Quick iOS Jailbreak Security Tips

Published on 10/21/19 at 21:13 EST by Max Bridgland


If you are using ssh on a jailbroken device you should be using sshkeys to authenticate! Especially as a developer. Not hard to do either!

Simply run ssh-keygen -t rsa -b 4096 from wherever you are going to be connecting to your device from and create a public RSA key. Then run ssh-copy-id -i ~/.ssh/id_rsa.pub root@deviceip. Replace device ip with your device's IP.

This will allow you to connect without the need to enter a password everytime. That also means you can connect w theos and install/kill processes without having to input your password twice.

You should also change your root password from the default alpine. To do so login with your sshkeys and run passwd and go through setup to set a new password.

As always you should never ever download tweaks from pirate repos. There is always a risk of running modified code when downloading from hosts that arent the official. If you can't afford something ask the dev and maybe they can help out. If you get a free tweak from a pirate repo then you're just putting yourself at risk for absolutely 0 reason.

When jailbroken be careful what sites you go to. Make sure you have settings like Prevent XSS and Fraudulent Website Warnings on for Safari.

This is just basic security for your device but by following these small guidelines you're a lot less likely to be vulnerable to an ssh bruteforce on public networks as they would need an authorized sshkey to authenticate with.