Hi all, for a while I’ve seen hundreds of attempts via ssh against my system. They finally stop and this could mean only two things my security measures are working “NOT” or they actually got in. In any case browsing around my system for suspicious changes I found a file “agent.4015” on my tmp folder. This file denies read privileges to root and I’m afraid to chmod until I know for sure what it is. Has anybody ever encounter anything like it.
Any help is appreciated thanks…
If you are running ssh-agent, then that is probably a domain socket that allows ssh commands to contact the running agent. If you have a $HOME/.ssh directory, then I think ssh-agent is automatically started except by gnome (which uses its own agent program).
If the file is not owned by somebody who normally logs in, then it could also come from agent forwarding by somebody who managed to login remotely.
When you want any comment from us about the properties of that file show them:
ls -l /tmp/agent.4015
Showing things with computer input/output is much better then talking endless lines which no precise information at all.
Thank you. nrickert it seems that you are right about the agent forwarding by an attacker. In any case I couldnt compromise the data in the server so I had to rebuild it this morning I really thank you for answering.
yes that makes a lot of sense I should have done that. Thank you I will for sure next time…