Why would one want an ssh toggle

[aliensarecool]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A406 Safari/7534.48.3)

What is wrong with it always being on? Maybe I don't understand it fully, even after searching

 

[dhlizard]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A406 Safari/7534.48.3)

What is wrong with it always being on? Maybe I don't understand it fully, even after searching

OpenSSH starts up everytime an iPhone is rebooted or turned on.
Unless one changes the root and mobile passwords, there is a vulnerability of an intrusion.
If one changes the passwords, there is little risk of an intrusion.
Turning it off might save some battery usage also.

 

[OceanView]

OpenSSH starts up everytime an iPhone is rebooted or turned on.
Unless one changes the root and mobile passwords, there is a vulnerability of an intrusion.
If one changes the passwords, there is little risk of an intrusion.
Turning it off might save some battery usage also.

how do you change the password on 5.0.1? mobilterminal does not work anymore

 

[rKunda]

how do you change the password on 5.0.1? mobilterminal does not work anymore

On the main Cydia page there are some links to the bottom. One of them shows how to change the password.

 

[maturola]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A406 Safari/7534.48.3)

What is wrong with it always being on? Maybe I don't understand it fully, even after searching

As DH said, first you are expose even with a changed password, if a new vulnerability become public, your phone will be there like a house with a wide open door. Second the "daemon" is always working (the part of the server that listen all the time for incoming connections) as any service running in the background it will consume battery.

now i ask you a question, what is wrong with having disable, and enable it just when you need it? how often do you really access your device?

 

[mlts22]

If one is worried about it, and knows they will log in from a certain set of machines, just configure sshd to disallow passwords. That way, a would-be intruder isn't going to have any way to get in without access to your other boxes.

 

[OceanView]

On the main Cydia page there are some links to the bottom. One of them shows how to change the password.

For some reason, I am unable to get past the login password prompt when using putty. I typed alpine but it keeps saying the password is wrong.

Any ideas?

 

[rKunda]

Username should be 'root' sans quotes. I don't know if that's what you did. Also, make sure SSH is ON (been there done that, hah). Also, check to make sure you're on the right network.

 

[megamanbnmaster]

to change the password:

login via SSH from terminal or equivalent with mobile as user
type in 'passwd'
change the password from alpine to whatever you want.
then logout
log back in via SSH with root as user
type in 'passwd'... etc repeat, and then your SSH should be safe.

I'd still disable SSH port when not using it though, just as a habit of security.

 

[hackthatphone]

Mobile terminal for 5.x firmware is here http://code.google.com/p/mobileterminal/downloads/list

It's a deb. Easy to install via SSH. Although it's far easier to just change your passwords via a terminal on your computer through ssh.

 

[OceanView]

Username should be 'root' sans quotes. I don't know if that's what you did. Also, make sure SSH is ON (been there done that, hah). Also, check to make sure you're on the right network.

THANKS GUYS! That worked!

 

[dhlizard]

As DH said, first you are expose even with a changed password, if a new vulnerability become public, your phone will be there like a house with a wide open door. Second the "daemon" is always working (the part of the server that listen all the time for incoming connections) as any service running in the background it will consume battery.

now i ask you a question, what is wrong with having disable, and enable it just when you need it? how often do you really access your device?

While I don't really agree that OpenSSH with changed passwords leaves you open to exploit, with the newest iFunBox, using OpenSSH is now a 2nd choice.

 

[maturola]

While I don't really agree that OpenSSH with changed passwords leaves you open to exploit, with the newest iFunBox, using OpenSSH is now a 2nd choice.

Just look it up, it happen last week, before they push an update, exploits are found all the time on any software (same reason why we have jailbreak on the first place)

 

[labman]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A406 Safari/7534.48.3)

Funny I knew who the TS was just by the title.

 

[LoloBond]

OpenSSH starts up everytime an iPhone is rebooted or turned on.
Unless one changes the root and mobile passwords, there is a vulnerability of an intrusion.
If one changes the passwords, there is little risk of an intrusion.
Turning it off might save some battery usage also.

hmmm I didn't know there was a mobile password. thanks!