digg

Facebook Connect Join Digg About

Slick iPhone SSH client

churchturing.org A slick web 2.0 SSH client for you iPhone with that nice iPhone look and feel. Give it a try. Works great in a normal web browser too. Contains helpful security tips.

Who dugg this? Made popular Jul 19, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

157 Comments

show profanity settings
expand all
  • tnoy, on 11/11/2007, -16/+227Yeah, I'm really going to trust some random website with something like this.
    Its not a bad way to harvest login/pw from stupid people.
  • ravan46, on 10/30/2007, -3/+110Hopefully all the competent people will only get so far as the hostname before thinking "Wait a minute..."
  • jull1234, on 10/11/2007, -14/+63Sweet, now I can reboot my web server like Maddox.
  • RyeBrye, on 11/02/2007, -8/+51Sweet - it even lets me upload my private key so I can connect whenever I want without using a password! Great! :)
  • TheRealToma, on 10/11/2007, -2/+42Next up, ¨Credit card application for iphone!!!¨
  • cozinator, on 10/11/2007, -2/+38I've never seen such a large collection of people who didn't get the joke.
  • sonicvanajr, on 10/11/2007, -28/+64Send your SSH username and password through some random person's website.

    Ah, the genius of iPhone/Mac users shows itself once again
  • optize, on 10/11/2007, -2/+38It's a joke, people calm down.
  • KibibyteBrain, on 10/11/2007, -4/+33Yeah, its really awesome...that is, for an SSH client that sends my SSH usernames and password, albiet encrypted through the Internet, to a 3rd party I don't really know or trust. Thats a great idea. SSH clents are not really a good tool to go web based.
  • uncleLeo, on 10/11/2007, -6/+33view the page source
  • deadbaby, on 10/19/2007, -8/+33Funny site however it would be entirely safe to do this using HTTPS hosting the site on your own server.
  • Trinitrogen, on 10/11/2007, -2/+22Have you STILL not figured out the joke yet?
  • SnugglesGuy, on 10/11/2007, -9/+26ctrl+u

    "function idiot() {
    alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
    }"
  • archlich, on 10/11/2007, -1/+17You are sending... your passwords... to... another... untrusted... computer...

    Slower?
  • jesuscampos, on 10/11/2007, -7/+23Hey! Why are you logged on to my server?

    I wonder how they got my account info?


    Cool App, but if you want really want users to use it, give the code away.
  • Pepper, on 10/11/2007, -1/+16I love it how the above comments are so defensive. Just by looking at the HTML source you can tell it's not for real.

    function idiot() {
    alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
    }
  • trogdoor, on 10/11/2007, -4/+19That's the point and you just blew the joke.
  • xpose, on 10/11/2007, -6/+19 alert ("You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything");
    window.location.href = "http://applepedia.com/IPhone";
  • NSResponder, on 10/11/2007, -1/+13Why do you assume that anyone has fallen for it?

    -jcr
  • brundlefly76, on 10/11/2007, -1/+13anyone who submits their ssh login credentials in a web form to anyone is a moron, has nothing to do with iphone.
  • WiseWeasel, on 10/11/2007, -1/+13Yes, everyone should avoid using this through an untrusted server. You can get the code to run this yourself securely on your home computer here:
    http://www-personal.umich.edu/~mressl/webshell/
    That site seemed to be down when I last checked, so here's the google cache:
    http://72.14.253.104/search?q=cache:23cA-2-an0QJ:www-personal.umich.edu/~mressl/webshell/

