I am looking for an open-source and trustworthy terminal app with common utilities. I prefer Termux myself, however the developer has caused it to be broken in any profile other than the Owner profile. I need a use a terminal in the secondary profiles too. The terminal app will need to access both the internet and all of my files, so it is critical that it can be trusted.

    I personally use ConnectBot, but I don't know what you expect in terms of trust, so I leave that qualification to you.

      Yeah, that boluxed my plans for secondary profiles, though I later realized I could run termux in owner and ssh in... If you really need all your files you're probably still screwed, but if it's a subset, syncthing between profiles might work. I need termux features for which there aren't really replacements.

        Eirikr70 I will give ConnectBot a try. Seems to work in the secondary profiles, I will simply need to see if it can accomplish all the tasks I need.

        morphiak Interesting, I did not know you could ssh into another profile. If that is the case, a user should be able to use rsync or scp to move files between profiles - how has nobody thought of this before? How can this be secure? It seems to me that this being possible would reduce the security of profile isolation.

          Harald How can this be secure? It seems to me that this being possible would reduce the security of profile isolation.

          It would be just as secure as SSH to/from any other host. Profiles can essentially be seen as VMs on a hypervisor. Individually, they're isolated from each other, but you can of course connect to them remotely from anywhere else, whether it's another host or another virtual machine.

            Harald Sorry, I think ConnectBot doexn't answer your needs : it is a tool dedicated to connecting to other devices through ssh, not to run commands on your phone.

              mythodical If there is a SSH daemon running, what would prevent a rogue app from attempting to brute-force that profile's PIN over SSH? A PIN is trivial to brute-force, it is only secure because the lockscreen enforces a timeout. On a desktop, I can mitigate this (on the server side) by disallowing password authentication for SSH and (on the client side) by running SSH as a different user, so that no process running under my own user ID can read id_rsa.

              If I were to use SSH keys to access one profile on my Pixel from a different profile, it seems to me that we are trusting the app sandbox to prevent a rogue app from reading the SSH key. Therefore, this approach would reduce the high security of profile isolation, to the weaker level of app sandboxing. Kindly correct me if my understanding is not accurate!

                Harald I don't know that a userspace app can even access the Android system's PIN interface in the way that you suggest, rogue or otherwise. Someone with more Android and security expertise than I have would need to answer that question.

                  @

                  Harald terminus is my favorite.
                  I can save connection info like profiles and just select them with all the login info all saved.
                  I haven't tried if it handles local configs yet though

                  mythodical Perhaps I am failing to understand how this works.

                  Would you kindly explain in greater detail to me how you SSH from one profile into another? What setting or app is used to do this? How does the SSH server authenticate the client?

                    Eirikr70 Connectbot appears to also be a terminal emulator! I still have not done enough testing to see if it can do all that I need.

                    Harald I've never tried to do so and I only make use of the owner profile, but perhaps someone else can share their experience with it.

                    My comment was in response to your earlier questions:

                    How can this be secure? It seems to me that this being possible would reduce the security of profile isolation.

                    I was simply pointing out that running and connecting to a secure shell carries the same security implications regardless of host. Whether you're connecting from another machine, or from another profile, any vulnerabilities in the protocol or client/server would be the same. I would argue that exposing SSH diminishes, or potentially diminishes, the security of any host, regardless of platform.

                    a month later

                    akc3n Thank you so much for mentioning this app, I just discovered vmConsole and it's exactly what I need to run arbitrary shell commands! 🌷