, -0/+2Sharktal, Kissy and Souterrain are all fake users.... lame!
      • DarkPrince11, on 10/11/2007, -0/+2you just lack the sarcasm element of life don't you?
  • KiSSyHeartiez, on 10/11/2007, -32/+7iPhone's feature list has been pretty threadbare. Using this ssh client, I'm now able to get onto instant messengers such as naim or even irc.

    Thanks, this ROCKS!
  • souterrain, on 10/11/2007, -32/+11finally! It even works on my BlackBerry Pearl. Just make sure you enable Javascript in the browser options!
  • musashix90, on 10/11/2007, -37/+12Um, not sure if this happened to anyone else, but when I put in my (fake) info, it just said something along the lines of "Don't trust Web2.0" and took me to a Wiki page.
    • trogdoor, on 10/11/2007, -4/+19That's the point and you just blew the joke.
      • musashix90, on 10/11/2007, -5/+1Meh. Dealt with iPhones anyway. No biggie. It wasn't like I was spoiling eon8 or Christmas.
    • Draicone, on 10/11/2007, -1/+6I'm assuming the guy /actually/ wanted to input his SSH login details into an insecure website. Should we ban him from digg on grounds of principle? =P
      • skinfitz, on 10/11/2007, -0/+1You are clearly suggesting that Digg users are technically literate.
  • tnoy, on 11/11/2007, -16/+219Yeah, I'm really going to trust some random website with something like this.
    Its not a bad way to harvest login/pw from stupid people.
    • cruppel, on 10/11/2007, -16/+11I know, right? the sheer hype behind the iPhone makes it the greatest phishing tool ever!
    • windfanatic, on 10/11/2007, -14/+9why are you guys burying tnoy and cruppel?.. THEY ARE RIGHT YOU MORONS!..
    • Flashman, on 10/11/2007, -10/+16You could easily prove the site was acting in bad faith by setting up a honeypot for a certain username and password on your server, which would only be provided to this site. If someone besides you logs in with that account, you've got your proof.
      • rageguy, on 10/11/2007, -0/+4You'de probably need to be a little more complex than that. If I was to put on my blackhat for a minute here I wouldn't bother using logins harvested, I just keep a log of every character sent and received by the people using it.
        I'm certain I'd strike jackpot and get a log of someone running vi /private/accounts/creditcardsdb_backup.sql
        The beauty of this is you would never know that I am watching. At least until I try and buy things with the stolen numbers.

        Anyway, there is plenty of other nuggets of information I could steal by watching the sessions. IP's of important servers or services, views of sourcecode that people are editing that reveal vulnerabilities in web apps.

        You could even take it a step further, hijack an existing session so your connection is still the only connection made or silently installing a rootkit during your connection.

        *takes black hat off and puts on tin foil*

        In other words, never intrust your details to a unknown unencrypted third party unless you like the idea of your computer and net connection getting used to launch denial of service attacks, spread new trojans, run child porn websites or other nasties ect.
    • BuckyDent, on 10/11/2007, -6/+5was trying this with local ip just to be safe but no, it just had to be fake
      • joephish, on 10/11/2007, -1/+7that wouldn't work using any ssh client working from a remote machine
    • Powerdrift, on 10/11/2007, -1/+11Has no one actually submitted the form or something? o_O
      • BodhiGeek, on 10/11/2007, -0/+5Hell no! Though, I did check out the source. :-) I would hope anyone savvy enough to use SSH would have the sense not to trust ANYONE with their login credentials. Probably not, though. ;-)
      • Powerdrift, on 10/11/2007, -0/+9You can just leave the contents of the fields as is (fake info) and hit submit you know :P
    • drgruney, on 11/11/2007, -3/+6But.... but it's .org!?!
    • jollyroger814, on 10/11/2007, -2/+1@tnoy

      Sounds likes you did submit the form.
    • ferggo, on 11/11/2007, -0/+5I was going to view the page source to see how the hell they were doing this, and I was very well rewarded. Totally classic!
      I wouldn't have dugg it if I hadn't looked at what it *really* does!
    • caffeine43, on 11/11/2007, -0/+7What? No spot for my credit card / social security numbers? This is clearly fraudulent.
  • albiniak, on 10/11/2007, -22/+11Thanks! You just saved our budget. We were about to hire a private development team, but this saves us time -- and it even looks nice!
  • schestowitz, on 10/11/2007, -12/+5A few weeks ago, someone posted a link to a iPhone OpenSSH program that actually looks like a proper app. If only I could find that link... or remember the name. Does anybody know anything?
    • muszek, on 10/11/2007, -5/+1Man... it must suck to be you... looks like you're often dugg down not because what you say, but because you're you.
    • elvenseven, on 10/11/2007, -1/+4Nobody likes a fanboy.
    • BodhiGeek, on 10/11/2007, -3/+0I don't remember the name of the iPhone version, but I remember it was based on AJAXTerm.

