Have you installed SSH? Change the passwords!

Moi un Mouton

macrumors 68000
Original poster
Mar 18, 2008
1,685
1
Bracknell UK
A malicious worm attack on JB phones. I guess we'll see a lot now.

http://news.bbc.co.uk/1/hi/technology/8373739.stm

This is how to change the password:

1. Download Mobile Terminal through Cydia.

2. Launch Terminal, type in: 'su root', it'll prompt you for your current password next, so type in 'alpine'. (Don't use quotations obviously).

Doing the above logs you in as 'root', because by default if you launch terminal and just use the 'passwd' command, it doesn't actually change it per se as you are logged in as 'mobile', which doesn't have sufficient permissions to change the password.

3. Type in 'passwd', and it should prompt you to enter a new password and then ask you to verify it again.

4. Type in passwd mobile (this is to set a new one for user "mobile" as well). Once again, enter a new password twice
 

pixelated

macrumors 6502a
Oct 21, 2008
713
0
very concise. This topic keeps coming up so can we sticky this very nice guide?
 

stlsot

macrumors newbie
Dec 20, 2007
18
0
St Louis
Ive sshd a new password, then jb iphone had to be restored and re jailbroken. Is the sshd new password now back to alpine? or is my new password still there? I imagine i could just ssh back into it to find out:confused:
 

pixelated

macrumors 6502a
Oct 21, 2008
713
0
Ive sshd a new password, then jb iphone had to be restored and re jailbroken. Is the sshd new password now back to alpine? or is my new password still there? I imagine i could just ssh back into it to find out:confused:
it will be back to alpine
 

TWHH

macrumors regular
Jul 12, 2008
138
11
Apologies, this is perhaps a dim question, but how do I know if I have SSH installed?

Is it downloaded and installed as part of the Jailbreak process or is it something which you have to specifically/manually download from Cydia post Jailbreak?

If all I've done is Jailbroken my phone with the lastest Pwnage Tool and then unlocked with Ultrasnow am I vulnerbale to one of these attacks or not?

Thanks,
 

stlsot

macrumors newbie
Dec 20, 2007
18
0
St Louis
I had to install via cydia,,,search system-cmds, install, then you can open it from its icon and perform root change:)
 

foob

macrumors 6502
Feb 17, 2009
306
0
Bad directions. You have to change mobile's password too. The front page of cydia has the directions
 

pixelated

macrumors 6502a
Oct 21, 2008
713
0
If I've uninstalled SSH from Cydia sources, am I in the clear?
OpenSSH? then yes.
But honestly, why would you want to? Being able to access the directory system is the best thing about jailbreaking!
 

klex

macrumors regular
Jun 28, 2007
144
0
OpenSSH? then yes.
But honestly, why would you want to? Being able to access the directory system is the best thing about jailbreaking!
Thanks so much. You may be right, but I never used any of the stuff. I just needed to be able to use the phone on another carrier.

Thanks again.
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
Thanks so much. You may be right, but I never used any of the stuff. I just needed to be able to use the phone on another carrier.

Thanks again.
If you need filesystem access you can always use iFile. It gives you access to the whole filesystem from only the device itself. Then if you get Safari Download Plugin you can download any file straight from Safari and then Run it (if it's an installer) read it (if it's a text or PDF file), view/listen to it (if it's a pic, video, audio file) or even make any mods to your themes/files right from the device.

That said... I wouldn't recommend removing SSH. Just change your default password and you're good. It's not that hard and you never know when you may need it. I leave mine enabled at all times just in case. I have Wifi off unless I'm at home so I'm not even at risk. Even if I was on public wifi I wouldn't be worried! My home computers all have SSH running.

I think people here are scared of SSH... The issue with these Worms is not that OpenSSH is unsafe... It's that using the default password on ANY DEVICE (that means your home router or your briefcase) you are opening yourself up to a world of pain.
 

Night Spring

macrumors G5
Jul 17, 2008
13,146
6,164
That said... I wouldn't recommend removing SSH. Just change your default password and you're good. It's not that hard and you never know when you may need it.
Personally, I prefer to use file browsing programs like ifunbox, iphone explorer, etc, that run from my computer and access the iphone file system over usb. Are there any functionality that SSH provides that these don't? Since I don't have any use for SSH other than accessing iPhone/iPod touch, setting it up seemed more pain than it's worth.
 

