Ios ssh over usb



SSH over USB using usbmuxd

You can either download a binary and run that or use a python script. The python script is a lot slower than the binary version. On Linux the python method is mostly deprecated, use the binary version provided by libimobiledevice. There is also a newer solution called gandalf.

Using binary

On Windows, ensure iTunes is installed, then download from Google Code. Unzip to a directory of choice.

On OS X and Linux, install usbmuxd from your package manager.

  • Windows: Run path/to/itunnel_mux.exe —iport 22 —lport 2222
  • OS X/Linux: iproxy 2222 22

Connect to localhost -p 2222 as you would over wifi.

If you have multiple devices connected, it may be useful to run multiple instances, specifying UDIDs and ports like so:

Making iproxy run automatically in the background on OS X

  • Install it with Homebrew ( brew install libimobiledevice ).
  • Create the file

/Library/LaunchAgents/com.usbmux.iproxy.plist with the contents:

    Run launchctl load

    /Library/LaunchAgents/com.usbmux.iproxy.plist .

  • You now don’t have to run the iproxy binary every time you want to SSH over USB as the iproxy software is always running in the background.

If you have several devices you can create a daemon with a specific port for each one.

    Create a file in

/Library/LaunchAgents/ but name it using the device UDID, name or an identifier of your choice (like com.usbmux.iproxy.iPhone7,2.plist ).

  • Replace UDID_HERE in the following snippet with the device UDID. The label should be unique and is best to match the filename you used.
    • Run launchctl load

      /Library/LaunchAgents/FILE_NAME_OF_YOUR_CHOICE .

    • You now don’t have to run the iproxy binary every time you want to SSH over USB as the iproxy software is always running in the background.

    Using Python

    Tested on OS X and Windows.

    You will need to have Python installed on your system.

    • Get usbmuxd source package and unpack. (Or if the linked usbmuxd package doesn’t work, try libusbmuxd.)
    • Go into folder python-client
    • chmod +x
    • Run ./ -t 22:2222

    Now you can log into your device via ssh [email protected] -p 2222

    The -t switch tells tcprelay to run threaded and allow more than one ssh over the same port.

    See ./ —help for further options.

    Using gandalf

    Tested on OS X and Linux, each with up to 29 devices connected at the same time. The advantage of using gandalf is that it is written in a functional programming language, which practically means that it won’t give you seg faults and it is actively maintained

    You need to have opam installed, it is OCaml’s package manager.

    On OS X you can do:

    (If on Linux, then get opam via your package manager, details available, Ubuntu users please pay attention, need to use a ppa for opam). It is important that your compiler is up to date, you can check with opam switch, make sure its at least >= 4.02.0

    This will install the command line tool gandalf and an OCaml library.

    The following are a series of usages of gandalf, all short form arguments have long-forms as well and -v can be added at any time.

    1) See with realtime updates what devices are connected

    This will start up gandalf in listen mode, that is it will print out whenever a device connects or disconnects and more crucially it will print out the UDID of each device.

    2) Start with a mapping file which is of the form

    So an example mapping file would be:

    and the gandalf invocation is:

    2.1) You can also daemonize gandalf with the -d flag. *NOTE*: You might need to end up doing that under sudo as gandalf needs to make a pid file under /var/run.

    3) To see a pretty JSON representation of devices and their ports that are currently connected, do:

    4) To reload gandalf with a new set of mappings, do:

    This will cancel all running threads and reload from the original mappings file, so make your changes there.

    5) To cleanly exit gandalf, do: *NOTE* This might require super user permissions.

    Check out the man page, accessible with:

    • Important Notes and Catches

    1) If you are running this on Linux, then you might get issues with usbmuxd having issues when more than around 7 devices are plugged in. This is because multiple threads are trying to call various libxml2 freeing functions. I have a forked version of libplist that usbmuxd uses, sans the memory freeing calls. Its available here. Compile and install that, then compile and install usbmuxd from source. This will leak memory but its not that much at all and I believe it to be a fixed amount.

    2) Another issue you might have is USB3.0. The Linux kernel might crap out on you after 13 devices. This is a combination of the kernel not giving enough resources and the host controller on your motherboard being crappy. The solution to this problem is to disable USB3.0 in your BIOS. To verify that USB3.0 isn’t working check with lsusb

    SSH over USB using the iFunBox GUI (Windows only)

    This feature only exists in the Windows build of iFunBox.

    • Get the latest Windows build of iFunBox and install it.
    • Click on «Quick Toolbox,» then «USB Tunnel.»
    • Assign ports as you see fit.

