My R&D for a `sshuttle` alternative for Android (please leave comments/questions/feedback below or email to me)

android-sshuttle-alternative.md

Android SSH Tunnel (Beta), A Simple Alternative to IPSec/L2TP/OpenVPN (with SOCKS Proxy for Mac OS X)

Warning: I do not recommend using "SSH Tunnel" from the Play Store or using the compiled from source application (beta version) until all of the SSH Tunnel Security Concerns are resolved.

NOTE: This article is merely a WIP documentation of my R&D for finding a sshuttle equivalent for Android.

Background

After starting to write my own tutorial for a VPN with IPSec/L2TP (coming soon) (based off several sources), I began to realize that this approach is flawed in its complexity (and most likely has more room for error than alternatives). The sources I used all seemed to take different approaches on MASQUERADE vs SNAT option in the /etc/rc.local configuration as well. Also, none of these offered tips for configuring the server itself to be performant as a VPN (e.g. optimize latency and throughput configuration.

Is there a sshuttle for Android?

While I continued to write this tutorial (linked above), I recalled that I used to enjoy using this sshuttle project (when I had used Ubuntu/Linux Mint; e.g. here was my old setup). Since I tether quite a bit, I thought it would be nice to simply have something like sshuttle set up on my Android device (OnePlus One, rooted as well) and then have a SOCKS proxy on my MBA to tunnel through the device proxy itself (albeit this will slow my 3G/4G connection down if I use it constantly, a simple and secure tunnel is nice to have nonetheless). This is also a simple solution for securely connecting to public wi-fi hotspots or while as a guest somewhere.

SSH Tunnel on Play Store

I found "SSH Tunnel" by simply searching "sshuttle for android" as one would normally on Google. I was brought to this Google Groups thread, which then led me to an Android app called SSH Tunnel and its current version is v1.5.6 (as of today). The source is published at code.google.com/p/sshtunnel as well. However, upon reading the description I noticed the author has a beta going of v2.x.x, and its last update is from 2012 (so is it stable, outdated, or not maintained?). The beta's source code is on GitHub at github.com/madeye/sshtunnel-beta. There is also an APK available to download for the beta version v2.0.3 at https://code.google.com/p/sshtunnel/downloads/list.

As many know, there are obvious concerns regarding security on publicly released APK's – and when dealing with tunneling – I'd prefer to compile from source myself. This beta source code also apparently solves a few issues such as DNS lookup leaks. I did notice that the version v0.9.8m of OpenSSL the project uses is outdated and is vulnerable (?!) (also apparently 100,000 - 500,000 users have v1.5.6 on Android…).

Another thing – I started to file issues on the GitHub project (e.g. getting a stable release of the beta in the Play Store and updating OpenSSL), but the author then instantly disabled the Issues tab – which is questionable since the code.google.com issues are outdated and unmaintained. I wrote to the author @madeye as well, but have not heard back yet. The beta release was once available in the Play Store according to some cached search results at https://play.google.com/store/apps/details?id=org.sshtunnel.beta&feature=more_from_developer and according to this blog post at http://support.vpnsecure.me/articles/getting-started-ssh-tunnel/android-ssh-setup-with-sshtunnel.

I also tried the Shadowsocks app (compiled from source at github.com/shadowsocks/shadowsocks-android) – however it did not have support for SSH tunneling as the SSH Tunnel app has.

It would be great to get the developer community involved with this project, as it has a lot of potential for being the well-tested/developed, simple/quick, go-to solution for a poor man's VPN (like sshuttle) on Android.

SSH Tunnel Security Concerns

I've compiled this list of security concerns regarding the SSH Tunnel app (in no particular order of significance):

• Possibly uses vulnerable version of OpenSSL

• The app contains proprietary analytics software (called "FlurryAgent") through the use of FlurryAgent.jar via f-droid.org)

  so you can be spied on while you make your secure private connections!? — CiaranG

  • Someone suggested to replace Flurry with Countly and also questioned why the need for analytics on an SSH Tunnelling app is needed in the first place at https://bitbucket.org/madeye/sshtunnel/issue/1/suggestion-replace-flurry-by-countly – but upon closer look in src/org/sshtunnel/SSHTunnelService.java:1044 it seems like in the beta version it's not used?

    // This is the old onStart method that will be called on the pre-2.0
    // platform. On 2.0 or later we override onStartCommand() so this
    // method will not be called.
    @Override
    public void onStart(Intent intent, int startId) {
    
    super.onStart(intent, startId);
    
    FlurryAgent.onStartSession(this, "MBY4JL18FQK1DPEJ5Y39");

  • I discovered there is also a BitBucket repository at https://bitbucket.org/madeye/sshtunnel (in addition to this GitHub repo for SSH Tunnel... so confusing – I wonder what the diff looks like and/or what are the missing commits are between the two?)

  • Can we use this as an alternative to FlurryAgent.jar? https://github.com/uniqdom/FinfAgent

• The app has a beta that is two years old and was once released to the app store (but now is pulled) – what was the reasoning for that?

• The app in the Play Store is v1.5.6 which has DNS leaks (noted above) and seems to be much slower than the beta v2.x.x package.

How-to setup SSH Tunnel (Beta) for Android

Step 1: Build SSH Tunnel from source

TODO: Add instructions here (or fork the repo and rewrite the Readme as similar to https://github.com/shadowsocks/shadowsocks-android#build and https://github.com/yshahin/dotfiles/blob/master/zshrc#L31-L36). Then transfer and install to your Android device over USB with adb -d install my-signed-app.apk.

Step 2: Set up an SSH-only accessible server

TODO: Add instructions here for setting up Digital Ocean box and also instructions to tune it for http://shadowsocks.org/en/config/advanced.html (what bits of this config are even necessary if any?)

Step 3: Create an "android" user with a 4096-bit encrypted SSH key

TODO: Add instructions here for generating key, adding user

ssh-keygen -t rsa -b 4096 -C "android"

Step 4: Transfer the secure key to the Android device

TODO: Add instructions here for copying SSH key to desktop and then using adb to push it

adb push id_rsa /sdcard/sshtunnel/key

Step 5: Configure the SSH Tunnel profile

TODO: Add instructions (and screenshots?) here showing how to configure the profile in SSH Tunnel beta app

Step 6 (Optional): Configure Mac OS X to use SOCKS Proxy

In order for any device connected to your Android hot-spot running SSH Tunnel, you'll need to configure the device's network to use SOCKS proxy.

TODOS

• Reply to google group sshuttle android question with this tutorial
• Try to get a hold of the author again
• Post to Hacker News
• Share internally among the team

Great article.

Any update? Do you currently run the compiled beta version? Any issue?

The author of sshtunnel seems to be the same person behind proxydroid. He appears to have a more up-to-date repository (labelled "beta") here: https://github.com/madeye/sshtunnel-beta

Yeah, but last activity there seems to be 3 years in the past.