Hi all, for a while I’ve seen hundreds of attempts via ssh against my system. They finally stop and this could mean only two things my security measures are working “NOT” or they actually got in. In any case browsing around my system for suspicious changes I found a file “agent.4015” on my tmp folder. This file denies read privileges to root and I’m afraid to chmod until I know for sure what it is. Has anybody ever encounter anything like it.
If you are running ssh-agent, then that is probably a domain socket that allows ssh commands to contact the running agent. If you have a $HOME/.ssh directory, then I think ssh-agent is automatically started except by gnome (which uses its own agent program).
If the file is not owned by somebody who normally logs in, then it could also come from agent forwarding by somebody who managed to login remotely.
Thank you. nrickert it seems that you are right about the agent forwarding by an attacker. In any case I couldnt compromise the data in the server so I had to rebuild it this morning I really thank you for answering.