this post was submitted on 29 Jul 2025
7 points (88.9% liked)

Linux

12318 readers
32 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
7
SSH backdoor infection (lemmy.world)
submitted 4 days ago by IronJumbo@lemmy.world to c/linux@lemmy.world
6 comments fedilink hide all child comments
 

https://blog.thc.org/infecting-ssh-public-keys-with-backdoors

I am not a security expert and I wonder:

  1. Does the described method infect the remote or local machine (from which I connect)?
  2. Can this method be prevented? For example, correctly configuring your etc/ssh/ssh_config

It seems that every VPS supplier can hack you? The description shows that AWS does "harmless", but what if my hosting is a bad actor?

you are viewing a single comment's thread
view the rest of the comments
[–] Shadow@lemmy.ca 13 points 4 days ago* (last edited 4 days ago) (3 children)

If your hosting is a bad actor, you're screwed no matter what. Why bother with this when they have direct access to your disk and ram

You could turn off authorized key files, or lock them down. This isn't really a big security risk though, there's countless ways to backdoor a system once you have access to do this.

This just targets a remote account, not your local pc.

[–] IronJumbo@lemmy.world 2 points 3 days ago (2 children)

In that case, it seems to me that the only threat is the mindless copying of public keys to other servers, as described in the article. But who does so? Do admins not create separate private-public keys for each server?

Thank you for the explanation!

[–] chonkyninja@lemmy.world 1 points 1 day ago

No separate keys, use certificates with proper SSH-CA and you’ll never share a key again. It’s not a new thing.

load more comments (1 replies)
load more comments (1 replies)