SSH Authorized Keys2 Backdoor Attack

SSH has a little known way to leave behind backdoor keys, and that is by using the deprecated authorized_keys2 file. Many Linux users are unaware of this feature and what risks it poses. In this video we discuss this access method and how it can be abused as a backdoor. Then we show you how to find it with command line tools and automatic detection with agentless Sandfly as a Linux EDR.

Sandfly is able to find this and many other types of Linux attacks without deploying any endpoint agents. Get your free license today or contact us for more information.