[Edit: It would appear this post is getting a lot of attention these last few days, possibly due to the current outbreak of worms/attacks using the default SSH passwords. To all my new visitors, it's great to have you here and thanks for visiting. Hopefully you'll find other useful posts during your visit!
If you find this post useful, can I please ask that you Digg, Retweet etc so other people can also make their jailbroken iPhone as secure as possible. Lets not make things easy for the hackers out there! Thanks again for visiting!]
While playing around with a couple of applications today, I realized that my iPhone was showing up in Cyberduck over Bonjour, something I’d somehow managed to not figure out until now ! Now I use BossPrefs to turn off SSH when I’m not using it, but I know a lot of people won’t. This got me thinking; do they all run using the default username and password ? Considering the entire iPhone hacking community knows what they are, that can’t be a good thing !
After a quick download and a few commands, I’d changed my password to something a little more secure, and here’s how you can too….
First off, fire up Cydia and download an application called MobileTerminal. It’s nice and small so shouldn’t take too long. Once downloaded launch it and you’ll be faced with a screen very much like the screenshot over on the left. It’s basically a terminal window just like OS X and linux.
Now just enter the command:
passwd
Now you’ll be asked for your old password which should be ‘alpine’ (without the ‘ obviously), followed by your new one (twice). Nice and simple.
Now you can sleep easy at night knowing that your jailbroken iPhone’s now just a little more secure.
Any questions or comments, you know what to do ! Comments section below, Twitter or email.
Loading ...
If people still leave the default user/pass its only accessible while the phone is active, as soon as the screen goes blank your connection is cut off
You should also do this for the root account as it is the most important. These instructions only change the “mobile” user password. To change the root user password, in the terminal type “su root” enter “alpine” as your password. Then type “passwd” and enter your new password twice.
Thanks for the comment Adam, that was actually what i was looking for.
I was also wondering the same thing. Great post.
Glad everyone is finding this post useful. Also, thanks to Adam for the extra info !
just to add to the above, which changes the password for mobile, to change the root password run
1) su root
2) enter current password (alpine if not changed)
3) run same passwd command as above.
Nice guide
If you are not jailbroken, do we need to do this?
@Jason – No. This is only for jailbroken devices running an SSH client.
I changed the mobile password, tried to then run ‘su root’ and it came up with this: “[my name]-iPhone:/var/mobile root#”. I can’t seem to get any further. Please give this inexperienced person some advice on changing the root password, thanks!
@all1s0n
from there you should just be able to type “passwd” then hit enter and it will ask for new password. it sounds like you have logged in as root succsessfully so running the passwd command again will allow you to change the root password.
Thanks for that Ben, it wasn’t (more probably I wasn’t) doing the right thing the first time. After changing the root password it came up with: “[my name]-iPhone:/var/mobile root #” again, does this mean I was successful? I really appreciate your help. thanks again.
Yes all1s0n, you will return back to the “[my name]-iPhone:/var/mobile root #” promt again.
thank you guys so much for this post. it really helped me out. ive been working with ssh for awhile now but i could never figure that part out lol.
@SSHer – Really glad this helped you !
This is really good – considering the worm that “rick rolls” a jailbroken user’s background, this is pretty darn good! One more layer of security!
Also, the SBSetting’s toggle for SSH is pretty handy too!
Thanks to Oli and Adam for the info! Nice work
I’m stuck on the first part. I enter in the phrase ‘passwd’ and am asked for my old password, but for some reason, i cannot enter it in. When I try to type it into my iphone, nothing gets entered and the cursor stays blank. help?
Ruel, The cursor will remain blank and will not move whilst you type your password. Just type your old password and press ‘enter’, then enter your new password (again it will not display on screen). However it should display password changed if you did it correctly.
Hi there, I had changed my root password. While changing the mobile password, after typing “passwd”, “anothe passewd process is running” apply. Is my phone getting hacked at the moment? how do i change the mobile passwd then?? Pls advise..
How do I know if I am running a SSH client? And if I am not, do I still need to change my password? Any advice would be greatly appreciated…..oh and yes my phone is jailbroken.
Thanks for this info. I’m very limited to knowledge on these type of things, I found it very helpful
Thanks for this. I usually keep SSH off unless I’m transferring files at home, but I’m sure I forget to turn it back off from time to time.
terminal does not boot up on my phone, it keeps crashing and turning off, any ideas?
Nice guide. I have the same problem as kev, however.
nice. but is a default password. Is this a security problem?
@pytho25 – if you’re jailbroken, run OpenSSH and have the default password then yes, it’s a security problem. I’d get it changed ASAP.
hi,
I just jailbroken my iphone. How do i know if i have OpenSSH? What if I dont have the OpenSSH application? am i safe?
Dear Everybody
but i was warned not to press this icone, cause the phone will get locked and nothing could be done then.
how would i know my i phone is jailbroken or no? i bought it from the second hands and it has term vt100 installed. i have search what is it, and found out that it is one of the mobile terminals
does this mean it is jailbroken or smth.else?
i would like to change my root passw, as i get too many warms attacking it. i would be really gratefull is someone could help me and give me the reply to my e-mail ineta.gaizauskiene@gmail.com
thnx a lot
Can you help I put su root then when it ask for the password it won’t let me type any thing does that mean they changed my Password already any help please!!????
Thanks for the explanation.
Hello!
Thanks for the article, but I’ve got the same problem as “kev”. The terminal application keeps crashing, I tried to reinstall it in Cydia but that didn’t work neither.
Regards,
S.
for those who have mobile terminal crash when opened, you need to add new source
http://cydia.myrepospace.com/wwcomputerrepair/
then find package ‘mobile terminal for ios 4.
install, mobile terminal should now work for you
Thank you to everyone is a useful subject 158
@Prefabrik The theme is a custom one, glad you like it!
ball python tattoo,