Keep up-to-date with the RSS feedTIP: Change your iPhone’s SSH password
[Edit: It would appear this post is getting a lot of attention these last few days, possibly due to the current outbreak of worms/attacks using the default SSH passwords. To all my new visitors, it's great to have you here and thanks for visiting. Hopefully you'll find other useful posts during your visit!
If you find this post useful, can I please ask that you Digg, Retweet etc so other people can also make their jailbroken iPhone as secure as possible. Lets not make things easy for the hackers out there! Thanks again for visiting!]
While playing around with a couple of applications today, I realized that my iPhone was showing up in Cyberduck over Bonjour, something I’d somehow managed to not figure out until now ! Now I use BossPrefs to turn off SSH when I’m not using it, but I know a lot of people won’t. This got me thinking; do they all run using the default username and password ? Considering the entire iPhone hacking community knows what they are, that can’t be a good thing !
After a quick download and a few commands, I’d changed my password to something a little more secure, and here’s how you can too….
First off, fire up Cydia and download an application called MobileTerminal. It’s nice and small so shouldn’t take too long. Once downloaded launch it and you’ll be faced with a screen very much like the screenshot over on the left. It’s basically a terminal window just like OS X and linux.
Now just enter the command:
passwd
Now you’ll be asked for your old password which should be ‘alpine’ (without the ‘ obviously), followed by your new one (twice). Nice and simple.
Now you can sleep easy at night knowing that your jailbroken iPhone’s now just a little more secure.
Any questions or comments, you know what to do ! Comments section below, Twitter or email.
« Apogaeum store to finally open in Doncaster?
TestFreaks is Metacritic for everything else »
Related posts
Comments
Comment from Adam
Time: September 12, 2009, 7:27 pm
You should also do this for the root account as it is the most important. These instructions only change the “mobile” user password. To change the root user password, in the terminal type “su root” enter “alpine” as your password. Then type “passwd” and enter your new password twice.
Comment from Dezorian
Time: October 10, 2009, 11:52 am
Thanks for the comment Adam, that was actually what i was looking for.
Comment from blue duck
Time: November 3, 2009, 10:22 am
I was also wondering the same thing. Great post.
Comment from Oli
Time: November 3, 2009, 10:42 am
Glad everyone is finding this post useful. Also, thanks to Adam for the extra info !
Comment from Ben Gillam
Time: November 3, 2009, 11:25 am
just to add to the above, which changes the password for mobile, to change the root password run
1) su root
2) enter current password (alpine if not changed)
3) run same passwd command as above.
Nice guide 
Comment from jason
Time: November 3, 2009, 4:36 pm
If you are not jailbroken, do we need to do this?
Comment from Oli
Time: November 3, 2009, 4:41 pm
@Jason – No. This is only for jailbroken devices running an SSH client.
Comment from all1s0n
Time: November 9, 2009, 6:26 am
I changed the mobile password, tried to then run ’su root’ and it came up with this: “[my name]-iPhone:/var/mobile root#”. I can’t seem to get any further. Please give this inexperienced person some advice on changing the root password, thanks!
Comment from Ben Gillam
Time: November 9, 2009, 8:49 am
@all1s0n
from there you should just be able to type “passwd” then hit enter and it will ask for new password. it sounds like you have logged in as root succsessfully so running the passwd command again will allow you to change the root password.
Comment from all1s0n
Time: November 9, 2009, 10:16 am
Thanks for that Ben, it wasn’t (more probably I wasn’t) doing the right thing the first time. After changing the root password it came up with: “[my name]-iPhone:/var/mobile root #” again, does this mean I was successful? I really appreciate your help. thanks again.
Comment from barabrat
Time: November 9, 2009, 2:21 pm
Yes all1s0n, you will return back to the “[my name]-iPhone:/var/mobile root #” promt again.
Comment from SSHer
Time: November 9, 2009, 9:29 pm
thank you guys so much for this post. it really helped me out. ive been working with ssh for awhile now but i could never figure that part out lol.
