Unable to ssh root@localhost on jailbroken iPad with iOS 8.1

I jailbreaked (not for pirates) my iPad 4 (iOS 8.1) several weeks ago and found it unable to ssh [email protected] via Prompt 1 or 2 on iPad. Even I cannot connect via LAN IP (e.g. 192.186.X.X). However, there's no problem if I ssh root@LAN IP on my iPhone or Mac in the same LAN.

By the way, I was able to ssh root@localhost on jailbreaked iPad when it was running iOS 6.1. It is also okay if I have already ssh logged in to iPad on my Mac, and ssh [email protected] again.

The output of netstat on iPad:

Surface-Pro:~ root# netstat -an|grep .22  
tcp4       0     28  172.22.29.64.22        172.22.26.158.47927    ESTABLISHED  
tcp4       0      0  172.22.29.64.50293     17.110.228.29.5223     ESTABLISHED  
tcp4       0      0  *.22    

Does anyone know the reason that iPad cannot connect to itself in apps? (Maybe sandbox/containers model has been changed since iOS 8?)


A much better alternative than to run Prompt as root, is to create another sshd instance listening to a port above 1024.

In this example I have used port 10022.

  • Copy /Library/LaunchDaemons/com.openssh.sshd.plist to /Library/LaunchDaemons/com.openssh.sshd2.plist
  • Change the Label and the SockServiceName in com.openssh.sshd2.plist by appending 2 to ssh / sshd:

    • com.openssh.sshd -> com.openssh.sshd2
    • ssh -> ssh2
  • Add the following lines to /etc/services:

ssh2              10022/udp     # SSH Remote Login Protocol
ssh2              10022/tcp     # SSH Remote Login Protocol

Differences for iOS versions:

iOS 12.1.2 / unc0ver, iOS 13.3.1 / checkra1n:

  • from this answer choice #2.
  • copy the plist as above, but change the SockServiceName in com.openssh.sshd2.plist from ssh to simply the new port number 10022. The section will look like this:
<key>Sockets</key>
<dict>
   <key>Listeners</key>
   <dict>
      <key>SockServiceName</key>
      <string>10022</string>
   </dict>
</dict>

iOS 12.4 / chimera.sh

  • don't copy the plist file
  • instead, edit /etc/ssh/sshd_config as root. Details from this article
  • remove the comment in front of Port 22
  • add another line beneath for Port 10022

All iOS versions:

  • Reboot the device (or launchctl load com.openssh.sshd2.plist if you do not want to reboot)
  • Connect via port 10022 instead of 22

If you have installed bash, coreutils and sed you can automate it with this script:

#!/bin/bash
cd /Library/LaunchDaemons
cp com.openssh.sshd{,2}.plist
sed -i'' '/<key>Label<\/key>/{N;s/sshd/sshd2/}' com.openssh.sshd2.plist
sed -i'' '/<key>SockServiceName<\/key>/{N;s/ssh/ssh2/}' com.openssh.sshd2.plist

cd /etc
if ! grep ssh2 services; then
    cat >> services <<EOF
ssh2              10022/udp     # SSH Remote Login Protocol
ssh2              10022/tcp     # SSH Remote Login Protocol
EOF
fi

The reason is because iOS 7 and 8 sandbox the apps from the App Store. The easiest workaround is below (adapted from http://blog.funroll.co/ios-7-jailbreak-enable-ssh-to-localhost)

  1. Install OpenSSH via Cydia
  2. Get on the same wifi network as your Mac
  3. Grab your IP address from Settings -> Wifi -> (i) icon
  4. Open Terminal on your mac and ssh root@
  5. Default password is alpine. Use passwd to change if you haven't yet
  6. set a login password for the mobile username if you haven't yet

    passwd mobile

  7. go to the Application directory

    cd /var/mobile/Containers/Bundle/Application/ <-- iOS 8

    cd /var/mobile/Applications <-- iOS 7

  8. find Prompt!

    ls ./*/*/Prompt*

    This will give you something like

    ./3EE7B167-AF7B-497B-9C8E-EAC96F4AF0D9/Prompt 2.app/Prompt 2

  9. move Prompt!

    mv "./3EE7B167-AF7B-497B-9C8E-EAC96F4AF0D9/Prompt 2.app" /Applications/

    (Use your own path, instead of 3EE7B167-AF7B-497B-9C8E-EAC96F4AF0D9)
    You may also chown root:admin -R /Applications/Prompt\ 2.

  10. Go to the home screen of the device and delete the icon for Prompt
  11. Reboot by holding home and sleep/wake until you see the Apple icon
  12. ssh back into the device using ssh mobile@(your-ip-here). (Use the password you created in step 6.)
  13. Run uicache: su -c uicache mobile
  14. Go back to the home screen and launch Prompt (if it does not let you connect to localhost, reboot the device again)
  15. Enter the ip as 127.0.0.1 or localhost, username root or mobile as per your preference. I use root so I don't have to sudo excessively.
  16. Connect and enjoy a high quality user experience ssh'ing to localhost
  17. Use Panic Sync to restore your settings (keys and servers)!