Detection Library
highexperimentalLinuxAI/MLT1552.004
LLM Service Reading SSH Private Keys
Detects LLM service processes accessing SSH private key files. Reading private key material from an LLM runtime indicates potential credential theft that could enable lateral movement across infrastructure.
Updated Jan 15, 2025 · Detection Engineering Team
llmcredential-accesslinuxsshowasp-llm02
Problem Statement
SSH private keys on the LLM host can enable lateral movement across the entire infrastructure. An LLM process accessing these files indicates credential theft, whether via prompt injection or misconfigured tool access.
Sample Logs
{"timestamp":"2025-01-15T13:18:57Z","computer_name":"llm-host-01","user":"llm_svc","image":"/srv/llm/tools/file_reader.py","target_filename":"/home/opc/.ssh/id_rsa","access_type":"read"}Required Fields
image
target_filename
user
computer_name
False Positives
- ·LLM tools with legitimate SSH tool-use capabilities accessing known deployment keys
Tuning Guidance
Alert should be treated as high priority with minimal tuning. Scope to .pem files if certificate-based TLS reads generate noise.