IOS – Unable to ssh root@localhost on jailbroken iPad with iOS 8.1

iosjailbreakssh

I jailbreaked (not for pirates) my iPad 4 (iOS 8.1) several weeks ago and found it unable to ssh root@127.0.0.1 via Prompt 1 or 2 on iPad. Even I cannot connect via LAN IP (e.g. 192.186.X.X). However, there's no problem if I ssh root@LAN IP on my iPhone or Mac in the same LAN.

By the way, I was able to ssh root@localhost on jailbreaked iPad when it was running iOS 6.1. It is also okay if I have already ssh logged in to iPad on my Mac, and ssh root@127.0.0.1 again.

The output of netstat on iPad:

Surface-Pro:~ root# netstat -an|grep .22  
tcp4       0     28  172.22.29.64.22        172.22.26.158.47927    ESTABLISHED  
tcp4       0      0  172.22.29.64.50293     17.110.228.29.5223     ESTABLISHED  
tcp4       0      0  *.22

Does anyone know the reason that iPad cannot connect to itself in apps? (Maybe sandbox/containers model has been changed since iOS 8?)

Best Answer

A much better alternative than to run Prompt as root, is to create another sshd instance listening to a port above 1024.

In this example I have used port 10022.

  • Copy /Library/LaunchDaemons/com.openssh.sshd.plist to /Library/LaunchDaemons/com.openssh.sshd2.plist

  • Change the Label and the SockServiceName in com.openssh.sshd2.plist by appending 2 to ssh / sshd:

    • com.openssh.sshd -> com.openssh.sshd2
    • ssh -> ssh2

  • Add the following lines to /etc/services:

ssh2              10022/udp     # SSH Remote Login Protocol
ssh2              10022/tcp     # SSH Remote Login Protocol

Differences for iOS versions:

iOS 12.1.2 / unc0ver, iOS 13.3.1 / checkra1n:

  • from this answer choice #2.
  • copy the plist as above, but change the SockServiceName in com.openssh.sshd2.plist from ssh to simply the new port number 10022. The section will look like this:
<key>Sockets</key>
<dict>
   <key>Listeners</key>
   <dict>
      <key>SockServiceName</key>
      <string>10022</string>
   </dict>
</dict>

iOS 12.4 / chimera.sh

  • don't copy the plist file
  • instead, edit /etc/ssh/sshd_config as root. Details from this article
  • remove the comment in front of Port 22
  • add another line beneath for Port 10022

All iOS versions:

  • Reboot the device (or launchctl load com.openssh.sshd2.plist if you do not want to reboot)
  • Connect via port 10022 instead of 22

If you have installed bash, coreutils and sed you can automate it with this script:

#!/bin/bash
cd /Library/LaunchDaemons
cp com.openssh.sshd{,2}.plist
sed -i'' '/<key>Label<\/key>/{N;s/sshd/sshd2/}' com.openssh.sshd2.plist
sed -i'' '/<key>SockServiceName<\/key>/{N;s/ssh/ssh2/}' com.openssh.sshd2.plist

cd /etc
if ! grep ssh2 services; then
    cat >> services <<EOF
ssh2              10022/udp     # SSH Remote Login Protocol
ssh2              10022/tcp     # SSH Remote Login Protocol
EOF
fi
Related Question