That part usually means that the key
was generated by that user on that machine, or sometimes is the
description of the key e.g. when you generate the key using
puttygen . If the key is generated in a linux machine the last
part would be user@hostname of machine. I would "suspect" that the
server has been compromised, if you are sure that the domain.com
is not one of your machine that was used to generate the key,
because having a key in the authorized keys means giving access to
the machine. I highly recommend using OSSEC or some other
monitoring tool in future to notify you of any changes in the
major files in the operating system.
Thank you
On 3/7/2013 4:49 PM, Vimal Shah wrote:
Hello all,
While randomly looking into the .ssh/authorized_keys file, I
noticed a line that shouldn't have been there. This was
concluded based on the last portion of the line. This portion
was in the form of
user@domain.com,
where the domain was one of a likely competitor. Does this
automatically mean that this server has been compromised? The
line has been removed.
Thanking everyone in advance.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss