Linux

49493 readers

598 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

Help me understand this weird experience (lemmy.ml)

submitted 3 years ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

Hi friends,

I'm running raspbian on a raspberry pi. It's great.

I often access my device over SSH from my phone. I have a long-running gnu screen session. Sometimes my shell becomes unresponsive for some time, which may be normal due to my poor wifi, but one time something weird happened.

My device was unresponsive for longer than usual, so I killed the SSH connection.

When I reconnected, my screen session looked like something like this:

$ <commands>
...
$ gpg -a --export $KEY | sudo apt-key add -
$ ctrl C
$ ctrl C
$ ctrl C

Most critically, the gpg command here is not something that I wrote. I can only guess that:

I somehow executed something like !13, which expanded to something from my history
Somehow a cron process or similar wrote to my tty (?)
I've been hacked

I executed this gpg command intentionally at some point in the past, so I think (1) is most likely, but...

Can anyone just help me relax by confirming that my device is probably fine, and a hacker would do much more interesting things than add gpg keys to apt, right?

My device is exposed to the internet, so hackery is definitely not out of the question.

Thanks in advance!

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 3 years ago

Termux allows for shortcuts for arrow up, which accesses history. I think that it is unlikely that a hacker would access your pi at just the same second as you are accessing it and then use a command that you have used before.

[–] [email protected] 2 points 3 years ago (1 children)

Why dont you check if the keys in apt are legit?

[–] [email protected] 1 points 3 years ago

Here is my apt-key list:

$ apt-key  list
/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2012-04-01 [SC]
      A0DA 38D0 D76E 8B5D 6388  7281 9165 938D 90FD DD2E
uid           [ unknown] Mike Thompson (Raspberry Pi Debian armhf ARMv6+VFP) <[email protected]>
sub   rsa2048 2012-04-01 [E]

pub   rsa2048 2012-06-17 [SC]
      CF8A 1AF5 02A2 AA2D 763B  AE7E 82B1 2992 7FA3 303E
uid           [ unknown] Raspberry Pi Archive Signing Key
sub   rsa2048 2012-06-17 [E]

pub   rsa4096 2017-02-22 [SCEA]
      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid           [ unknown] Docker Release (CE deb) <[email protected]>
sub   rsa4096 2017-02-22 [S]

pub   rsa3072 2018-12-16 [SC]
      4918 AABC 486C A052 358D  778D 4902 3CD0 1DE2 1A7B
uid           [ unknown] Jellyfin Team <[email protected]>
sub   rsa3072 2018-12-16 [E]

pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <[email protected]>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/microsoft.gpg
------------------------------------
pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <[email protected]>

I don't really know how to verify this stuff

[–] [email protected] 2 points 3 years ago (1 children)

Whats the value of $KEY? Was $KEY set or empty?

[–] [email protected] 1 points 3 years ago

When I checked after reconnecting screen, it was unset