I presume these are user keys, rather than host keys. Maybe some people had copied the unencrypted private part of their key pair onto the server, in which case attackers may have had access? Or maybe attackers replaced/added bogus public keys to the legitimate keys as backdoor?
-
-
-
Clearing all of the keys totally makes sense. But asking not to re-use their existing ssh keys sounds like they suspect someone's user private key was compromised, but they're not sure whose.
- 1 more reply
New conversation -
-
-
Not a huge pain to do, and better safe than sorry? That’s all I’ve got.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Two things come to mind: 1. Any chance that user homedirs were stored or backed up to a compromised host? 2. Did someone have a "handy shellscript" that rsync'd or sshfs'd your entire homedir to the remote host to make a remote dev flow easier?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I personally suspect the easiest way in is via a compromised end user.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
A misunderstanding of SSH key pairs, or, an inadvertent loss of data at their side wrt to users public keys ? Did they originally help their users to create those keys and they’re concerned the private keys were also held on those compromised systems?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Not everyone uses ssh from their laptop?
-
But certainly in those cases the proper alternative would be Kerberos.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.