SSH and Android

How can I configure and use SSH connection via Internet from ServiiGo to Serviio server? Is it possible on non rooted Android devices?

[will]

Its not possible with out root.

I assume this is to encrypt the traffic between ServiiGo and the server?

If you want a solution that doesn't requrie root, you can either use a VPN server i.e. OpenVPN for which there is an Android client for 4.0+, or you can setup something like an apache reverse proxy or stunnel and enable HTTPS support within ServiiGo (you can get a proper certificate for free from StartSSL provided you own a domain name, while there is an option in ServiiGo to use self signed certificates, it doesn't work in the internal video player or for most external players so it isn't recommended).

I think that stunnel is most flexible solution. Can You explain how to configure Linux and Android devices to use Serviio over stunnel?

[will]

I think that stunnel is most flexible solution. Can You explain how to configure Linux and Android devices to use Serviio over stunnel?

This method really requires a proper domain name (not just a dynamic dns one) so that you can get a verified SSL certificate as there is no way to tell the video players to allow self signed certificates. But you can set it up with a self signed certificate for testing purposes.

1. Install and setup stunnel as per its instructions forwarding incoming requests on port 5000 to localhost:23424
2. Forward port 5000 from your router to the machine running serviio/stunnel
3. Add a new server in ServiiGo with address: domainname:5000 and tick the SSL support box. If testing with a self signed certificate, tick the allow self-signed certificates box.

From my point of view, the most important is to encrypt/secure login procedure of ServiiGo to Serviio server. Dont care about that someone can potentially know what TV show I am watching. The most important thing is to be secure from hackers to access my (and my customers) home server. OpenVPN I use in a lot of installations but it is extremely difficult to setup client for non-IT persons as my customers.
By the way. I use for OpenVPN needs, own CA so certificate can be sign.
I don know implementation of stunnel in ServiiGo so my question is. Will I be secure with self signed cert during login procedure? (all others is not important)

[will]

From my point of view, the most important is to encrypt/secure login procedure of ServiiGo to Serviio server. Dont care about that someone can potentially know what TV show I am watching. The most important thing is to be secure from hackers to access my (and my customers) home server. OpenVPN I use in a lot of installations but it is extremely difficult to setup client for non-IT persons as my customers.
By the way. I use for OpenVPN needs, own CA so certificate can be sign.
I don know implementation of stunnel in ServiiGo so my question is. Will I be secure with self signed cert during login procedure? (all others is not important)

It really depends on what you mean by secure, nothing is totally secure.

At no point during the login process is the password sent to the server, instead ServiiGo generates a string based on the date and password and sends the string and the date it used to Serviio, which then uses the same processes and checks to see if they match. If they do the server returns an authorisation token which ServiiGo then uses to browse and request content. Without a valid token then you cannot access the server or the content on it, so a hacker on the internet who happened to find that port 23424 was open would be able to do very little without knowing your password.

Now there could be a case where you connected via a shady wifi hotspot to the server and someone spied on your traffic, in that case yes an attacker could capture some packets and extract the authToken from the requests as they aren't encrypted. They could then use that to access the resources that you were accessing, and I guess if they really wanted browse the server for more content and access that, although they would need to put in a lot of work. If you wrapped the connection up in HTTPS (self signed or otherwise) then they wouldn't be able to see the requests or access the authToken, but note its an all or nothing, there is no point encrypting the login process if you don't encrypt the requests made that contain the authToken from the login process.

So in summary, random attacker somewhere on the internet, won't be able to do anything meaningful. Someone who can intercept and capture your network traffic, could potentially access content on the server if they really wanted to and could work out what was going on.

Re your CA, unless its a CA that Android recognises, then no that won't work.

So, as a assumption, it can be say that buid-in security in ServiiGo/SeriioServer is secure by itself during log-in procedure. And because of nature of connection between both is non-constant, potential hackers have to do a lot of work to capture necessary info from stream, tablet (or other Android unit) access ServiioServer from different hotspots during a day, so other security features are unnecessary. Until I am only one person knowing password of course. I am right?

[will]

So, as a assumption, it can be say that buid-in security in ServiiGo/SeriioServer is secure by itself during log-in procedure. And because of nature of connection between both is non-constant, potential hackers have to do a lot of work to capture necessary info from stream, tablet (or other Android unit) access ServiioServer from different hotspots during a day, so other security features are unnecessary. Until I am only one person knowing password of course. I am right?

Pretty much. The only realistic way to break into the server is to know the password, or capture the traffic required to get a valid authentication token, and you would need to jump through a lot of hoops to make use of the authentication token.

OK. THX, now it is clear for me.