Does JailBreaking an iPhone automatically make it vulnerable via SSH if the root password is not changed?

I'm under the impression that OpenSSH needs to be installed via one of the JB 'app stores' for it to be an issue.

From what I've read from various sources throughout the web, it seems that you can only be vulnerable when you install OpenSSH.

You thinking of unlocking?!

Already done the 3G, just thought I'd better check if it's vulnerable. Though none of the UK networks assign public IPs AFAIK, so any risk would be greatly minimised from that perspective.

JailBreaking to use 'unauthorised' apps still totally doesn't interest me at the moment.

Agreed!! I think I've become too accustomed to just installing an app with no risk. I couldn't go down the unofficial app route. It's risky enough trying to unlock rather than potentially bricking the iPhone every time you install an app.

The Jailbreak usually installs Cydia or Icy installers. Optionally during the Jailbreak you can install OpenSSH and that is where the risk comes in. If the SSH daemon is running in the iPhone then it is at risk because the default password (alpine) is rather well known.

So, if you don't have SSH installed then you're okay.