> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/bruteforce/ssh/trick-0124.md).

# Brute-Force SSH Login (Rockyou)

***

Hydra is a parallelized login cracker which supports numerous protocols to attack, including ssh. To brute force an SSH login for a known user using a wordlist, you can use a command structure like this:

```bash
hydra -l meliodas -P ~/Downloads/rockyou.txt ssh://10.10.44.97/
```

In this command, `-l LOGIN` is used to specify a login name, and `-P FILE` specifies a file containing passwords. The target service and server are typically specified as `ssh://target`. Wordlists like `rockyou.txt` are commonly used for password brute force attacks, containing large collections of leaked passwords.

Alternatively, if you have a list of potential usernames, you can use the `-L FILE` option instead of `-l` to specify a file containing login names. For example:

```bash
hydra -L users.txt -P passwords.txt ssh://10.10.10.10
```

This command attempts to log in using each username from `users.txt` with each password from `passwords.txt`.

Other useful options include `-p PASS` to specify a single password (instead of a file with `-P FILE`), `-t NUM` to run NUM tasks in parallel (per target), and `-vV` for verbose mode, which shows more verbose info.

```bash
hydra -l user -p password ssh://target
```