      Ahhh... Google to the rescue.. It was WebShell. But, the server it's hosted on is hosed at this moment and the code is inaccessible.
  • ravan46, on 10/30/2007, -3/+108Hopefully all the competent people will only get so far as the hostname before thinking "Wait a minute..."
    • praisethelard, on 06/06/2008, -3/+11Or just look at the source of the page.
    • Draicone, on 10/11/2007, -0/+6Hopefully. It should be pretty bloody obvious. The JS function is visible above the fold (in view-source) even on 800x600.
    • fluxion, on 10/11/2007, -0/+4i got as far as the username, and was like "hmms0rz, i must be a retard!"
  • deadbaby, on 10/19/2007, -7/+31Funny site however it would be entirely safe to do this using HTTPS hosting the site on your own server.
    • fullstop102, on 10/11/2007, -1/+3Indeed. I noticed it was HTTP only too. May as well just open my own website and advertise my log on details in a TXT file!
    • bglav, on 10/11/2007, -1/+1SSL SSH...
  • insomniac8400, on 10/11/2007, -11/+5Thats not an iphone interface, it's a webpage.
    • Draicone, on 10/11/2007, -1/+5Remember Jobs said that iPhone apps would operate via Safari? Thats what it is.
      • Skahara, on 10/11/2007, -2/+0So... It`s a webpage and Safari is a web browser...
        • insomniac8400, on 10/11/2007, -1/+1So it's not an iPhone app. An iphone app would be a program that runs directly on the phone. I ask this, if a webpage is an iphone app, what do you call a real application that is released on the iphone? An iphone plugin?
  • fishmecha, on 10/11/2007, -11/+6I loved it! Now make an IRC client for the iPhone...
  • supermike35, on 10/11/2007, -15/+3Buried as iphone story
  • RyeBrye, on 11/02/2007, -7/+50Sweet - it even lets me upload my private key so I can connect whenever I want without using a password! Great! :)
    • Draicone, on 10/11/2007, -2/+10I know, its brilliant! I especially love the 'session save' feature, where you can upload your private key and bind all your login details to it, then save it as a publicly accessible, searchable, indexed login profile so that you can login from anywhere without any authentication whatsoever! A new dawn in flexibility!
  • pr5owner, on 10/30/2007, -37/+35WTF you ppl cant be serious, what is stopping that guy from stealing all your pwds?

    oh well only desperate applefan boys, i guess they deserve to have their networks hacked
    • pasqualiej, on 10/11/2007, -6/+10fail.
    • megooz, on 10/11/2007, -1/+5Maybe the fact that there's absolutely no data sent. Just look at the source, do you see a 'POST' command?
    • 808kick, on 10/11/2007, -0/+5Learn to internets
  • jull1234, on 10/11/2007, -13/+61Sweet, now I can reboot my web server like Maddox.
    • pivovy, on 10/11/2007, -2/+8Looks like some creative and angry iPhone owner didn't like his report
    • Erroneus, on 10/11/2007, -1/+6Actually the site owner can now reboot your web server...
    • jull1234, on 10/10/2007, -1/+1For the record, I neither own nor plan to purchase an iPhone.
  • handler, on 10/11/2007, -17/+25Nice server harvesting tool, he probably saves all the info that is submitted.
    • r3zonance, on 10/11/2007, -0/+11No, because it isn't submitted, it calls a nice javascript alert box.
  • sonicvanajr, on 10/11/2007, -27/+64Send your SSH username and password through some random person's website.

    Ah, the genius of iPhone/Mac users shows itself once again
    • NSResponder, on 10/11/2007, -1/+13Why do you assume that anyone has fallen for it?

      -jcr
    • deadbaby, on 10/11/2007, -2/+7^^ Because fits his preconceived notions nicely. Reality distortion fields work both ways.
  • rebotfc, on 10/11/2007, -15/+15Lame joke sorry.
  • jesuscampos, on 10/11/2007, -7/+21Hey! Why are you logged on to my server?

    I wonder how they got my account info?


    Cool App, but if you want really want users to use it, give the code away.
    • Microdot, on 10/11/2007, -6/+4what he said.


      anyone who uses this app on this guys server, is a flipping idiot. share the code (or if you think its worth something, sell it)
    • fluxion, on 10/11/2007, -1/+10the code is freely available. it's a javascript popup telling you you're a dumbass, which im sure has many possible uses on the intrawebz.
  • prguitarman, on 10/11/2007, -9/+8The first four or five comments to this thread alone should be suspicious enough to begin with. They sound too much like infomercial people "Wow, this really DOES work! I can also use it to blahblahblah!"