    SSH over USB using iPhoneTunnel Menu Bar Application (macOS Intel only)

    Theos usage

    Export the following variables in your shell in order to deploy builds to the connected device:

    SSH without password

    Run the following commands one time and you will not be asked to type your password again.

    You must create an SSH key with ssh-keygen if you have not created one. A passphrase isn’t required but still recommended. You can use ssh-agent as described here to keep the passphrase in memory and not be prompted for it constantly.

    Then run the following command: ssh-copy-id [email protected]_IP

    On OS X, ssh-copy-id will need to be installed with brew install ssh-copy-id .


    How to SSH to a Jailbroken iOS Device over USB

    I recently had to set up testing against our Akamai Staging environment which uses a different IP address than production. This required me to get a new MacBookPro that would support the latest version of MacOS, as well as the latest version of Xcode, just so that I could have sudo access to change add an entry in /etc/hosts in order to build the application from source and run it in the iOS simulator (since the Simulator doesn’t come packaged with the iOS AppStore). Then I had to carry around another computer in my backpack simply because I refuse to separate from Arch Linux and i3-gaps (which can perfectly emulate the Android version without issues), but I digress…

    I quickly realized that since I have a jailbroken iPhone, which is required for SSLKillswitch in order to pentest iOS mobile apps that use HPKP (otherwise known as certificate pinning or SSL pinning), it would be much easier to just carry that device with me and have a hosts entry on that device since it always has access to the iOS AppStore…and iPhones weigh much less than a 17″ MacBookPro. Mind you, I came up with this idea after virtualizing MacOS Mojave on my ESXi host, which stole the majority of the RAM, just so I could run an Appium login script against the simulator remotely over SSH. A great idea in theory, but a pain in the ass in practice.

    So finally after charging this iPhone 6 running the vastly-outdated iOS version 9.2, and then after regaining my old Yalu jailbreak via some sort of nasty Mobile Safari workaround, I opened up the iOS Terminal app installed from the BigBoss Cydia repo and realized I didn’t have vim , vi , nano , or any editor installed, whatsoever. Before realizing I was an idiot and could simply echo -e the host entry and append it to /etc/hosts , I decided that “my fingers are to big for this shit,” and decided to SSH into the phone instead. That’s when I remembered that the Yalu jailbreak uses Dropbear or something instead of OpenSSH and for whatever reason only listens on localhost. I had to do something about this, and my thumbs were not prepared for all of the sed work involved in /etc/ssh/sshd_config , so I decided to re-figure out how I had SSH’d to my iPhone over USB the last time I decided to do this, and this time, I would document the process. Since I regularly run both Linux and MacOS, I will handily-dandily document the process for using both.

    Note: This is not just practical for a stupid implementation of SSH that only listens on localhost — it also comes in handy if your iPhone is not available over the network or you happen to be in a “what happened to the WiFI” situation.

    Using MacOS

    If you don’t have Homebrew installed, what’s wrong with you? Go ahead and install that lifesaver:

    Then install libimobiledevice view Homebrew:

    Hook your jailbroken iPhone up to your Mac via USB, agree to the popups asking for trusted access to the device, yada-yada, and then open a couple of terminal tabs.

    In the first tab, run the following command:

    In the second tab, go ahead and SSH to your device via your newly-accessible localhost port 2222:

    If you are feeling like a superuser and want to go to the trouble of killing the iproxy process later on or just letting that sucker run until the next reboot, the steps above can be achieved by running both commands in a single tab or window like so:

    ^ Also note that you can never have enough output redirection to /dev/null if you’re like me and always forget which side of the parenthesis to put that mess on and don’t want the output of the iproxy command cluttering up your SSH session. Feel free to remind me in the comments since I feel like it would be a valuable waste of Googling time.

    Using Linux or Windows

    Plug in your iPhone and agree to all the annoying pop-ups.

    Install the requirements:




    • Install iTunes
    • Install Git
    • Install Python2 or Python3 via Cygwin or ActivePython

    If you use ActivePython, YMMV. It will work, but you may have to tweak a couple of my instructions below. On most of my Windows machines, I actually maintain separate installations of ActivePython2, ActivePython3, as well as installations of python2 and python3 installed via Cygwin. They all have their special use cases. It helps that you can also install Git via Cygwin, and the syntax below may be slightly different, but I trust you to figure it out. Don’t even talk to me about Windows Subsystem for Linux (WSL). Get out of here with that mess. Cygwin FTW.

    Clone the Git repo

    The utility you will be using requires Python 2.7. So if you are still living in 2007, that shouldn’t be an issue. Otherwise, you’re going to need to explicitly specify it in your command if your default is Python3. I actually forked the repo and tried to convert the code to Python3, but the strings-to-bytes conversion is ridiculously manual and time-consuming.

