highexperimentalLinuxOCIT1552.004

Linux Agent Reading SSH Private Keys

Detects AI agent processes accessing SSH private key files, which could enable unauthorized lateral movement to other hosts in the OCI environment.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aicredential-accessssh-keysidentity-abuselinuxociowasp-asi03

Problem Statement

SSH private keys provide persistent authentication capability to any host that trusts the corresponding public key. An AI agent reading private key material has the ability to impersonate the key owner across the entire OCI environment, enabling broad lateral movement.

Sample Logs

{"timestamp":"2025-01-10T12:44:30Z","computer_name":"oci-worker-11","user":"agent_svc","image":"/usr/bin/python3","target_filename":"/home/agent_svc/.ssh/id_rsa","access_type":"read"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Deployment automation using Paramiko that reads private keys to authenticate SSH sessions as part of a legitimate deployment task

Tuning Guidance

There are very few legitimate reasons for an AI agent to read raw private key files. Alert on all occurrences and suppress only approved deployment automation service accounts with documented justification.