Redis writes in .ssh / authorized_keys

Question

Redis writes in .ssh / authorized_keys

current setup, 2 main servers, 12 working servers: workers connect to the master via ssh-copy-id, masters and workers write data to the redis queue on the masters. The problem I encountered last week is that redis is writing data to the authorized_keys file, I cannot reproduce this problem or confirm which server is doing this. I looked through the redis configuration file and I did not find any parameters that caused redis to write in the authorized_keys file. Has anyone else encountered this problem or similar, I cleaned the authorized key file and write it back to it.

+5

security redis

Sachin upmanyu Nov 13 '15 at 11:56

source share

1 answer

Itamar haber · Accepted Answer · 2015-11-13T13:27:24+0000

Most likely, your servers are attacked by a “cracker”. Although it is possible that the attack has ended, you should consider your servers as compromised and act accordingly. This is in all likelihood the same approach described by Salvatore Sanfilpipo aka Antirez, author and researcher of Radish in the past, in this blog post .

To prevent this type of attack that uses Redis as a vector, refer to the Securing Redis instructions on the Quicktart page as a starting point and Security for more information.

More discussions on / r / redis

Update: more ramblings on the same topic at https://redislabs.com/blog/3-critical-points-about-security

Redis writes in .ssh / authorized_keys

More articles: