SSH Password Testing With Hydra on Kali Linux -

Hail Hydra! Okay, so we're not talking about the Marvel villains here, but we are talking about a tool that can definitely do some damage. Hydra is a popular tool for launching brute force attacks on login credentials.
This is a companion discussion topic for the original entry at



let me know were to get rockyou.txt file content ?


erm3nda -> xcxc

I you where brave enough to read this content you’ll be able to find rockyou.txt file over the internet… did you even typed it on any search engine?


Mace Moneta

If you have the option, you shouldn’t use (or even enable) password login with SSH. Use a 2048-bit RSA key with a passphrase. That way, for access you need something you have (the key installed on the client) and something you know (the passphrase which decrypts the key). Stealing the client provides no value without the passphrase, and knowing the passphrase without access to the key is useless.