Support is unresponsive, this looks like an exit scam.
Finally this is getting traction after leaving many of us out of pocket.
Both developers [1] are working in management at Microsoft and AWS while ignoring emails, leaving JuiceSSH to rot because they couldn't be bothered to wrap up cleanly (refund, release a final update with pro features enabled, release the source code etc.)
Paul Maddox [2]: Director - Cloud & AI Solutions Engineering @ Microsoft - last reposted a month ago
Tom Maddox [3]: Head of AWS Solutions Architecture for Local Markets - last commented two months ago
Don't bother going back to Google either. A Play store "support specialist" just told me:
I tried to create a refund request but its not allowing to create one since the date of the transaction is out of our refund policy as we can only process refunds for up to 120 days only after the transaction was charged.
I've been using this app for years. A couple months I needed to use forwarding, which is a Pro feature.
I thought I already bought it years ago, but the app asked me to pay so I bought it again. It instantly locked me out of the whole app. Later I checked and I had bought pro already in 2014 (for 5€, and I paid 30€ this time). Absolutely no answer to my emails.
I've never succeeded on getting a refund with Google. There were a few apps that tricked me into buying a subscription (namely Musescore and Yazio), I immediately asked Google for a refund because I didn't actually get what I thought I was getting, and they denied me both times.
Now I just don't buy anything on the Play store that I can't afford to just be outright scammed on.
The Musescore app is just a minefield of subscription farming, it was somehow miserable even with an existing subscription the number of times it tried to get me to also get their weird AI learning platform. Now I've left it entirely.
> I'm sure "purchase does not work at all" is an exception
Nope, a Play store "support specialist" just told me: "I tried to create a refund request but its not allowing to create one since the date of the transaction is out of our refund policy as we can only process refunds for up to 120 days only after the transaction was charged."
Your credit card company will reverse it for you. A non-working product with unanswered emails will allow you to easily get your money back while also giving the middle finger to Google.
I've done it in the past (~2015). Honestly if Google locked me out of all of those other purchases it'd be great grounds to sue them. If everyone started doing this it would prevent them from doing this in the first place and may be additional fodder for (hopefully) continued anti-trust losses in court. If your life is tied to Google in that way then it's a risk no matter what you do and you should probably think about how to reduce that risk. I don't have anything other than purchases tied to my Google accounts anymore.
JuiceSSH was popular starting 2013-2014 and Termux was released in 2015. ConnectBot technically existed before but its keyboard has always left more to be desired.
> It's far quicker and easier to hit a toggle in JuiceSSH
termux via F-droid is far better now than JuiceSSH Pro. Termux:Widget let's you launch an SSH tunnel script with one click. I stopped using JuiceSSH Pro more than a year ago once I realized this.
I am not contending truth here, but also I have never even tried / considered anything outside of termux + unexpected keyboard, and I can't imagine anything improving my experience.
what makes juicessh so good? I guess I'm asking for a "Convince me to try it" style review of juice.
"I guess I'm asking for a "Convince me to try it" style review of juice"
Notice this is about juicessh becoming unusable and no longer having any support. That should satisfy you.
For my few emergencies ConnectBot worked quite well as an ssh client for me, including port forwarding (so i could use VNC sessions to unlock a boot issue in a VM using some VNC app)
I used JuiceSSH many years ago, had the Pro version when it was briefly free once. I've used Termux for years now and it seems better to me. You can set up ssh keys and aliases like usual, multihop works. I think I used to use Hacker's Keyboard but now I use AnySoftKeyboard since it had better alt layout support (e.g. Dvorak, Workman). I've got a row at the top with ctrl, tab, arrows, esc... It even works to do C-a, C-c, C-v in other apps. I'd recommend the combo. All available from F-Droid.
Yes I use termux too. What I love is that everything works that works on a normal computer too. And the same way. Even ssh keys on yubikeys work great with open keychain and okcagent.
I bought Juice pro many years ago and use it daily on my phone and Tablet. I like how it gives my one click access to my handful of servers, and I liked the syncing between devices. I started using Termux last week and it seems like a decent alternative. The copy and paste is nicer on JuiceSSH, and I think it is more immune from getting disconnected if you switch to another app during a session.