    Edit: I actually succeeded in resurrecting this decade-old project and now personally maintain the only version (to the best of my knowledge) that is compatible with both Python2 and Python3 and works on all versions of Linux, MacOS, and Windows! You can check out pyusbmux here on GitHub !

    In another terminal tab or window, now you can SSH to your USB-connected iOS device:

    Final steps

    Actually, that’s really all there is to it. If this is your first time SSH’ing into your iOS device, you’ll obviously want to run passwd to change the root password from alpine to whatever you want. Happy SSH’ing in niche situations!


    How-To: SSH to iPhone Over USB (OSX Only)


    macrumors 6502a

    EDIT: DiskAid is far far easier. Ignore the rest of this tutorial.

    Disclaimer: Technically you’re not SSHing. You’re just making a USB connection that accomplishes the same thing.

    So anyhow, I had a need for this setup due to a really complicated WiFi situation that made SSHing a huge ordeal. So here we go!

    1. Download and install:
    Disk for iPhone
    Then restart your computer.

    2. Plug in your iPhone.

    3. Open Disk for iPhone. Media will show up on your desktop.

    4. Click on the Disk for iPhone icon in the status bar and select root.

    (Yeah, I know, pic taken from their site because I’m too lazy to go make screenshots and this is pretty dead simple)

    5. Root will show up. Now the slightly tricky bit is that Aliases within the root directory do NOT work. So, go to the following: private/var/stash. Or, with root mounted, open Finder, click Go on the status bar and select Go to Folder and copy and paste «/Volumes/Root/private/var/stash.»

    The stash folder is where you’ll find Applications and Themes, among other things. While there are other things you can do with SSH those two are by far the biggest ones.

    And there you go, that’s all there is to it. Quick protip so you don’t have to bother with folders though: If you make an alias to the stash folder and put it on your Mac somewhere, all you have to do is connect the iPhone, start Disk for iPhone, select root, and double click on the alias to get where you need to go.


    macrumors member


    macrumors 6502a

    Bear Hunter

    macrumors 6502a


    macrumors 6502a


    macrumors newbie

    hey me too, i was trying to do the mobile installation thing, and it crashed, i have to restore it


    macrumors 6502


    macrumors member


    macrumors member

    I messed with both, DiskAid was much easier, faster, seems more stable/secure, and it doesn’t require a restart.

    However, MacFuse is free and DiskAid is only a 14 day demo.

    I’d rather pay for the easy stuff.


    macrumors newbie


    macrumors 6502a


    macrumors 6502a

    Does DiskAid actually let you modify permissions on folders and files?

    If not its just a file viewer and not SSH


    macrumors regular


    macrumors newbie


    macrumors 68000

    What a waste of time that other junk is.


    macrumors newbie

    The real solution

    Until novi’s iphone tunnel works again.
    (Obviously, works only if you have SSH or another server installed on your iPhone/iTouch.)

    1. Download iPhoneSSH.tar.bz2 (

    25KB) from here:
    (MD5: 9cd9253f1170587bc00d9f87e12402d8)
    Download the latest usbmuxd distribution from here:
    Abort, Retry, Hack? usbmuxd
    2. Unpack to a convenient location (you just need the «python-client» folder if you downloaded the usbmuxd distribution)
    3. Open terminal, change directory to the python-client-folder and type:
    python -t 22:2222 &
    (the -t is for threaded-mode, meaning that you will be able to open more than one session/forward more than one port (as shown below))
    4. Now open Fugu or another terminal session and connect to localhost @ port 2222 i.e. like this:
    ssh -p 2222 root@localhost

    Enjoy SSH over USB!

    Additional info in the author’s words:

    Drop Héctor Martín Cantero a line saying thanks for those here:

    Tested and confirmed working on 10.6.2 and iPhone 3.0-JB.


    macrumors newbie


    macrumors newbie

    I just did things phonique’s way and I can SSH like it’s nobody’s business (plus it’s way faster). However, I can’t seem to copy files back and forth. When I use scp I’m asked for a password that isn’t any of the ones I use. Does anyone know what’s going on?

    Nevermind, the answer was in the man pages all along. Anyone that’s having the same problem should note that «scp -P» is what should be used, not «scp -p». Excuse my n00bishness.

    macrumors newbie


    macrumors 68040

    What a waste of time that other junk is.


    macrumors member

    ssh via usb iphone mac osx python terminal cydia openssh


    Читайте также:  Команды для терминала linux mint xfce
    Поделиться с друзьями