SecureBox Pro

Secure shell application, terminal screens and auxiliary commands for Android OS

SecureBox Pro Icon

Tip: to display enlargeed screenshot
hover over small images!

Documents </>

User Guide </>

(release 3.1.0)

[session screen] [session screen]

Introduction </>

When launched application shows screen with sessions. Also it starts session service with notification. Session service remains active until user "Exit" from application.

Each application screen uses action bar that displays activity title.

"Session" screen, as main application activity, uses action bar that shows "drawer" button used to open application navigation menu. Other screens use "Up" navigation button to return to parent activity.

Application uses "toasts" to provide feedback about operation in a pop-up window usually located in bottom right part of screen. For example a "toast" is shown when user switch between terminal screens.

[navigation drawer] [navigation drawer]

Navigation </>

Navigation menu is hidden by default. It appear when is touched the drawer icon in the action bar on top of the "Session" screen. Also it appear when user swipes a finger from the left edge of the screen.

Header of navigation menu contains application logo, title and e-mail contract address. Tap on logo or title opens application web-site and tap on e-mail address opens e-mail application. Note that system my ask user to choose between existing applications that support browse or mail functionality.

Content of navigation consist from following items:

  • Connections
    This item starts "Connections" activity. Activity manages list with predefined connections - create, update or delete. It allows user to open a terminal screen with a secure shell session based on connection parameters.
  • Sessions
    Item is activated when user opens a terminal screen to handle a terminal session. It is deactivated when all terminal screens are closed. Each sub-item allows user easily to switch to respective terminal screen.
  • More
    • Identities
      This item starts "Identities" activity. Activity manages list with user identities (keys) used in public key authentication.
    • Console
      This item starts a new terminal screen with local console session.
    • Known Hosts
      This item starts "Known Hosts" activity. Activity allows user to view and delete information for remote host keys used in connections.
    • Settings
      Item starts "Settings" activity. Activity allows user to set application preferences like size of text displayed in terminal screen and etc.
    • Exit
      Item is active only if all terminal session screens are closed. Exit action first stops session service and respective notification and then closes application itself.
[notification] [notification]

Notification </>

Notification message shows number of open sessions and allows user easily to switch to application.

[connections] [connections]

Connections </>

Connections activity allows user to manage list of predefined connections. Floating button [button add] at bottom right part of screen is used to define parameters of a new connection in separate activity "Connection Details".

Each connection is listed in separate card. Card displays connection name (alias) and important parameters in secure shell "URI" format. Button [button more] at top right part of card opens a popup-menu:

  • Details
    This item starts activity "Connection Details" to update parameters of connection. Also activity is started if user tap card.
  • Connect
    Item opens a new terminal screen and starts secure shell session using parameters specified by connection. Also session is started if is performed long-click on card.
  • Delete
    Associated action is to remove connection after confirmation.
[basic connection details] [basic connection details]

Connection Details </>

Activity allows user to define parameters of a connection identified by its alias. Screen is separated in two input sections. Floating button [button save details] at bottom right part of screen view is used to save parameters of connection.

First input section is for basic parameters of secure shell URI of the form ssh://user@host[:port] :

  • alias: unique connection identifier.
  • user: name to log in on remote machine.
  • host: host name to log into as numeric IP address is also permitted.
  • port: port number to connect on the remote host, by default 22.

Optionally also user could choose identity (public key) from list of existing ones or to create new one. If identity is not specified only password based authentication will be tried.

[expert connection details] [expert connection details]

Second input section of screen is used to defined additional parameters of connection. Each parameter consist of keyword-argument pair. "Empty"-parameter, i.e. parameter without argument cannot be used in secure shell session.

Button [button more details] is used to expand section with expert (extra) parameters. If expanded button [button less details] could be used to collapse section. Remark: By default an "empty"-parameter is added when section is expanded and if connection is without extra parameters.

Button Add line adds new "empty"-parameter. The parameter keyword is selected from drop-down list. Right to the list is button to delete parameter. Entry box below keyword is used to enter argument of parameter. Remark: Empty parameters are not stored.

Button Help at bottom end of section opens ssh_config(5) manual page for consultation.

Sessions </>

A new session is opened either from "Connections" screen (secure shell) or from "Navigation" menu (console). Each session is displayed in separate terminal screen. Terminal screen responds to tap(click) events and swipe gestures. Single tap shows/hide "soft"-keyboard. Single tap in top right part of screen shows "close" button. Swipe from left part of screen opens "Navigation" menu. Horizontal finger gesture "switch" between terminal screens. Terminal screen supports context menu activated on long-click.

[session login] [session login]

Session login </>

When a connection is performed for first time secure shell programs requires confirmation. On session screen is printed information for remote host - type of the key and key fingerprint represented by its SHA256 hash value. User has to confirm authenticity of remote host before session to continue. Session terminates if user refuse to confirm. Upon successful confirmation (user input is "yes") information for remote host key is stored in "Known Hosts". After authenticity session continues with user authorization process. Remark: On subsequent connections is used stored authenticity information and confirmation is not required.

