Distributing SSH keys with iPhone app

I have an iPhone app which needs to securely connect back to our hosted environment. It is doing this using SSH, and then uses port forwarding to connect to localhost:port which is really a service running on the host.

Currently the way I have the proof of concept working is by including the certificates (private and public) in the app, and then connecting by SSH to the host.

This means that passwords do not need to be distributed, however is this good practise? Should the private key be included with the app?

If not, how should I do this without distributing passwords, and what should I include?

Answers


Distributing the password or distributing the private key are exactly the same thing and both are generally no-nos.

You haven't given us enough info on what you're actually trying to do, but it sounds to me like you're take a very convoluted approach to what is most likely a solved problem. If your iPhone app needs to communicate with the server, then you should, at the very least, have each iPhone app generate its own private/public key combo and add their public key to your authorized users on the server out-of-band, as that way you can selectively revoke access for individual users.


Need Your Help

import custom xml file to magento

xml magento

I have an xml file that contains in products.

How to use javascript to hide and let divs reappear

javascript jquery html css css3

I am trying to make webpage where there is a div in the center which is being changed, instead of going to different pages.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.