Re: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)

To: debian-edu@lists.debian.org
Cc: drift@skolelinux.org
Subject: Re: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
From: Holger Levsen <holger@layer-acht.org>
Date: Wed, 22 Jul 2009 13:32:49 +0200
Message-id: <[🔎] 200907221332.50620.holger@layer-acht.org>
In-reply-to: <[🔎] 20090722073006.GM32169@login2.uio.no>
References: <E1MTVo1-0004kk-Sp@administrator.skolelinux.no> <[🔎] 20090722073006.GM32169@login2.uio.no>

Hi,

On Mittwoch, 22. Juli 2009, Petter Reinholdtsen wrote:
> This was caused by someone replacing the ssh keys of the builder user,
> removing the builder users ssh keys and only inserting this key:

WTF?!

> Who did this?  Why?

I still like to know, else I would consider the machine compromised.

> I assume we want
> to restore all the other keys that were in the authorized_keys file,
> but do not have an old version available to do so.  

No backups?


regards,
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
  - From: Steffen Joeris <steffen.joeris@skolelinux.de>

References:
- Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
Next by Date: Re: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
Previous by thread: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
Next by thread: Re: Who replaced ~builder/.ssh/authorized_keys? (Was: Autobuilder results)
Index(es):
- Date
- Thread