android/SSHdroid
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
4 commits 1 branch 0 tags 217 KiB
Find a file
Exact
firebadnofire 86be03d153
 prototype
2026-02-28 16:24:52 -05:00
.idea UIUX 2026-02-28 14:10:22 -05:00
.kotlin/errors UIUX 2026-02-28 14:10:22 -05:00
app prototype 2026-02-28 16:24:52 -05:00
gradle prototype 2026-02-28 16:24:52 -05:00
.gitignore commit 2026-02-28 12:52:17 -05:00
build.gradle.kts prototype 2026-02-28 16:24:52 -05:00
DECISIONS.md prototype 2026-02-28 16:24:52 -05:00
gradle.properties commit 2026-02-28 12:52:17 -05:00
gradlew commit 2026-02-28 12:52:17 -05:00
gradlew.bat commit 2026-02-28 12:52:17 -05:00
LICENSE add license 2026-02-28 14:11:13 -05:00
README.md prototype 2026-02-28 16:24:52 -05:00
settings.gradle.kts commit 2026-02-28 12:52:17 -05:00

README.md

SSHdroid Phase 2 (Functional Wiring)

Android SSH client prototype with local-first persistence, SSH transport, host-key verification, key management, jump-chain model, and runtime session management.

Current Scope

  • Implements Phase 2 MUST-first scope.
  • Defers SFTP browser and port forwarding (visible as disabled/deferred in UI).
  • Uses local device storage only (no cloud sync/telemetry).

Tech Stack

  • UI: Jetpack Compose + Material 3
  • Persistence: Room (hosts, chains, keys metadata, known_hosts, history)
  • Preferences: DataStore
  • SSH transport: SSHJ
  • Key storage: app-private encrypted blobs + Android Keystore-backed app key
  • Background runtime: Foreground service with persistent notification while sessions are active

Build

./gradlew :app:assembleDebug

Test

./gradlew :app:testDebugUnitTest

Functional Flows

  1. Add one or more hosts in Hosts.
  2. Add optional jump chain in Hosts > Jump Chains and assign it to a target host.
  3. Create a key in Keys and assign it to host auth.
  4. Open Connection Preview and connect.
  5. Use Terminal for interactive shell input and the run-command dialog for non-interactive execution.
  6. View active sessions/history in Sessions.

Test Host Setup (OpenSSH)

On a Linux/macOS host with OpenSSH server:

  1. Ensure sshd is running and reachable from device/emulator.
  2. Create a test account and key auth:
ssh-keygen -t ed25519 -f ~/.ssh/sshdroid_test
cat ~/.ssh/sshdroid_test.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
  1. Add host in app with username/hostname/port and import or generate key as needed.

Jump Chains

  • Chains are ordered host hops assigned to target hosts.
  • The app validates each hop and records hop-indexed failures.
  • Failure details are redacted before UI/log exposure.

Biometric Key Protection

  • Keys can be marked biometric-protected.
  • Protected keys require biometric-approved usage path before connect/export operations.
  • Unlock policy options: always prompt or cache windows (5/15/60 min metadata policy).

Host Key Verification

Per-host known_hosts policy:

  • ASK (TOFU): prompt on first sight.
  • STRICT: reject unknown keys.
  • ACCEPT_NEW: accept first key automatically.

Changed host keys always trigger a high-friction decision prompt and default reject behavior if no decision is made.

Session History

Local-only history includes:

  • host + chain summary
  • start/end/duration
  • outcome and failed hop (if any)

History intentionally excludes command output and keystrokes.

Diagnostics and Redaction

  • Diagnostic logging is explicit and time-limited (30 minutes).
  • Sensitive tokens are redacted (user@host, IP addresses, SHA256 fingerprints).

Log/Data Locations

  • Room DB: app internal database (sshdroid.db)
  • Key blobs: app internal files under files/ssh_keys/
  • UI settings: DataStore preferences (ui_settings)

Deferred Items

  • SFTP browser: deferred, disabled placeholder in UI.
  • Port forwarding (-L, -D): deferred.
  • Full OpenSSH config import/export and backup/restore bundle: deferred.