[session exit] [session exit]

Session exit </>

When remote (secure shell) or local (console) session exits, terminal screen remains active. On screen is printed a separator line <<<<<>>>>> followed by line with information about exist status (code) of session. For instance if exit code is non-zero, by example 7, message is: session finish with error: 7 .

In the same time in top right part of the screen is activated "close"-button. It closes current terminal screen and activity is switched to next one. Remark: Button could be activated at any time when user taps on top right part of screen. If session is active taps outside hides button.

[session context menu] [session context menu]

Session context menu </>

This menu appears when the user tap and hold (performs a long-click) on terminal screen. It is as a floating list with following menu items:

  • Clipbar
    With this item terminal screen enters in "clipbar" action mode (see below).
  • Toggle Keyboard
    Item show/hide soft-keyboard.
  • Paste Script
    Item activates action to obtain script content. Content is pasted on command line.
  • Send Function-key
    Activates mode for input of "function" keys. Similar to Vol-Up.
  • Send Control-key
    Activates mode for input of "control" keys. Similar to Vol-Down.
  • Help special keys
    Displays screen with help information for "Function" and "Control" keys.
    Remark: For more details see chapter special keys below.
  • Toggle Wake lock
    Dynamic menu item to acquire or release CPU wake lock. Use if you needed to keep CPU running.
  • Toggle Wi-Fi lock
    Dynamic menu item to acquire or release Wi-Fi lock. Use if you would like Wi-Fi not go to power save mode.
[session clipbar] [session clipbar]

Session clipbar </>

In "clipbar" action mode at the top of the screen is displayed contextual action bar. Each action is represented by its icon. Tap on icon activates it and long tap shows action label. All these "clipbar" actions allow user to manipulate text on the screen:

  • Select text
  • Copy all
  • Paste

Back button exits screen from "clipbar" mode.

Session special keys </>

Device volume buttons ("Down" and "Up") change how terminal process key events. These buttons allows user to enter "Control" and "Function" keys.

One button press changes mode and on screen is displayed "hint"-character: > for "Down" and < for "Up". Then press of keyboard button enters special key according table below.

Two consecutive presses of volume button "toggle" mode. On screen is displayed filled "hint"-character: ▸ or ◂ respective. Then each press of key enters a special character. Next press of volume button stops "toggle" mode.

Table with all special keys:

Vol-Down
+
Space Control-@   (NUL)
A..Z Control-A..Z
5 Control-]
6 Control-^
7 Control-_
9 F11
0 F12
Vol-Up
+
1..9 F1-F9
0 F10
W Up
S Down
A Left
D Right
Vol-Up
+
I Insert
X Delete
H Home
F End
P PageUp
N PageDown
Vol-Up
+
T Tab
L |   (pipe)
U _   (underscore)
E Control-[   (ESC)
. Control-\

Sample: four time enter of left arrow - Vol-Down(enter "control" mode) Vol-Down(toggle "control" mode) A(left) A(left) A(left) A(left) Vol-Down(exit "control" mode).


Hint: map between keyboard "arrow"-keys and respective special keys:

 ↑  = Vol-Up+W
= Vol-Up+A = Vol-Up+D
 ↓  = Vol-Up+S

[session switch] [session switch]

Session switch </>

Displayed terminal session screen could be changed either from navigation menu "Sessions" or with horizontal finger(swipe) gesture. In latter case swipe gesture zoom out current screen and zoom in next one. A short living message (toast) informs user for number of terminal screen.

[identities] [identities]

Identities </>

Identities activity allows user to manage list with user private keys (identities). Activity could be started either from navigation menu or from activity "Connection Details" when user choose item "<create>" from "Identity" list. Floating button [button add] at bottom right part of screen is used to create a new identity. On tap it opens pop-up button list. Each button correspond to storage model. Identities stored on file system are password protected while device key store requires device to be protected. Each button starts respective activity - "Identity Details" or "Identity Device".

Each identity is listed in separate card. Card displays identity name (alias) and information for identity: icon that shows where is stored identity, key type as part of algorithm used in secure shell public-key authentication, bits for RSA keys or curve for EC keys. Button [button delete identity] at top right part of card deletes identity after confirmation. It is displayed only if identity is not used yet. Below button, enclosed in braces, is displayed number predefined connections that use identity.

[identitity details input] [identitity details input]

Identity Details </>

Activity allows user to generate a new identity for use in secure shell public key authentication or to display information for existing one. Remark: For existing identities only name is modifiable if is not used in a connection.

Generation of new identity supports following key types: EC, RSA(default), ED25519 or DSA. For EC and RSA identity user could choose strength of key. In case of EC strength is selected either from draggable thumb or from list with supported curves: P-256, P-384 or P-521. For RSA identity strength is selected either from draggable thumb or from list with predefined bits of key: 2048, 3072(default), 3840, 4096, 6144, 7680 or 8192.

Button Import starts process "Import Identity".

