I am looking for an open-source and trustworthy terminal app with common utilities. I prefer Termux myself, however the developer has caused it to be broken in any profile other than the Owner profile. I need a use a terminal in the secondary profiles too. The terminal app will need to access both the internet and all of my files, so it is critical that it can be trusted.
Recommend a Terminal app to me?
I personally use ConnectBot, but I don't know what you expect in terms of trust, so I leave that qualification to you.
Yeah, that boluxed my plans for secondary profiles, though I later realized I could run termux in owner and ssh in... If you really need all your files you're probably still screwed, but if it's a subset, syncthing between profiles might work. I need termux features for which there aren't really replacements.
Eirikr70 I will give ConnectBot a try. Seems to work in the secondary profiles, I will simply need to see if it can accomplish all the tasks I need.
morphiak Interesting, I did not know you could ssh into another profile. If that is the case, a user should be able to use rsync or scp to move files between profiles - how has nobody thought of this before? How can this be secure? It seems to me that this being possible would reduce the security of profile isolation.
Harald How can this be secure? It seems to me that this being possible would reduce the security of profile isolation.
It would be just as secure as SSH to/from any other host. Profiles can essentially be seen as VMs on a hypervisor. Individually, they're isolated from each other, but you can of course connect to them remotely from anywhere else, whether it's another host or another virtual machine.
mythodical If there is a SSH daemon running, what would prevent a rogue app from attempting to brute-force that profile's PIN over SSH? A PIN is trivial to brute-force, it is only secure because the lockscreen enforces a timeout. On a desktop, I can mitigate this (on the server side) by disallowing password authentication for SSH and (on the client side) by running SSH as a different user, so that no process running under my own user ID can read id_rsa
.
If I were to use SSH keys to access one profile on my Pixel from a different profile, it seems to me that we are trusting the app sandbox to prevent a rogue app from reading the SSH key. Therefore, this approach would reduce the high security of profile isolation, to the weaker level of app sandboxing. Kindly correct me if my understanding is not accurate!
Harald have you tried playing around with https://github.com/sylirre/vmConsole
Harald I don't know that a userspace app can even access the Android system's PIN interface in the way that you suggest, rogue or otherwise. Someone with more Android and security expertise than I have would need to answer that question.
@
Harald terminus is my favorite.
I can save connection info like profiles and just select them with all the login info all saved.
I haven't tried if it handles local configs yet though
mythodical Perhaps I am failing to understand how this works.
Would you kindly explain in greater detail to me how you SSH from one profile into another? What setting or app is used to do this? How does the SSH server authenticate the client?
- Edited
Harald I've never tried to do so and I only make use of the owner profile, but perhaps someone else can share their experience with it.
My comment was in response to your earlier questions:
How can this be secure? It seems to me that this being possible would reduce the security of profile isolation.
I was simply pointing out that running and connecting to a secure shell carries the same security implications regardless of host. Whether you're connecting from another machine, or from another profile, any vulnerabilities in the protocol or client/server would be the same. I would argue that exposing SSH diminishes, or potentially diminishes, the security of any host, regardless of platform.