Wednesday, August 6, 2008

SSH to tether your iphone over USB cable to get your PC online

This manual is based on the ideas and guides first presented here in Russian and agreed with the author.

The goal is to connect your Windows PC to the Internet over iphone's GPRS/EDGE via USB cable.
The PC:
iTunes should be installed on the PC (UPDATE: iTunes 8.2/9 should be used for iphone OS3.x), moreover you may need .NET Framework 3.5 to be installed in order to make it work. Iphone Tunnel Suite is not needed. Instead you need to download only a core part, the iTunnel.exe, one supplementary dll (iTunesMobileDevice.dll) and startup cmd-file. The link to itunnel.zip is below:
http://www.mediafire.com/?tnaqjzw0mnd - for OS2.x
http://www.mediafire.com/?tlmdkorzmyq - for OS3.x (iTunesMobileDevice.dll from iTunes 8.2)
http://www.mediafire.com/?2q1fzowoy12 - for iTunes 9 (iTunesMobileDevice.dll from iTunes 9)

For ssh access I am going to use Bitvise Tunnelier. In particular, Tunnelier Portable is excellent GUI ssh client with clear interface and good help file. It doesn't need to be installed on the computer and can be started even from USB flash drive. Download it from here:
http://tp.vbap.com.au/download

The iphone:
You need to have OpenSSH installed and optionally some of the "toggle" application like Bossprefs, Netservices or Services in order to enable/disable SSH server. Disable wifi to avoid any interference.

1. Start TunnelierPortablev1.1.4.26.paf.exe and extract its content to some directory, for instance, C:\PortableApps\TunnelierPortable
2. Extract itunnel.zip to the same directory.
3. Find Runtunnel.cmd file here and be prepared to start it later. This batch file has only one command inside
itunnel.exe 22 22
which will do the trick. This console application builds a "port bridge" between the iphone port 22 and the same port on the PC.
4. Start TunnelierPortable.exe and tune it up according to the following screenshots.

Login - enter 127.0.0.1 into the Host field, root as login, choose for initial method "password" and enter the root's password below. You can store the encrypted password in the profile if you like.
For better security you can use key pairs for authentication but this item is out of our guide, see ssh manual for details.

Options - notice two check boxes at the top right part. Enabling "Open Terminal" and "Open SFTP" you can use internal Tunnelier Terminal and SFTP client (WinSCP-like) to access the iphone after the connection.
Disable any of them if you don't need them opened.

Services - an excellent feature of Tunnelier to arrange local socks-proxy server on the PC (the same as -D key in OpenSSH) to provide access for any socks-aware client applications on your PC.
Notice the port is 1080, you can change it here but don't forget to change it in your client socks configuration later.

Client to Server Forwarding - this screen is optional and contains three sample entries to show how to make local port (-L in OpenSSH) tunneling for non socks-aware applications. For example, Gmail imap/smtp access for Outlook Express is shown. Additionally, Remote Desktop connection to some fictitious remote.pc.com site is displayed, note the local port number is chosen not to be the same as local listening RDP port if it's enabled on your PC.
OK, now Tunnelier is prepared for connection, you can save the profile for future use if you like.
5. Connect the iphone to the PC with standard USB cable, be sure that SSH server is enabled on the iphone.
6. Launch the Runtunnel.cmd mentioned in point 3. Notice Windows Firewall warning and add iTunnel to the exceptions list. You will see the black console window contains nothing except the above command. Do NOT close this window, it should stay opened during the whole connection session, later you will notice some messages there proving that tunnel is working.
7. Press Login button in Tunnelier. First time the client will ask you to accept the host key from ssh server (your iphone). Accept it and look at the Tunnelier lower pane for log of the connection. If you enable Terminal and SFTP check-boxes Terminal and SFTP client windows will be opened allowing you to interact with iphone.
The connection is made. Now you need only to tune up your Windows applications to get access to the Internet over ssh tunnel.
Mozilla Firefox/Thunderbird should be set to use localhost socks5 proxy server according to the following screen:

If you have some more socks-aware applications tune them accordingly.
In addition, you need to change some advanced settings in Mozilla applications for proper DNS resolution.
Open about:config in Firefox (type this in the address in new tab) to start Advanced configuration and find the following string
network.proxy.socks_remote_dns and double click on it to change its value to true
The same trick should be made in Thunderbird, to access Advanced Configuration choose Tools/Options/Advanced/General and click on Config Editor...
Unfortunately, the iphone DNS resolver works rather strange and buggy, so you may experience some troubles with opening of popular web-sites like yahoo.com or google.com - in order to force the iphone resolver I recommend you to open them in the iphone's Safari before. Immediately after opening in the iphone this site will be available in Firefox too. Some IM applications may be configured to use ip-address instead of server's name to connect.
Alright, we've got the PC connected to the iphone via USB cable, packets are transfered over the ssh tunnel between the computer and the iphone. The iphone is connected to the Internet over GPRS/EDGE/3G so we have it on the PC for socks-configured clients. You can open some diagnostic sites like 2ip.ru to be sure that your ip-address is from the pool of your iphone GSM operator.
How to get access for any other applications (remember, ssh works only with TCP).
For instance, Outlook Express can not use socks, so we arrange two extra tunnels for it (see C2S Fwd screen). The only thing we need is to guide OE to connect not to the original smtp/imap servers but to localhost (127.0.0.1) on the same port as the Gmail servers use. To simplify the task and keep the OE servers settings untouched you can modify Windows hosts file adding the strings like this into it:
127.0.0.1 imap.gmail.com
127.0.0.1 smtp.gmail.com
Finally, to access Remote Desktop of our sample remote.pc.com site over EDGE you need to start Remote Desktop Connection on your PC and enter the following address in the Computer field:
127.0.0.1:33890
In this case your PC will be connected to the remote site in Internet over the third sample tunnel.
Voila! The small iTunnel.exe application (don't forget to look at its black window) helps us to tether with iphone and connect the PC to the Internet world. And we managed to do it without wifi!!

In the next post I will explain how to succeed in the opposite case - to connect the iphone via the USB cable to your Internet-connected PC in passthru mode. Be patient and stay tuned...