Moi un Mouton

macrumors 68000
Original poster
Mar 18, 2008
1,685
1
Bracknell UK
If you need filesystem access you can always use iFile. It gives you access to the whole filesystem from only the device itself............
Personally, I prefer to use file browsing programs like ifunbox, iphone explorer, etc, that run from my computer and access the iphone file system over usb.............
I'm not promoting SSH over anything else in this thread, I'm just saying what the title says - if you've got it, don't leave it on default password!! Or you leave yourself open to these new hacks.
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
Personally, I prefer to use file browsing programs like ifunbox, iphone explorer, etc, that run from my computer and access the iphone file system over usb. Are there any functionality that SSH provides that these don't? Since I don't have any use for SSH other than accessing iPhone/iPod touch, setting it up seemed more pain than it's worth.
With SSH you can run commands from the command line as well as set various file permissions. I'm not sure if these can be done with iFunbox, but I doubt it. iFile can though, but that doesn't help you if you can't get your Springboard to boot.

I leave SSH on and advise against just removing it because if you are having issues with Springboard constantly cycling you can SSH in and fix them rather than being forced to restore your phone.

Also, the directions at the top of this thread are dead simple. They have been posted many times and I've even written several guides here on exactly what to do. I swear it takes longer to remove SSH than it does to just change your password.
 

Night Spring

macrumors G5
Jul 17, 2008
13,146
6,164
I swear it takes longer to remove SSH than it does to just change your password.
That's true enough, but I never installed SSH in the first place! You are talking as if SSH is preloaded with a jailbreak. Are you recommending that everyone install SSH, just in case we get into this springboard cycling state you mention?
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
That's true enough, but I never installed SSH in the first place! You are talking as if SSH is preloaded with a jailbreak. Are you recommending that everyone install SSH, just in case we get into this springboard cycling state you mention?
Well, this thread is warning about security risks due to default passwords left unchanged, so I assumed that SSH was installed or people wouldn't even be contemplating this.

If you really don't want to install SSH, you don't have to, but I would recommend having it installed (that means I would recommend you install it in case you need to fix your springboard).

The only issue is that if my phone gets stuck in a springboard boot cycle then I have to just hope I left Wifi enabled :D If so I can turn off my phone using the Home + Sleep button combo and wait until I"m at my computer. Then I can find a fix online, boot it up, SSH in and try and fix it. Usually this would consist of removing any package that I recently installed. (This is why I also have Aptitude installed. It's a command line package manager like Cydia is. I can use this over SSH to remove packages that could be causing my problem).

But that's just me :D I like to play it safe.
 

Night Spring

macrumors G5
Jul 17, 2008
13,146
6,164
Well, this thread is warning about security risks due to default passwords left unchanged, so I assumed that SSH was installed or people wouldn't even be contemplating this.
Well, I've seen plenty of people posting asking whether or not SSH is automatically installed with a jailbreak, so I thought it better to be clear on that point.

The only issue is that if my phone gets stuck in a springboard boot cycle then I have to just hope I left Wifi enabled :D If so I can turn off my phone using the Home + Sleep button combo and wait until I"m at my computer. Then I can find a fix online, boot it up, SSH in and try and fix it. Usually this would consist of removing any package that I recently installed. (This is why I also have Aptitude installed. It's a command line package manager like Cydia is. I can use this over SSH to remove packages that could be causing my problem).
And with ifunbox, I can plug my phone in to the USB port, and get into the file system and fix the problem. I don't even have to worry about whether or not I've left wifi on! Or am I missing something?
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
Well, I've seen plenty of people posting asking whether or not SSH is automatically installed with a jailbreak, so I thought it better to be clear on that point.



And with ifunbox, I can plug my phone in to the USB port, and get into the file system and fix the problem. I don't even have to worry about whether or not I've left wifi on! Or am I missing something?
Do you have command line access? You can't run commands on the phone with iFunbox. You can only cut, copy and move files.
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
I had to install via cydia,,,search system-cmds, install, then you can open it from its icon and perform root change:)
You had to install what? SSH? If you didn't have it installed then there was no need to worry!
Not only that... There is no icon to click to "open ssh" :D You have to access your command line either with MobileTerminal or from another computer and you SSH into your phone.
 

Night Spring

macrumors G5
Jul 17, 2008
13,146
6,164
Do you have command line access? You can't run commands on the phone with iFunbox. You can only cut, copy and move files.
No command line, but so far I haven't come across a problem that needed command line access in order to fix. You yourself said that the most common solution was to remove the offending files/applications. iFunbox can do that just fine.
 

ViViDboarder

macrumors 68040
Jun 25, 2008
3,446
0
USA
No command line, but so far I haven't come across a problem that needed command line access in order to fix. You yourself said that the most common solution was to remove the offending files/applications. iFunbox can do that just fine.
If you know where they all are. It'll probably work just fine but I use Aptitude so it fully removes the entire package.
 

Night Spring

macrumors G5
Jul 17, 2008
13,146
6,164
I use Aptitude so it fully removes the entire package.
That does sound convenient! But personallly, not enough to go out of my way to install and set up SSH -- not such a hassle if you have a Mac, I suppose, but it's terribly confusing and complex if you are on a Windows system!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.