Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Has someone hacked into my iphone via SSH?

Bdubb

Bdubb

macrumors regular
Original poster
Mar 18, 2010
207
0
I don't SSH my phone too often with WinSCP, but I will log in once a month or so. I recently upgraded my Pc to Windows 7.

I couldn't log on with WinSCP for whatever reason, So I basically reinstalled OpenSSH in Cydia, and sure enough I was reconnected.

But to my surprise, as soon as I log into my iPhone via WinSCP, I saw this...


29wcd5l


It has been always "Library" and "Media" .. so what's with the translucent ".ssh" folder? why is that there now?

I clicked inside it had this file "Known hosts"

25pepnx



and when I opened the file it was full of random letters and codes.

Can someone shed a little light into this, is there anything I should be worried about or this is okay? it's just THE NEW Open SSH for Cydia? or is it?:confused::(

As you may be able to tell by this pathetic thread, I am not tech savvy at all.
 
Don't worry. These are your ssh config files for the root user (i assume that's who you logged in as). They are showing up now because your settings must differ from your previous install. Anything that starts with a period is a hidden file or folder in unix. Your new settings must be set to show hidden folders.

No big deal as long as you have changed your root and mobile passwords to something besides the default.
 
calvy said:
Don't worry. These are your ssh config files for the root user (i assume that's who you logged in as). They are showing up now because your settings must differ from your previous install. Anything that starts with a period is a hidden file or folder in unix. Your new settings must be set to show hidden folders.

No big deal as long as you have changed your root and mobile passwords to something besides the default.
Click to expand...

No, it is a big deal. The known_hosts file is checked each time you try to connect. Your SSH client will send it an encrypted key, which is checked against the key in the known_hosts, if it matches, no password is required to login.

@OP - Delete that file if you are sure you weren't the one to set it.
 
vladzaharia said:
No, it is a big deal. The known_hosts file is checked each time you try to connect. Your SSH client will send it an encrypted key, which is checked against the key in the known_hosts, if it matches, no password is required to login.

@OP - Delete that file if you are sure you weren't the one to set it.
Click to expand...

so changing the "alpine" password doesnt do anything regarding security?
 
vladzaharia said:
No, it is a big deal. The known_hosts file is checked each time you try to connect. Your SSH client will send it an encrypted key, which is checked against the key in the known_hosts, if it matches, no password is required to login.

@OP - Delete that file if you are sure you weren't the one to set it.
Click to expand...

I think you're mistaking known_hosts with authorized_keys.

The former just lets your know (and confirm) that you're connecting to the correct machine and that nothing has changed (or perhaps did and then you're warned).

The latter contains your public key which you get when you generate an ssh key pair. The private portion stays on your local computer.

dt
 
@OP, you got nothing to worry about, that directory is always there, if you didn't see it before it is because it is a hidden directory, not sure why you are seeing hidden directories if you didn't change your settings but maybe the upgrade to Win 7 maybe have something to do with it.
 
is there a way to keep ssh turned off always? everytime i open sbsettings its always turned on.
 
Don't install it is the only way to always have it disabled.

However, even when it is installed, the SSH service is not actually running unless it's actively being used. There is an always-on listening service that, among other things, listens for port knocks on the SSH port, 22. If it gets a knock, then it launches the OpenSSH service/daemon/whatever.

So, when SBSettings tells you OpenSSH is "on," it's not necessarily being used/loaded in memory. Turning it "off" merely blocks it from being instantiated via the listening service.
 
doubletap said:
I think you're mistaking known_hosts with authorized_keys.

The former just lets your know (and confirm) that you're connecting to the correct machine and that nothing has changed (or perhaps did and then you're warned).

The latter contains your public key which you get when you generate an ssh key pair. The private portion stays on your local computer.

dt
Click to expand...

exactly. Ignore vladzhara.
 
The known_hosts file is only there to warn you if the SSH key of the host you are connecting to changes versus the hostname or IP.

This would happen if someone was pretending to be the server you were connecting to. Basically, all it does is stop this from showing up when you attempt to SSH:

The authenticity of host '[192.168.1.3]:222 ([192.168.1.3]:222)' can't be established.
RSA key fingerprint is 55:12:d3:d4:4f:c5:67:33:74:06:7a:22:25:79:f8:da.
Are you sure you want to continue connecting (yes/no)?

Once you answer 'Y', you won't see anything about this again until the RSA/DSA key changes (usually happens if you like reinstall the OS or something like that).

It provides a small but important piece of security, but it has nothing to do with passwords or access to the device.
 
A day later I returned and sure enough you guys are here to help with insightful answers. Well I guess the general consensus is "Don't worry about it , it's perfectly safe".

I've been using WinSCP for like three years now and every time I log in, I just get the /Private/var/root directory into "Library" and "Media" so this was something new, hence why I came here and started the thread.

On a related note, how do I actually change the "Alpine" password?

In WinSCP, I could only manage to go to "Options">"Preferences">"Security" and check/ "Use Master Password"... So I figured the "Master Password
IS the "Alpine" but really it's not, I created my own personal "Master Password" but when logging in to WinSCP again, It didn't accept anything else for password but "Alpine" what gives? Please if someone can explain this further.
 
Bdubb said:
On a related note, how do I actually change the "Alpine" password?

In WinSCP, I could only manage to go to "Options">"Preferences">"Security" and check/ "Use Master Password"... So I figured the "Master Password
IS the "Alpine" but really it's not, I created my own personal "Master Password" but when logging in to WinSCP again, It didn't accept anything else for password but "Alpine" what gives? Please if someone can explain this further.
Click to expand...

This isn't possible. The SFTP protocol doesn't have any method to support a password change. WinSCP is basically just a file manager that uses the same security as SSH.

You have to log in with an actual SSH client. Try Putty (my favorite SSH client)

Once you are logged in:

passwd root
Enter new password, hit return, twice

passwd mobile
Enter new password, hit return, twice

logout
 
You could manually edit the sshd_config to disallow external logins using passwords. This completely would lock out people trying to get in.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back