From what I've read, TCPKeepAlive can be a good or a bad thing. On the one hand, sending a packet every now and then can dissuade a middle box from dropping the connection. On the other hand, if the connection is temporarily not working and would have started working again a few minutes later the attempt to send an unnecessary packet could cause the connection to break permanently when it wouldn't otherwise have broken. I suppose that next time I have a recurring problem I should try both.
No, it's a generic android keyboard and works with all apps. But you need a keyboard like it (arrow keys, ctrl, etc.) for termux to not be a total PITA to use.
(Android has full physical keyboard support, so with it you can use Ctrl+A/Ctrl+X/Ctrl+V in all input fields. Usually a lot faster than fumbling with the touch equivalents that keep randomly bugging out…)
To add to this you can define custom keyboards quite easily for just about any unicode character you can imagine and more. It is an extremely underrated keyboard. It doesn't come with autocorrect built in though, but i barely notice. The privacy it offers is a nice touch, and its functionality unmatched.
I haven't used my Pro purchase in years, but if I did want to ssh from my phone today, I'd use the newish Terminal app, available since Android 15. It's a full Debian virtual machine.
Apparently it's about software, not hardware - Qualcomm recommends running Android under a virtual machine (which lacks nested virtualization support).
IIRC Qualcomm smartphone SoCs have always run some kind of hypervisor, I believe it's to allow partitioning of the CPU cores with the modem/DSP.
They used to (mid-late 2000s) use an L4 derivative ("REX"?), with the more recent chips (including the 'X' series for PCs) using their homegrown "Gunyah" hypervisor (https://github.com/quic/gunyah-hypervisor)
Is this for real? Do you have any more info on this? It seems crazy to me given how popular their chips are and how many problems I’d imagine this creates
It should work fine for any Android phone with pKVM support. It runs Debian in a VM, with some kind of Wayland trick (using virgl for GPU acceleration) to get GUI support.
pKVM requires a) a compatible CPU (most CPUs will do, probably), b) compatible firmware/bootloader software, and c) a compatible Android build
The latter two parts are the most likely reason why not all phones have support for this.
The other HN comment already has some info, but from what I remember from r/android threads, it's because qualcomm doesn't allow unsecure (sic? unencrypted?) VMs, which, ironically, are needed to run nested Linux.
Disclaimer, my memory on the exact terminology is extremely fuzzy. But pixels with tensor can run it just fine. And it's purely a software thing too, btw.
It shouldn't be problematic if the processor supports it well. For example modern Windows is always running as a VM and people are barely aware of that.
Yeah, another vote for Termux. The linux VM ends up being a bit laggy because it's actually a webview that renders a terminal, that's connected to the VM. More importantly though, the soft keyboard support is totally broken, so if you try to backspace more characters than you've typed, it won't let you. That sucks if do something like:
1. type some command, hit enter
2. hit up to edit it (because you typoed something)
3. can't backspace because the soft keyboard thinks there's nothing to delete
Ive always considered termux the more elegant option for userspace programs than the android terminal debian vm. I just wished android had the permission api to create user namespaces (containers) in termux
It is extremely flaky on GrapheneOS, at least on my Pixel 8 Pro. Just typing Ctrl-D to exit will corrupt it, requiring a full reinstallation of the Debian VM
Oh wow. I did a very basic test this morning `ping google.com` and then ctrl+c and it seemed to work okay. Not done any more extensive testing than this though.
Could it be that it's just very flaky on all pixel devices? Or maybe something graphene is doing to harden the OS doesn't play nicely with how it's been implemented?
The built-in terminal app seems to be similarly flaky on my Pixel 8. Also, the kernel it boots into is really stripped down, and it lacks a ton of essential features. I was not able to install VirtualHere client to pass through USB devices, and there's no built-in functionality. There's also no way to open it full-screen on the Pixel 8's DP-over-USB-C desktop mode. Hopefully it continues to improve, but it seems like Google is more into extracting value than they are improving their products at this point.