[identitity details password] [identitity details password]

Floating button [button generate identity] at bottom right part of screen view is used to generate identity.

Remark: For security reasons empty passwords is not allowed. It is required password to contain combination of upper and lower case letters, and numbers, and punctuation marks with minimum length of 5 characters.

When pressed activity starts generation of private key, button disappear, modification of key attributes is disabled, and until end of operation is displayed circular progress bar.

Remark: Key generation is time consuming operation.

[identitity details extras] [identitity details extras]

After successful generation on screen is displayed key fingerprint computed using SHA256 hash algorithm and visual ASCII "art"-image representation. Button Export starts activity "Export Identity".

[identitity device input] [identitity device input]

Identity Device </>

Activity allows user to generate a new identity for use in secure shell public key authentication or to display information for existing one. Generated identity is self-issued X.509 certiticate. Remark: Existing identities are not modifiable.

Generation of new identity supports following key types: EC(default), or RSA. For EC and RSA identity user could choose strength of key. In case of EC strength is selected either from draggable thumb or from list with supported curves: P-256, P-384 or P-521. For RSA identity strength is selected either from draggable thumb or from list with predefined bits of key: 2048, 3072(default), 3840, 4096, 6144, 7680 or 8192.

[identitity device extras] [identitity device extras]

After successful generation on screen is displayed distinguised name, key fingerprint computed using SHA256 hash algorithm and visual ASCII "art"-image representation. Button Export starts activity "Export Identity".

Import Identity </>

When import is started from "Identity Details" is displayed dialog with supported formats: PKCS#8, PKCS#12 or Legacy. After confirmation is stated activity for selection of file containing identity and then user is prompted for import password if necessary.

Remark: Third party application could "send" identity for import.

[identitity export formats] [identitity export formats]

Export Identity </>

To use an identity in secure shell authentication process public part must be known on remote host. The goal of activity is to prepare public part (key) in format recognizable by remote side (server). Second step is to share (send) public key with responsible party using application selected by user. Export supports following formats:

  • Standard
    Extracted file is in text-format encoded as is specified by "RFC 4716 (The Secure Shell (SSH) Public Key File Format)". All secure shell implementations must support import from this format.
  • PKCS#8
    Extract is PKCS#8 format using PEM (text) representation. Useful if remote end is able to process such format. This format is more universal. Some implementations may use it directly, for instance PKIX-SSH.
  • Legacy
    This is historic binary format that represent public key as base64 encoded blob (a specific ssh format). Some implementations could import from this format.

[share identitity] [share identitity]

Process starts when user tap button Extract It finish with status message displayed at bottom right part of screen. When extract process succeed list with possible applications that could process extracted content is build. On application bar is displayed share button [button share]. Tap on it opens applications list (device dependent). If action is already used right to button is displayed icon of application last used to share public key. Usually e-mail applications send properly public key. File management applications could be used to store it on SD-card.

[known hosts] [known hosts]

Known Hosts </>

"Known Hosts" file contain identification (host public keys) entries for all hosts that client has ever been used in sessions. Information for remote hosts is managed per connection alias. Each entry is displayed in separate card. User could remove an entry when taps trash-can button at top-right part of the card. After remove at bottom-right part of screen is displayed save button [button save known hosts]. To confirm removal user has to save modifications (tap button). A short living message is displayed to confirm save. Remark: Returning back without to save ignores all pending changes.

[host key change] [host key change]

Remark: Client uses strict host key checking model with confirmation. New entry is added automatically to the file only if user confirms authenticity of remote host (see Session login for details). On subsequent connections host identification is checked against stored entries. If host key ever changes client refuses to connect. In such case on terminal is printed warning message and session exits with error code (see image at right). Only after verification that host identification is changed and knowing new identification user could remove entry for respective connection. On next connection user has to confirm new host authenticity.

[settings] [settings]

Settings </>

Application settings allows user to define some screen preferences:

  • Text size
    Item allows user to choose height of characters displayed in terminal screens. Height (font size) is expressed in points.
  • Text color
    Item allows user to choose color scheme for terminal screens. Scheme defines color of terminal screen (background) and color of characters (foreground). This list includes well know schemes like "Solarized Light", "Solarized Dark", "Dark Pastels", "Console" (default) and etc.
  • Theme Mode
    Item allows user to choose between Light and Dark theme mode. Also "System" mode is supported on new devices (Android 9.0 or later) otherwise is equal to default mode - Light.

Session section add following:

  • Console startup
    User defined start-up script for build-in shell. Allows user to define environment setting, add shell functions or command aliases.
  • Source system mkshrc
    If selected application specific shell start-up script will source system shell start-up script (/system/etc/mkshrc).

Help section list following:

  • User Guide
    Item allows user to open this user guide.
  • Version
    Item displays application version.

<external>

[round left]
Please report site issues to < webmaster AT termoneplus DOT com >
Copyright © 2018-2024 , Roumen Petrov
Авторско право 2018-2024 , Румен Петров
[round right]