What Files Might An Intruder Look For — In Order to Breach Trust
A breach of the trust infrastructure of an organization is one of the most expensive to fix. So, if an adversary has gained access to your systems, which files might they scan for so that they can breach the trust of your systems?
Well, there are often hidden files that you use to gain access to remote systems. One type of file is the OpenSSH private key. This magical little key makes the login to remote systems easy and secure, along with using it to authenticate a user into GitHub (without logging in).
A typical format is the OpenSSH key pair for RSA, ECDSA or Ed25519 signatures, and where we create a private key and a public key. The public key is placed on the remote system, and the private key on the host system. When a user logs in, they will sign the login with their private key and create a signature (either RSA, ECDSA or Ed25519). The remote system then checks the signature, and if it is okay, it will allow the user to log in.
We generate Ed25519 with:
$ ssh-keygen -t ed25519 -C "fred@home.com"and for 4K RSA with:
$ ssh-keygen -t -b 4096 rsa -C "fred@home.com"The system then puts the private key into the default folder (~/.ssh). These files can be id_rsa, id_ecdsa…
