> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/bruteforce/ssh/trick-0121.md).

# Brute-Force SSH Login (Single Password)

***

When you have a known password but need to find the correct username for an SSH service, you can brute-force the usernames against that single password.

```bash
hydra -L users.txt -p <known_password> <target_ip> ssh
```

This command iterates through each username in `users.txt`, attempting to log in to the SSH service at `<target_ip>` using the fixed password `<known_password>`. Replace `users.txt`, `<known_password>`, and `<target_ip>` with the relevant values.

The options used are:

* `-L <username_list>`: Specify a file containing a list of usernames.
* `-p <password>`: Specify a single password.

`<target_ip>` is the IP address or hostname of the target machine. The service and target are specified as `<target_ip> ssh`.

Alternatively, if you have a known username and need to find the correct password, you can brute-force a list of passwords against that single username.

```bash
hydra -l <known_username> -P passwords.txt <target_ip> ssh
```

This command attempts to log in to the SSH service at `<target_ip>` using the fixed username `<known_username>` and iterating through each password in `passwords.txt`.

The options used here are:

* `-l <username>`: Specify a single username.
* `-P <password_list>`: Specify a file containing a list of passwords.