I just tried it on my S25. I can enable the option an open the APK but can't download it because it fails to create the VM because the S25 does not support Non-protected VMs, so I may require a rooted device. I guess I will stick to Termux but interesting feature nonetheless
Termux is doing a container. The android terminal is doing a virtual machine. That's the difference.
Termux would definitely be the light weight option, but you will be pinned to whatever version of the kernel your device is shipped with (may be a bit old.)
No, termux isn't a container, it's running directly in userspace on the host. The only weird thing is that because it's running directly on the host, it has to be built to use unusual paths, eg. /data/data/com.termux/files/usr/bin/bash instead of /usr/bin/bash. If it used containers (which IIRC it can't because Android doesn't really support it) that would actually be easier because then it could use a chroot to make the paths look normal.
Ah, well that stinks a little. I guess it makes sense, if android doesn't mandate a few kernel settings then working with containers might not be an option.
Couldn’t it implement a “fake chroot” by e.g. creating its own libc which wraps the real one but with path remapping, and then linking all its executables against that?
That would only work for things that use libc (so eg. most Go programs are probably not going to work). The main way that you can do an unprivileged fake chroot is proot, which termux does offer - see https://wiki.termux.com/wiki/PRoot - but that has a significant performance hit.
I'm a big fan of Revanced, but I haven't heard of Morphie - do you have a link for it? (I tried searching, but all I'm coming up with are cosmetics, chargers, and an IRC app.)
Edit: found it: https://morphe.software/ - looks like it's sort of an offshoot of ReVanced that only supports Youtube at the moment.
And, for those who weren't aware of ReVanced, see https://revanced.app/ - it was originally just a tweaked version of the YouTube app called Vanced (an "advanced" YouTube app, but without the "ad"s ;) - but now it's a tool that can patch a bunch of different apps.
Yikes. I also just noticed that all the plugins (part of the pro feature set) rely on separate apk downloads from the Play Store, which all appear to be dead/delisted. This is really a shame, I too have thought of this as "the best" Android SSH client in the past.
I get it why an article like this is being posted, but I’m also worried that it’s jumping to conclusions.
Devs/support get overwhelmed, apps get buggy. A better course of action to me seems: reporting a broken app, requesting refund, waiting for the fix and switching to an alternative in the meantime.
I also dislike that this behavior could be a reason against sideloading, especially if made more popular.
It worked for years with no/few changes. Then the price increases and pro features stop working.
I'm not too likely to give the devs the benefit of the doubt. Patch out the 'pro' check and release an update. Or reply to one of the many new 1 star reviews and say you lost access to the source code, if that's what happened.
They seem to have pulled it, I can't find it on my Pixel.
I paid for it in 2014, and it hasn't been updated in about half of that time, they removed the cloud key backup at some point without notification so I lost all of the keys I had stored, and last time I used it, it didn't even recognise I had paid for it.
I still don’t get it. You say it yourself that it worked for years with no issues. Current behavior is bad but the community pirating the app does not seem right either.
Popular apps get away with more user hostility and price gouging. To me this effort seems misplaced.
I know, my point is this doesn’t give you the right to pirate the app. You have legal ways to fight it: request a refund, report it to the store, write a review, advocate for an open source alternative, etc.
People have shared that many of those things didn't work, developers don't care about reviews of an abandoned app, refund process probably costs you more in time than you would get, and Google is not really known for their good support.
You shouldn't go through that much effort for something you already paid and obviously malicious/unethical approach caused you problems. If there are things in favour of piracy, it is in cases like this.
I think the implication is that you should own multiple client devices capable of SSHing into things, each with their own SSH keypair; and every SSH host you interact with should have multiple of your devices’ keypairs registered to it.
Tuna-Fish said that instead of backing up the keys from your devices, you should create a specific backup key that is only ever used in case you lose access to all your devices.
This is indeed best practice because it allows you to alert based on key: if you receive a login on a machine with your backup key, but you haven't lost your devices, then you know your backup was compromised. If you take backups of your regular key then it would be much more difficult to notice a problem.