    If properly set up on your personal computer, this can be a secure and powerful tool, but DO NOT EVEN THINK of using this tool running on random websites!
  • r3zonance, on 10/11/2007, -0/+11No, because it isn't submitted, it calls a nice javascript alert box.
  • Powerdrift, on 10/11/2007, -1/+11Has no one actually submitted the form or something? o_O
  • Powerdrift, on 10/11/2007, -0/+9You can just leave the contents of the fields as is (fake info) and hit submit you know :P
  • fluxion, on 10/11/2007, -1/+10the code is freely available. it's a javascript popup telling you you're a dumbass, which im sure has many possible uses on the intrawebz.
  • goughy000, on 10/11/2007, -1/+10it doesn't really harvest your user names and passwords, if you look at the code it doesn't even post any of the data to any site, its just a redirect..
  • Draicone, on 10/11/2007, -2/+10I know, its brilliant! I especially love the 'session save' feature, where you can upload your private key and bind all your login details to it, then save it as a publicly accessible, searchable, indexed login profile so that you can login from anywhere without any authentication whatsoever! A new dawn in flexibility!
  • loginx, on 10/11/2007, -0/+8Just leave all the field values as their default and click submit to see what it did. That's what I did.
    All it does is show you an alert box that tells you how stupid it is to send ssh creds through a web-app...
    Sorry for the spoiler.
  • tdous, on 10/11/2007, -4/+12In the source code of the page is a javascript alert message saying "You're an idiot! Don't trust Web2.0 with your iPhone! You'll lose everything".

    This has already been commented but since the commenters didn't bother to explain very well what they were talking about for readers who maybe don't, don't know how to or wouldn't know what they were looking at if they did view the page source.

    PSA : Stay away from ***** like this!
  • praisethelard, on 06/06/2008, -3/+11Or just look at the source of the page.
  • heavyd14, on 10/11/2007, -4/+11Yeah, cause SSH works off line real well.
  • handler, on 10/11/2007, -18/+25Nice server harvesting tool, he probably saves all the info that is submitted.
  • inactive, on 11/11/2007, -0/+7What? No spot for my credit card / social security numbers? This is clearly fraudulent.
  • pivovy, on 10/11/2007, -2/+8Looks like some creative and angry iPhone owner didn't like his report
  • Draicone, on 10/11/2007, -0/+6Hopefully. It should be pretty bloody obvious. The JS function is visible above the fold (in view-source) even on 800x600.
  • joephish, on 10/11/2007, -1/+7that wouldn't work using any ssh client working from a remote machine
  • inactive, on 10/11/2007, -10/+16You could easily prove the site was acting in bad faith by setting up a honeypot for a certain username and password on your server, which would only be provided to this site. If someone besides you logs in with that account, you've got your proof.
  • Konstantino, on 10/11/2007, -1/+6Too bad you didn't actually try to use it...
  • wheresaldo, on 10/11/2007, -8/+13HTML+AJAX are not real iPhone applications, no multi-touch, no integration with OS or hardware, no off-line capabilities.
  • 808kick, on 10/11/2007, -0/+5Learn to internets
  • Draicone, on 10/11/2007, -1/+6I'm assuming the guy /actually/ wanted to input his SSH login details into an insecure website. Should we ban him from digg on grounds of principle? =P
  • deadbaby, on 10/11/2007, -2/+7^^ Because fits his preconceived notions nicely. Reality distortion fields work both ways.
  • Jericon, on 10/11/2007, -9/+14We need to bury this...
  • ferggo, on 11/11/2007, -0/+5I was going to view the page source to see how the hell they were doing this, and I was very well rewarded. Totally classic!
    I wouldn't have dugg it if I hadn't looked at what it *really* does!
  • BodhiGeek, on 10/11/2007, -0/+5Hell no! Though, I did check out the source. :-) I would hope anyone savvy enough to use SSH would have the sense not to trust ANYONE with their login credentials. Probably not, though. ;-)
  • Erroneus, on 10/11/2007, -1/+6Actually the site owner can now reboot your web server...
  • Draicone, on 10/11/2007, -1/+5Remember Jobs said that iPhone apps would operate via Safari? Thats what it is.
  • megooz, on 10/11/2007, -1/+5Maybe the fact that there's absolutely no data sent. Just look at the source, do you see a 'POST' command?
  • fluxion, on 10/11/2007, -0/+4i got as far as the username, and was like "hmms0rz, i must be a retard!"
  • rastakid, on 10/11/2007, -0/+4Did you even gave it a try (with fake data ofcourse ;))? It just throws you an javascript.alert telling you not to trust web 2.0
  • Fetching more discussions...
    Show 51 - 100 of 157 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.