Using SSH tunneling to only allow access to certain mobile device

cn flag

I need a way for our app that sends data from a phone to a server and to a database to only allow certain mobile devices to accept data from. I searched ip filtering but the ip addresses of phones change all the time. and mac address filtering isn't as secure. people recommended SSH tunneling but I can only find scenarios for desktop and not for mobile

djdomi avatar
za flag
Questions seeking installation, configuration or diagnostic help must include the desired end state, the specific problem or error, sufficient information about the configuration and environment to reproduce it, and attempted solutions. Questions without a clear problem statement are not useful to other readers and are unlikely to get good answers
cn flag

I'm not too sure who told you about using an SSH tunnel. That's practical if you are connecting two servers together, or a client you control and a server.

The only way that works in the current world is by having the customer connect to your server. The server generates a unique session identifier (such as a UUID, it has to be large enough and best possible randomness to be secure) and sends that to the user's phone. That's often called a cookie.

Then each time the phone wants to access your server, it sends that cookie which identifies the phone as an allowed user.

Of course, all the communications have to happen encrypted (TLS 1.2 or better).

Note that there is also VPN. This is similar to SSH, but opens a connection through which other safe connections can be mode. It really will depend on your app., personally I would not recommend VPN as it adds another layer which is likely to fail in strange ways (i.e. the rest of your app. won't exactly know why it's failing to connect, receive data, etc.).


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.