criticalexperimentalLinuxAI/MLT1098.004

LLM Service Creating Or Modifying SSH Authorized Keys

Detects LLM service processes writing to SSH authorized_keys files. This is a critical indicator — adding attacker-controlled public keys enables persistent, password-less SSH access to the host, representing the most severe excessive agency outcome.

Updated Jan 15, 2025 · Detection Engineering Team

llmexcessive-agencylinuxpersistenceowasp-llm06

Problem Statement

Adding SSH keys via an LLM service process gives an attacker persistent, direct shell access to the host. This is one of the most severe excessive agency outcomes and should be treated as an active incident.

Sample Logs

{"timestamp":"2025-01-15T03:02:11Z","computer_name":"llm-host-01","user":"llm_svc","image":"/opt/llm/app/ssh_tool.py","target_filename":"/home/opc/.ssh/authorized_keys","event_type":"file_modify"}

Required Fields

image

target_filename

user

computer_name

False Positives

Tuning Guidance

No tuning needed. Any LLM process writing to authorized_keys should trigger an immediate incident response.