Actually, you shouldn’t. You probably use an easy-to-remember password on SSH keys since you have to type them often, but that also means you’re storing one of your (let’s face it, the primary) password you have in a single file, readable to every executable your run under your account. And that means you’re one exfil away from not only getting your SSH keys compromised, but also allowing an attacker to run an offline decryption attack with unlimited attempts. This invariably leads to your main password getting compromised.
Instead, set up SSH certificates, MFA, Yubikey, or TPM/Enclave storage for your private keys.
> but also allowing an attacker to run an offline decryption attack with unlimited attempts. This invariably leads to your main password getting compromised.
Do the OpenSSH authors not know about PKBDF2 or similar?
How does PBKDF2 prevent an offline decryption attack with unlimited attempts?
All it does is slow down the attempts, but for the average person's easy-to-remember password, it's probably increasing the effort from milliseconds to a few days.
Just a cynical observation here, but its funny how the author still hangs onto the notion that it is "the best" despite that it de facto cannot be "the best."
Also, maybe dont rely on a poorly maintained app for making secure connections to your systems? Just me?
After using it for many years, I recently switched from JuiceSSH to Termius (com.server.auditor.ssh.client for disambiguation) after having some issues and seeing the writing on the wall regarding JuiceSSH. It took some customization but I was able to get it set up pretty nice and I'm happy with it.
Termux is one of the best apps ever made for Android power users. It literally replaces so much stuff, if you don't care about GUI. No need for SSH app - it has ssh. No need for file sync app - there is rsync. No need for notetaking app, there is your $EDITOR you like. All 100% free. It's amazing.
I just tried to purchase pro from within the app just to see what the price is, and the Google Play purchase popup tells me it's not available. Interesting.
Not trying to defend the developer here but they went really silent once before like this. Then came out of the gate with a bunch of updates and new features.
I'm hoping they've just got really busy with life, I know when I emailed them before they have been responsive and helpful.
I mean hell they might have died? Does the Store have a process for this?
This app has been around a long time so I don't understand the rugpull comments.
Also the syned keys are (supposedly, I guess we don't have the source) encrypted so even if the dev is no longer active that aspect should be secure I hope.
My Pro features still seem to be working for me. EDIT: No, I see now that Cloud Sync isn't a thing anymore. Looks like it's really lost its backend servers.
The article says "the purchase made in 2019 is not recognized anymore". The seller unilaterally taking back something you previously bought, especially without a refund, is a rug pull.
It still doesn't sound intentional to me. How many scammers are going around creating useful apps, supporting them, pushing out new features, and then finally doing the rugpull 14 years after release? It feels a lot more likely that the backend servers have fallen down on their own and for whatever reason there's no one around to fix them.
A rugpull to me is something specifically setup to try and make money by scamming/rugpulling. JuiceSSH has been around for so long, even if it doesn't work anymore I don't feel rugpulled? If it was a year old I'd agree.
If it were advertised at the time as a 1-year rental/subscription then it wouldn't be a rug pull. But the fact that it was advertised as a permanent purchase means that it is, no matter how long you got to use it before it was involuntarily taken back from you.
I mean it seems like they have increased the price, locked previous lifetime purchases (which prompted some of the commenters here to purchase it again at the higher price) and many features (cloudsync, plugins) were killed. All without any communication or a platform for complaints.
Finally this is getting traction after leaving many of us out of pocket.
Both developers [1] are working in management at Microsoft and AWS while ignoring emails, leaving JuiceSSH to rot because they couldn't be bothered to wrap up cleanly (refund, release a final update with pro features enabled, release the source code etc.)
Paul Maddox [2]: Director - Cloud & AI Solutions Engineering @ Microsoft - last reposted a month ago
Tom Maddox [3]: Head of AWS Solutions Architecture for Local Markets - last commented two months ago
Don't bother going back to Google either. A Play store "support specialist" just told me:
I tried to create a refund request but its not allowing to create one since the date of the transaction is out of our refund policy as we can only process refunds for up to 120 days only after the transaction was charged.
[1]: https://juicessh.com/about or https://sonelli.com/about
[2]: https://www.linkedin.com/in/paul-maddox
[3]: https://www.linkedin.com/in/tom-maddox-87236b27
reply