    Do not trust this site!
    • rastakid, on 10/11/2007, -0/+4Did you even gave it a try (with fake data ofcourse ;))? It just throws you an javascript.alert telling you not to trust web 2.0
  • uncleLeo, on 10/11/2007, -6/+32view the page source
    • ilovenicotine, on 10/11/2007, -2/+1yeah, you can totally see all the server-side code from the HTML source. for instance I hit view source in firefox and I can see all the PHP code logging your IP address and password.
      /dumb
      • fogster, on 10/11/2007, -0/+1@ilovenicotine: You clearly didn't view the page source. It renders your point moot. /dumb
  • GotMex, on 10/11/2007, -8/+6Sweet! It even works if I use bogus info like...
    hostname: idiot.com
    username: stupid
    password: stealfromme
    port: 1337
  • mattjumbo, on 10/11/2007, -11/+6Ah, the snotty elitism of shuddering dorks unable to get a date shows itself once again.
  • SnugglesGuy, on 10/11/2007, -9/+25ctrl+u

    "function idiot() {
    alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
    }"
  • wheresaldo, on 10/11/2007, -8/+13HTML+AJAX are not real iPhone applications, no multi-touch, no integration with OS or hardware, no off-line capabilities.
    • serpentor, on 10/11/2007, -8/+4True, though be prepared to be dugg down, iPhoners won't admit this.
    • heavyd14, on 10/11/2007, -4/+11Yeah, cause SSH works off line real well.
    • ilovenicotine, on 10/11/2007, -0/+2maybe if Apple would have made it availible to developers we wouldn't be stuck with ***** web apps. Blackjack WM5 with 3G ftw.
  • xpose, on 10/11/2007, -6/+18 alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
  • ig33k010011, on 10/11/2007, -5/+5that website looks shady
  • TheRealToma, on 10/11/2007, -2/+41Next up, ¨Credit card application for iphone!!!¨
  • kuyote, on 10/11/2007, -4/+2get some web space, and setup weirdx... Much safer, and you control it
  • Jericon, on 10/11/2007, -9/+14We need to bury this...
    • data64, on 10/11/2007, -0/+1May I suggest, you click on submit to find out what it actually does. Use the default values for host name, user, password, etc.
  • optize, on 10/11/2007, -2/+37It's a joke, people calm down.
  • cozinator, on 10/11/2007, -2/+38I've never seen such a large collection of people who didn't get the joke.
  • zovres, on 10/11/2007, -4/+1great how do you ***** type?
  • tdous, on 10/11/2007, -4/+12In the source code of the page is a javascript alert message saying "You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything".

    This has already been commented but since the commenters didn't bother to explain very well what they were talking about for readers who maybe don't, don't know how to or wouldn't know what they were looking at if they did view the page source.

    PSA : Stay away from ***** like this!
  • jthomp, on 10/11/2007, -7/+2Why would someone go through the trouble to do this just to basically say the iPhone sucks? Buried for lameness. Seriously, dumbest shat ever.
  • fearphage, on 10/11/2007, -5/+3The iphone is for people with more money than sense.
  • Gioware, on 10/11/2007, -5/+2any human being must be really 100% idiot to trust such a thing, interesting function there:

    function idiot() {
    alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
    }
  • Trinitrogen, on 10/11/2007, -2/+22Have you STILL not figured out the joke yet?
    • xarquid, on 10/11/2007, -4/+0It may be a joke, but I *promise* people are using it. ;p
  • wastern, on 10/11/2007, -6/+2View the source on the page......


    function idiot() {
    alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
    }
  • kahlessreborn, on 10/11/2007, -9/+2Marked as Spam and for wrong topic and for the poster being an idiot.
  • xarquid, on 10/11/2007, -8/+1Marked as spam and buried. This is rediculous. Do not use some random portal, non-secured (or secured for that matter), for a terminal (secure or otherwise) to your/anyone's server(s).

    This is stupid.
    • bradkovach, on 10/11/2007, -0/+1No. You are stupid. It's a hoax that's designed to tell people how stupid they are for buying into the iPhone hype. If you click submit without submitting anything, it will just display a message and compare the iPhone to other phones.
  • joefreeza, on 10/11/2007, -8/+3iPhone still isn't compatible with most earphones...
  • Pingspike, on 10/11/2007, -8/+2This should probably get reported for phishing. Whada tool.
  • schrom, on 10/11/2007, -7/+0Don't use it. Someone said: "it even lets me upload my private key so I can connect whenever I want without using a password!" I would say: now you are not the only one, who can connect whenever he wants....
  • toarn, on 10/11/2007, -4/+1pwned
  • iHasaFlavour, on 10/11/2007, -7/+0Interesting piece of social engineering. I filled in some bogus username and pw, and put my real hostname. Now I'm watching my ssh logs with great interest.

    The last time someone tried to 'hack' my university box I got their ISP to disconnect them. I do love being evil :-)
  • goughy000, on 10/11/2007, -1/+10it doesn't really harvest your user names and passwords, if you look at the code it doesn't even post any of the data to any site, its just a redirect..
  • Fetching more discussions...
    Show 51 - 82 of 82 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.