Ipod network security

Discussion in 'iPod touch' started by appwizard, Oct 25, 2007.

  1. appwizard

    appwizard New Member

    Joined:
    Oct 15, 2007
    Messages:
    42
    Likes Received:
    0
    Hello all,

    forgive me if this has been discussed in detail, but I've been reading this board for a little bit and have not seen too many people stress the importance of this.

    If you are going to jailbreak your ipod and enable SSH, you NEED to change your root password. This is not a thing you should do, but a thing that MUST be done. Once your ipod is cracked, and you open it up to the world via SSH, anyone within range of you with any sort of knowledege and tools could simply hack there way into your ipod. Once in, they could do things that you may not necessarily know about, such as, set up an email relay or spamming bot, where anytime your ipod is connected to the internet, it will be relaying or at least sending out spam to any and everywhere. You may think well the worst that could happen is that someone would just get in and erase all of my stuff, well that is not the worse, the worse is having mega battery drain and other complications that you cant explain or dont even know about.

    The ipod runs unix, and yes it is a stripped down version, but it is still very powerfull and capable of many many things. There are so many other possibilities that it is better to just protect yourself and change the damn password from 'alpine' to something else..

    if you are in any publicly shared hotspot area, or in your house with an open wireless network, or on someone elses wireless network, and a savvy person sees you on an ipod touch, rest assured that there will be attempts to check to see if your sh*t is locked down, and if it isnt, I'm sure that they'll let you know another way.

    you can change your root password by installing the BSD subsystem and at the command prompt (after SSHing in or running Term-vt100), typing:

    #passwd

    then follow the instructions..
  2. Glisern

    Glisern New Member

    Joined:
    Oct 17, 2007
    Messages:
    38
    Likes Received:
    0
    Device:
    2G iPod touch
    OR, you could install "services" and deactivate SSH until you are at home on your own WiFi, then turning SSH on ONLY when you need to FTP some files over.

    It's easy, AND saves battery
  3. Blake

    Blake Super Moderator Emeritus

    Joined:
    Oct 4, 2007
    Messages:
    2,963
    Likes Received:
    63
    Device:
    iPhone 4S (White)
    True....
    Verey true...
  4. appwizard

    appwizard New Member

    Joined:
    Oct 15, 2007
    Messages:
    42
    Likes Received:
    0
    This is true, but as an added safety measure, you should change it anyway, what if you forget to turn off SSH, or, like has happened to me, services says, SSH=Off, but I could still SSH in.... I had to turn it on and back off in order to kill the SSH process...

    better safe than sorry...
  5. dudeman

    dudeman New Member

    Joined:
    Oct 12, 2007
    Messages:
    70
    Likes Received:
    0
    Do both!

    While SSHd into your Touch from your laptop / desktop, type "passwd". You will be prompted to enter your new password twice. That's it.

    For some reason, in Services, it shows two SSH services on mine. Is this what everyone else has?

    Thanks,

    &E;
  6. Zink

    Zink Member

    Joined:
    Oct 20, 2007
    Messages:
    691
    Likes Received:
    0
    Device:
    iPad
    so where do you type passwd
  7. appwizard

    appwizard New Member

    Joined:
    Oct 15, 2007
    Messages:
    42
    Likes Received:
    0
    That is because you've installed OpenSSH, but dropbear (the SSH daemon that was installed when you jailbroke) is still installed.

    I went into my Ipod via SSH and manually removed the dropbear program, and installed OpenSSH instead...
  8. dudeman

    dudeman New Member

    Joined:
    Oct 12, 2007
    Messages:
    70
    Likes Received:
    0
    Thanks appwizard. In another thread (yes! I searched!), you offered to post some info on getting rid of dropbear. I'm interested. I don't want to fumblef*ck around in there and end up losing the ability to SSH into my Touch at all. So, advice would be welcome.

    Thanks very much,
    &E;
  9. dudeman

    dudeman New Member

    Joined:
    Oct 12, 2007
    Messages:
    70
    Likes Received:
    0
    If you SSH into your iPod... I use PuTTY with a PC. At the command line, once you've connected to your Touch and logged in with root / alpine, you can type that command to reset your password.

    &E;
  10. appwizard

    appwizard New Member

    Joined:
    Oct 15, 2007
    Messages:
    42
    Likes Received:
    0
    I'll post the steps to remove dropbear shortly

Share This Page