A couple of months ago, I went on vacation to the far side of the world. I brought along no electronic devices except:
- My Blackberry (work phone; powered off most of the time to avoid roaming charges), and
- My Second Gen iPod Touch (mostly used to track my runs with Nike+).
This was the first time in 10 years that I had traveled without a laptop. I tell myself I need a laptop in case there is a work emergency and I need to remote into some damned device that is misbehaving. But data addiction is probably closer to the truth. I need a hit of pseudo omniscience every couple of hours, or I start to twitch.
During this trip, my separation anxiety from the Internet was acute, but the ubiquity of wireless networks allowed my iPod to serve up a bit of the old placebo effect. I was able to use Safari on my iPod to check in online for my flights and even pick my seats on the plane. I could check webmail. Use Nike+ when I went running. Check the news. Check the weather report. Wardrive. Portscan. You know, practical stuff.
Anyway, this got me thinking about what else I could do on my iPod. I’m usually surrounded by computers which run the utilities I need for my work. I only use my iPod when I run. So the iPod has a gigantic music library but very few apps. Form follows function.
SSH Client on an iPod
Tonight, I’m testing out a new app on my iPod: iSSH by Zingersoft. It does Telnet, VNC, RDP, and X Server. But my primary interest in it tonight is the SSH client. $9.99 from the App Store. Hours of enjoyment.
I hooked up the outside interface of my pet ASA to my wireless router. My iPod’s also hooked up to the same wireless network.
My iPod Touch is running iOS 4.2.1. I purchased iSSH from the App Store and then synced iTunes with the iPod. Here is iSSH on the Home Screen of the iPod (top row, second icon from the left):
After launching iSSH, I set up SSH connection parameters to the outside interface of my Cisco ASA:
You can specify the connection parameters such as SSH, Telnet etc:
After initiating the SSH connection, the iPod receives the SSH server’s key fingerprint:
Once the fingerprint has been accepted by the SSH client, you present the username and password for the SSH connection. I am using the default SSH account on the ASA, which is “pix” with the password “cisco”:
A debug ssh command from a different console session to the Cisco ASA shows the SSH connection negotiation from the iPod:
ciscoasa# debug ssh debug ssh enabled at level 1 ciscoasa# Device ssh opened successfully. SSH1: SSH client: IP = '192.168.1.103' interface # = 2 SSH: host key initialised SSH1: starting SSH control process SSH1: Exchanging versions - SSH-1.99-Cisco-1.25 SSH1: send SSH message: outdata is NULL server version string:SSH-1.99-Cisco-1.25Device ssh opened successfully. SSH0: SSH client: IP = '192.168.1.103' interface # = 2 SSH: host key initialised SSH0: starting SSH control process SSH0: Exchanging versions - SSH-1.99-Cisco-1.25 SSH0: send SSH message: outdata is NULL server version string:SSH-1.99-Cisco-1.25SSH0: receive SSH message: 83 (83) SSH0: client version is - SSH-2.0-PuTTY_Local:_Aug__4_2011_01:03:30 client version string:SSH-2.0-PuTTY_Local:_Aug__4_2011_01:03:30SSH0: begin server key generation SSH0: complete server key generation, elapsed time = 690 ms SSH2 0: SSH2_MSG_KEXINIT sent SSH2 0: SSH2_MSG_KEXINIT received SSH2: kex: client->server aes256-cbc hmac-sha1 none SSH2: kex: server->client aes256-cbc hmac-sha1 none SSH2 0: expecting SSH2_MSG_KEXDH_INIT SSH2 0: SSH2_MSG_KEXDH_INIT received SSH2 0: signature length 271 SSH2: kex_derive_keys complete SSH2 0: newkeys: mode 1 SSH2 0: SSH2_MSG_NEWKEYS sent SSH2 0: waiting for SSH2_MSG_NEWKEYS SSH2 0: newkeys: mode 0 SSH2 0: SSH2_MSG_NEWKEYS receivedSSH(pix): user authen method is 'no AAA', aaa server group ID = 0 SSH(pix): user authen method is 'no AAA', aaa server group ID = 0 SSH2 0: authentication successful for pix SSH2 0: channel open request SSH2 0: x11-req request SSH2 0: firstname.lastname@example.org request SSH2 0: pty-req request SSH2 0: requested tty: xterm, height 24, width 53 SSH2 0: shell request SSH2 0: shell message receivedSSH1: Session disconnected by SSH server - error 0x3c "Time-out activated" SSH1: receive SSH message: [no message ID: variable *data is NULL] SSH1: receive unsuccessful - status 0x3c
And the iPod presents me with the ASA prompt:
And here’s the iPod displaying the output of a show version command:
Pretty stable connection over wireless. The small iPod screen is not optimal for reading lines of config, but it works in a pinch. I tested another SSH connection to a remote firewall and the added lag time was as expected. So, responsiveness is connection-dependent but quite usable.
The same device that is able to play Nine Inch Nails’ cover of Gary Numan’s Metal while simultaneously facilitating a secure management session to a firewall 3 timezones away. Novelty value!