Comment from James Dryden
Time: November 10, 2009, 9:43 pm
This is really good – considering the worm that “rick rolls” a jailbroken user’s background, this is pretty darn good! One more layer of security!
Thanks to Oli and Adam for the info! Nice work 
Also, the SBSetting’s toggle for SSH is pretty handy too!
Comment from Ruel
Time: November 12, 2009, 7:13 am
I’m stuck on the first part. I enter in the phrase ‘passwd’ and am asked for my old password, but for some reason, i cannot enter it in. When I try to type it into my iphone, nothing gets entered and the cursor stays blank. help?
Comment from woosaabi
Time: November 12, 2009, 7:38 am
Ruel, The cursor will remain blank and will not move whilst you type your password. Just type your old password and press ‘enter’, then enter your new password (again it will not display on screen). However it should display password changed if you did it correctly.
Comment from Winnifred
Time: November 16, 2009, 2:29 pm
Hi there, I had changed my root password. While changing the mobile password, after typing “passwd”, “anothe passewd process is running” apply. Is my phone getting hacked at the moment? how do i change the mobile passwd then?? Pls advise..
Comment from philly
Time: November 16, 2009, 6:37 pm
How do I know if I am running a SSH client? And if I am not, do I still need to change my password? Any advice would be greatly appreciated…..oh and yes my phone is jailbroken.
Comment from Roger
Time: November 21, 2009, 8:33 am
Thanks for this info. I’m very limited to knowledge on these type of things, I found it very helpful
Comment from Ed
Time: November 23, 2009, 11:50 am
Thanks for this. I usually keep SSH off unless I’m transferring files at home, but I’m sure I forget to turn it back off from time to time.
Comment from kev
Time: November 23, 2009, 10:44 pm
terminal does not boot up on my phone, it keeps crashing and turning off, any ideas?
Comment from Jack
Time: November 25, 2009, 2:33 pm
Nice guide. I have the same problem as kev, however.
Comment from pytho25
Time: December 2, 2009, 12:04 am
nice. but is a default password. Is this a security problem?
Comment from Oli
Time: December 2, 2009, 12:37 pm
@pytho25 – if you’re jailbroken, run OpenSSH and have the default password then yes, it’s a security problem. I’d get it changed ASAP.
Comment from Carlo
Time: December 3, 2009, 10:09 pm
hi,
I just jailbroken my iphone. How do i know if i have OpenSSH? What if I dont have the OpenSSH application? am i safe?
Comment from Ineta
Time: December 19, 2009, 9:53 pm
Dear Everybody
how would i know my i phone is jailbroken or no? i bought it from the second hands and it has term vt100 installed. i have search what is it, and found out that it is one of the mobile terminals but i was warned not to press this icone, cause the phone will get locked and nothing could be done then.
does this mean it is jailbroken or smth.else?
i would like to change my root passw, as i get too many warms attacking it. i would be really gratefull is someone could help me and give me the reply to my e-mail ineta.gaizauskiene@gmail.com
thnx a lot
Comment from Federico
Time: January 8, 2010, 4:47 am
Can you help I put su root then when it ask for the password it won’t let me type any thing does that mean they changed my Password already any help please!!????
Comment from mike
Time: May 22, 2010, 1:19 pm
Thanks for the explanation.
Comment from Sébastian Dahl
Time: August 18, 2010, 5:18 pm
Hello!
Thanks for the article, but I’ve got the same problem as “kev”. The terminal application keeps crashing, I tried to reinstall it in Cydia but that didn’t work neither.
Regards,
S.
Oliver is a 20-something tech enthusiast with too many items on his wish-list and not nearly enough money!
Loading ...
Comment from muphinDOTnet
Time: September 11, 2009, 4:57 am
If people still leave the default user/pass its only accessible while the phone is active, as soon as the screen goes blank your connection is cut off