SSH Password

[B-Unit]

I mentioned to one of my geeker friends at work that I had rooted my Droid, and he told me to be certain to change the SSH password, but I cant find any reference to doing that here. Is this something I should be worried about?

[TekHawk]

the phones run a form of shell i do not think its running ssh which is a network friendly shell and i highly doubt the linux commands to do this would have been ported into the android os

[B-Unit]

OK, Kinda what I expected, I dont think he has any Android based devices, and was just speaking from Unix/Linux experience.

[christim]

Some roms used to (still do?) have an option to install DropBear, an SSH server. If the default password wasn't changed and some sort of exploit came about, you could be at risk for some form of attack. Yet another reason to be aware of what is being put on your phone.

Good topic, be back with more on this later today.

[TekHawk]

yea if there was the option to do it as a long time linux user i would do it asap my self to lol

[adrynalyne]

Im sure there is an option, if you have a server installd.

[TekHawk]

Im sure there is an option, if you have a server installd.

i just doubt that the servers run the systems root user

[adrynalyne]

I don't. All of the SSH servers out there require root, afaik.

[christim]

I highly recommend Gibson Research Corporation as a good resource for understanding some basic (and you can dig down for more complex) security concepts on the web. Prior to Window getting their own built-in firewall I'd point all new computer users to this site for an understanding of protecting oneself on the internet.

• Is there an SSH server listening on your phone for connections on the web?
• Are there any other ports open on your phone that someone might use to gain access to your phone from the network?
• What the heck is a port anyways?

1. Visit Shields Up (Home of Gibson Research Corporation > services > shields up )
2. Read this page, there is some good info on it.
3. Click the "proceed" button.
4. Click each in turn:
   
   1. Click File Sharing,
   2. Common Ports,
   3. All Service Ports,
5. and review the results on each page. This will scan for vulnerabilities on the device connecting to this site.

My phone passed with flying colors!

Do the above on both your phone's browser as well as on your PC's browser.

The site's Security Now series of podcasts has a wealth of information you can listen to. With over 5 years in the running there is definitely something out there for everyone. Scroll through the list and pick something. I've spent many a 20 minute commute listening to those podcasts in the car instead of the morning bickering you get on the radio.