CERT has sent out an
on key-based attacks being used against Linux systems.
"The attack appears to initially use stolen SSH keys to gain access
to a system, and then uses local kernel exploits to gain root access. Once
root access has been obtained, a rootkit known as 'phalanx2' is
" There's no talk of where the original stolen keys come
from. CERT's advice includes disabling key-based authentication, which, of
course, runs counter to the advice given to those trying to defend against
brute-force password-guessing attacks.
to post comments)