fedora 2008 intrusion caused by stolen ssh key

Details on a 2008 Fedora intrusion. Nope, not necessarily a technical vulnerability but rather a people/key/procedural one, for the most part. And yes, keys without passwords make life breezier, but also riskier.

Also interesting is the timely, and lucky, discovery of the intrusion. It sounds like something like this could have persisted for a while, until whatever discovery/detection/tripwires they have laying around were triggered. Then again, maybe that failed cron job failed because of the actions of the intruder. That almost sounds reasonable considering the near-immediate detection. Maybe the cron does some sanity check…or it was just coincidence that an admin’s eye was pulled over to the logs at such a convenient time. 🙂

Nonetheless, kudos and beers for giving details not just for our own knowledge, but as a sort of lesson-learned-through-others deal.