|
|
|
|
|
|
by bifrost
2618 days ago
|
|
|
I should clarify this comment a bit since it seems to be the most controversial. When I say the attacker was persisted via CM, I'm pointing at his own notes, nodding to broken CM, the requirements of supporting the CM and availability of the config files. I also sanity checked the sshd_config file on my systems, they're all set to a sane default: "AuthorizedKeysFile .ssh/authorized_keys" FWIW I prefer to treat CM data as "valuable" information for this reason. |
|
|