> Having a compromised key in ~/.ssh/authorized_keys (if that's what it > was) is effectively equivalent to allowing access to that account from > the entire Internet. Obviously. Which is why I found it. Removed it. Told him to reupload it. He seems to have uploaded a new compromised key. Told him about it. srs