Has someone hacked into my iphone via SSH?

Discussion in 'Jailbreaks and iOS Hacks' started by Bdubb, Sep 19, 2010.

  1. Bdubb macrumors regular


    Mar 18, 2010
    I don't SSH my phone too often with WinSCP, but I will log in once a month or so. I recently upgraded my Pc to Windows 7.

    I couldn't log on with WinSCP for whatever reason, So I basically reinstalled OpenSSH in Cydia, and sure enough I was reconnected.

    But to my surprise, as soon as I log into my iPhone via WinSCP, I saw this...


    It has been always "Library" and "Media" .. so what's with the translucent ".ssh" folder? why is that there now?

    I clicked inside it had this file "Known hosts"


    and when I opened the file it was full of random letters and codes.

    Can someone shed a little light into this, is there anything I should be worried about or this is okay? it's just THE NEW Open SSH for Cydia? or is it?:confused::(

    As you may be able to tell by this pathetic thread, I am not tech savvy at all.
  2. calvy macrumors 65816

    Sep 17, 2007
    Don't worry. These are your ssh config files for the root user (i assume that's who you logged in as). They are showing up now because your settings must differ from your previous install. Anything that starts with a period is a hidden file or folder in unix. Your new settings must be set to show hidden folders.

    No big deal as long as you have changed your root and mobile passwords to something besides the default.
  3. vladzaharia macrumors regular

    Jul 5, 2010
    No, it is a big deal. The known_hosts file is checked each time you try to connect. Your SSH client will send it an encrypted key, which is checked against the key in the known_hosts, if it matches, no password is required to login.

    @OP - Delete that file if you are sure you weren't the one to set it.
  4. this is funah macrumors 6502

    this is funah

    Oct 13, 2005
    Berlin, Germany
    so changing the "alpine" password doesnt do anything regarding security?
  5. doubletap macrumors regular

    Jan 2, 2009
    Ashburn, VA
    I think you're mistaking known_hosts with authorized_keys.

    The former just lets your know (and confirm) that you're connecting to the correct machine and that nothing has changed (or perhaps did and then you're warned).

    The latter contains your public key which you get when you generate an ssh key pair. The private portion stays on your local computer.

  6. maturola macrumors 68040


    Oct 29, 2007
    Atlanta, GA
    @OP, you got nothing to worry about, that directory is always there, if you didn't see it before it is because it is a hidden directory, not sure why you are seeing hidden directories if you didn't change your settings but maybe the upgrade to Win 7 maybe have something to do with it.
  7. bw1128 macrumors 6502a

    Jun 29, 2010
    is there a way to keep ssh turned off always? everytime i open sbsettings its always turned on.
  8. bripab007 macrumors 6502a

    Oct 12, 2009
    Don't install it is the only way to always have it disabled.

    However, even when it is installed, the SSH service is not actually running unless it's actively being used. There is an always-on listening service that, among other things, listens for port knocks on the SSH port, 22. If it gets a knock, then it launches the OpenSSH service/daemon/whatever.

    So, when SBSettings tells you OpenSSH is "on," it's not necessarily being used/loaded in memory. Turning it "off" merely blocks it from being instantiated via the listening service.
  9. calvy macrumors 65816

    Sep 17, 2007
    exactly. Ignore vladzhara.
  10. ulbador macrumors 68000


    Feb 11, 2010
    The known_hosts file is only there to warn you if the SSH key of the host you are connecting to changes versus the hostname or IP.

    This would happen if someone was pretending to be the server you were connecting to. Basically, all it does is stop this from showing up when you attempt to SSH:

    The authenticity of host '[]:222 ([]:222)' can't be established.
    RSA key fingerprint is 55:12:d3:d4:4f:c5:67:33:74:06:7a:22:25:79:f8:da.
    Are you sure you want to continue connecting (yes/no)?

    Once you answer 'Y', you won't see anything about this again until the RSA/DSA key changes (usually happens if you like reinstall the OS or something like that).

    It provides a small but important piece of security, but it has nothing to do with passwords or access to the device.
  11. Bdubb thread starter macrumors regular


    Mar 18, 2010
    A day later I returned and sure enough you guys are here to help with insightful answers. Well I guess the general consensus is "Don't worry about it , it's perfectly safe".

    I've been using WinSCP for like three years now and every time I log in, I just get the /Private/var/root directory into "Library" and "Media" so this was something new, hence why I came here and started the thread.

    On a related note, how do I actually change the "Alpine" password?

    In WinSCP, I could only manage to go to "Options">"Preferences">"Security" and check/ "Use Master Password"... So I figured the "Master Password
    IS the "Alpine" but really it's not, I created my own personal "Master Password" but when logging in to WinSCP again, It didn't accept anything else for password but "Alpine" what gives? Please if someone can explain this further.
  12. ulbador macrumors 68000


    Feb 11, 2010
    This isn't possible. The SFTP protocol doesn't have any method to support a password change. WinSCP is basically just a file manager that uses the same security as SSH.

    You have to log in with an actual SSH client. Try Putty (my favorite SSH client)

    Once you are logged in:

    passwd root
    Enter new password, hit return, twice

    passwd mobile
    Enter new password, hit return, twice

  13. mlts22 macrumors 6502a

    Oct 28, 2008
    You could manually edit the sshd_config to disallow external logins using passwords. This completely would lock out people trying to get in.

Share This Page