Create an SSH tunnel in Android with JuiceSSH

JuiceSSH is a full SSH terminal client for your Android phone. After installation you only have to create a profile of the remote server by entering its IP, port number, username and password and tapping on it once to quickly establish a connection with a Linux terminal opening up. Settings can be synchronised across multiple devices and identities reused in servers but it is a good security practice to have a unique username and password for each connection, the possibility of reusing identities should not be even there in my humble opinion as it encourages lazy security.

You should also set up a private key file with your password, when you set up a private key something you know, the password, with something you own, the private key, are needed to log in, this stops malicious hackers from brute forcing their way into the server or sniffing out your password. Double authentication raises security considerably since it is much more difficult to steal a key than it is to guess or intercept a password.

Android SSH tunnel JuiceSSH
Android SSH tunnel JuiceSSH

The downside I found on this app is that by keeping a record of your SSH credentials if anyone gets access to your phone your remote servers will also be compromised, the only way to erase passwords and private keys is by completely erasing the identity altogether. This is too much of a danger to bear, sysadmins keep all kind of valuable data on servers you can’t risk giving easy access to crooks, it could even lead to a sysadmin being fired from his job if a serious security incident occurs because he lost his phone with root usernames and passwords.

The Pro version of JuiceSSH encrypts settings with AES256-bit, that is acceptable security and changes the rules of the game, JuiceSSH Pro version has other nice features like terminal colour themes, a security lock activated after inactivity period and easy port forwarding set up, which could be used to set up an SSH tunnel in your Android browser to hide your smartphone IP when browsing the Internet.

I liked the app design and features but server credentials storage in clear text on the phone was a deal breaker for me, and since I only use SSH tunnels occasionally I can not justify the expense of having to buy the Pro version to plug that security hole. I can easily put up with less features in the free version, like not having a coloured Unix terminal, but I definitely can not put up with less security, since it was to either pay up or give up, I am now using Connectbot SSH for Android instead.

Visit JuiceSSH in GooglePlay