Back to Silas S. Brown's home page

Desktop SSH via Android devices

Some Android devices have "USB tether" functions that don't work. The following alternative method has two prerequisites:
  1. You must have a working adb command (for example if you've installed the Android Developer Tools bundle)
  2. The shell that adb -d shell gives you must contain an ssh command
Using the SSH command over ADB has the following advantages: There are however some hurdles to be overcome: The above problems can be worked around by using expect and port forwarding.

expect script

This ssh-android expect script works around the above by doing the following:
  1. Connects to an Android shell over ADB and issues an SSH command with the user and host you specify (user defaults to your login name) and password authentication. This command is also set to start a SOCKS proxy.
  2. Uses adb to extend this SOCKS tunnel over the USB connection onto a port on the local machine
  3. Issues a second SSH command outside the adb shell, and sets it to go over the SOCKS connection. The password you entered the first time is repeated by the script.
  4. You may now interact with this second session using the full capabilities of your terminal (since it's not inside adb), and/or tell other applications to connect through the SOCKS proxy
  5. When this second SSH session finishes, the script shuts down the first
The script assumes that the host key is already in your ~/.ssh/known_hosts file, but can be adapted if it isn't.

Install it by saving it somewhere on your PATH, edit as necessary to set the path to adb and use chmod +x on it. You'll need adb and expect on the system (many Macs have expect already, and there are Linux packages in most distributions).

Other use of the SOCKS proxy

Rather than using everything over SSH, you might wish to allow selected local programs to connect over the proxy while still not opening it to everything.

HTTP proxy

Other SOCKS forwarding

For other machines on the local network to access SOCKS directly (rather than via an HTTP proxy), you'll need an additional port-forward because adb listens only to localhost. For example (from the other machine) ssh -L 10080:localhost:10080 192.168.0.1

Redirecting all traffic

Setting up a gateway machine to redirect all traffic would lose the advantage of not having the connection automatically visible to every program on your network (you might need to add blocking rules), and arguably will constitute "tethering", unless perhaps you're providing WiFi to only another phone or tablet that you could have put your SIM into.

Perhaps the easiest way to set things up on the gateway machine (Raspberry Pi or whatever) is to use transocks_ev with iptables and pdnsd.


All material © Silas S. Brown unless otherwise stated.