Distributing SSH keys with iPhone app
I have an iPhone app which needs to securely connect back to our hosted environment. It is doing this using SSH, and then uses port forwarding to connect to localhost:port which is really a service running on the host.
Currently the way I have the proof of concept working is by including the certificates (private and public) in the app, and then connecting by SSH to the host.
This means that passwords do not need to be distributed, however is this good practise? Should the private key be included with the app?
If not, how should I do this without distributing passwords, and what should I include?
Distributing the password or distributing the private key are exactly the same thing and both are generally no-nos.
You haven't given us enough info on what you're actually trying to do, but it sounds to me like you're take a very convoluted approach to what is most likely a solved problem. If your iPhone app needs to communicate with the server, then you should, at the very least, have each iPhone app generate its own private/public key combo and add their public key to your authorized users on the server out-of-band, as that way you can selectively revoke access for individual users.