highexperimentalLinuxOCIT1021.004

Linux Agent Invoking SSH Or SFTP

Detects AI agent runtimes spawning SSH or SFTP processes, which may indicate lateral movement, unauthorized remote code execution, or data exfiltration via encrypted channels.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aitool-misusesshsftplateral-movementlinuxociowasp-asi02

Problem Statement

SSH provides encrypted, authenticated access to remote systems and can be used for lateral movement, remote command execution, and data transfer. An AI agent spawning SSH processes is operating outside its intended scope and may be conducting network reconnaissance or exfiltration.

Sample Logs

{"timestamp":"2025-01-10T17:05:50Z","computer_name":"oci-worker-09","user":"agent_svc","image":"/usr/bin/ssh","command_line":"ssh -i /tmp/key root@10.0.5.22 'cat /etc/shadow'","parent_image":"/usr/bin/python3"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·Deployment automation agents that use SSH to push configuration to managed hosts
·Backup agents that use SFTP to transfer files to archive storage

Tuning Guidance

Maintain an allowlist of approved SSH destinations and key paths. Alert on SSH with inline command execution (-c flag) or connections to previously unseen destinations.