• Deathcrow
    link
    fedilink
    arrow-up
    9
    ·
    9 months ago

    or substituted its own SSH host keys,

    why would the backdoor do that? It would immediately expose itself because every ssh client on the planet warns about changed host keys when connecting.

    • gnuplusmatt@reddthat.com
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      9 months ago

      Perhaps it was a poorly worded way of suggesting that invalidating host keys would invalidate all client keys it could potentially generate? Either way it’s a lot of speculation.

      Resetting the keys and SSH config on any potentially compromised host is probably not a terrible idea