Comments (6)
Am Donnerstag, den 22.08.2013, 08:29 -0700 schrieb landroni:
I'm no security expert, but I vaguely remember reading that installing
a telnet client on a Linux system represents a serious security issue.
Are there potential security issues when installing remotekeyboard on
Android?Thanks!
—
Reply to this email directly or view it on GitHub.
Hi,
installing a telnet client is perfectly safe, installing a server is not
nescessarily dangerous in itself. The problem lies with the telnet
protocol which sends all its data unencrypted over the line and hence is
prone to eavesdropping and man-in-the-middle attacks.
As for potential security risks with Remote Keyboard:
RK will listen on port 2323 of all network interfaces (including the 3G
interface). I suggest setting a password and/or using an app like
Droidwall to limit RK to WIFI only if you are using a device with a 3G
modem. Only enter sensitive data (e.g. passwords) on trusted WIFI
networks. If in doubt, fall back on an on-screen keyboard. The best way
to use RK, however, is by using ADB to forward your network connection
via USB. That way your communication is not only secure, but you will
also not have to worry about battery drain.
Further worth mentioning:
- RK will always only accept one connection. So while you are connected,
nobody else can. - If someone else manages to connect to your device, the worst they can
do is type blindly. You cannot request data from the client.
Hope that answers your questions.
from remotekeyboard.
Thank you so much for this exhaustive answer. I think it's definitely worth including the answer as-is in the FAQ.
While we're at general questions, is there a good reason to use telnet instead of ssh? Wouldn't ssh allow to achieve the same functionality, but provide more security?
from remotekeyboard.
Am Mittwoch, den 28.08.2013, 12:25 -0700 schrieb landroni:
Thank you so much for this exhaustive answer. I think it's definitely
worth including the answer as-is in the FAQ.While we're at general questions, is there a good reason to use telnet
instead of ssh? Wouldn't ssh allow to achieve the same functionality,
but provide more security?From a security point of view, SSH is most definitely better than
telnet. The main problem simply is that I couldn't find a suitable Java
SSH server implementation (there is Apache Mina, but it is poorly
documentated) and the general advice in the security community is: DON'T
implement crypto stuff yourself. It's also worth mentioning that telnet,
unlike SSH is available on every OS and that SSH takes a bit longer to
connect and is a bit more difficult to setup due to the whole key
exchanging business.
All in all, it boild down to: if security is of concern to you, no
cryptography beats the privacy of a dedicated USB cable.
from remotekeyboard.
Personally, I'd prefer that this app remain focused on just what it does -- act as a remote keyboard server. If you want secure authentication, "there's an app for that".
I've installed an SSH server from icecoldapps. Relying on the fact that Remote Keyboard binds to ALL network interfaces, including "localhost", from a terminal on my workstation, I simply run:
ssh -fNT -L2323:localhost:2323 username@nexus10
This makes a background SSH connection that uses port forwarding (-L
) to open a tunnel to the Remote Keyboard server running on port 2323 on "localhost" on the Android device. Then from my workstation, I run:
telnet localhost 2323
and presto! I'm connected to the remote keyboard through the SSH tunnel.
What I'd like to see now is an option for Remote Keyboard to bind ONLY to localhost, so that I can leave it passwordless and rely on SSH for authentication. Or even better, enforce the localhost binding when no password is set.
from remotekeyboard.
Am Donnerstag, den 14.08.2014, 09:31 -0700 schrieb Paul Chvostek:
Personally, I'd prefer that this app remain focused on just what it
does -- act as a remote keyboard server. If you want secure
authentication, "there's an app for that".I've installed an SSH server from icecoldapps 1. Relying on the fact
that Remote Keyboard binds to ALL network interfaces, including
"localhost", from a terminal on my workstation, I simply run:ssh -fNT -L2323:localhost:2323 username@nexus10
This makes a background SSH connection that uses port forwarding (-L)
to open a tunnel to the Remote Keyboard server running on port 2323 on
"localhost" on the Android device. Then from my workstation, I run:telnet localhost 2323
and presto! I'm connected to the remote keyboard through the SSH
tunnel.What I'd like to see now is an option for Remote Keyboard to bind ONLY
to Localhost, so that I can leave it passwordless and rely on SSH for
authentication. Or even better, enforce the localhost binding when no
password is set.—
Reply to this email directly or view it on GitHub.
Yeah, definitely should do that. I have been meaning to rewrite the
entire telnet stack, but so far, had no time to do it.
from remotekeyboard.
@chvostek Great idea. I wrote a script for that: https://github.com/ypid/scripts/blob/master/remotekeyboard-login
It sets up a ssh Port forwording, connects via telnet and enters the password …
Maybe it will be useful for somebody.
The script could also be used to support: Local echo
from remotekeyboard.
Related Issues (20)
- Keyboard layout HOT 2
- add example of telnet call HOT 2
- option to use only on Wifi HOT 1
- no 2323 port listening HOT 1
- Speecial values for F keys
- Custom text for keyboard/ASCII art HOT 1
- No connection after password failure possible HOT 1
- Other port HOT 1
- Settings screen: UX HOT 1
- Settings screen protection insufficient
- Easily close connection HOT 1
- Local echo of only last few char(s) HOT 1
- Use on lockscreen HOT 2
- Cannot switch from one Startscreen to another HOT 2
- Option to transfer all keystrokes HOT 1
- Source code fix on mapping PAGE_UP
- Exception on disabling HOT 1
- Feature request: bind to localhost
- Can't type ESC HOT 15
- notification icon HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remotekeyboard.