My bet is we are going to see more and more of this, as fallout from the kernel.org crack.<p>Kernel.org said "Don't worry about linux, the source tree is in git and tamper-proof. All they messed with was SSH. It was amateur, really." (Some paraphrasing.)<p>Well, a modified SSH could easily log interesting details that pass through it. So if you used [ed: gpg] private key forwarding, the crackers have your private key. [ed: See <a href="http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#sec" rel="nofollow">http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#se...</a> for the SSH vulnerabilities.]<p>The only question is how fast the attackers have moved. Blitz all the servers at once, or try to carefully lay something individually tailored and undetectable. It's been long enough for either.<p>edit: Erroneous simplification, sorry. The attacker could imitate you on the remote system. This is not the same as having your ssh private key (my bad) but the result is the same. The third party server you connected to through kernel.org is compromised.<p>edit edit: But check your gpg keys! Gpg signing does require the full private key on the remote system. If you signed any files on kernel.org with forwarding, they could have your gpg private key. (Though this might need modification to gpg, which was not mentioned by kernel.org.)
kernel.org has been down now for three or four days now. Seems there is more to this hack than we've been told. For awhile kernel.org just didn't respond to requests, then they put up this maintenance page:<p><a href="http://kernel.org/" rel="nofollow">http://kernel.org/</a>
Quote: "...you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately"<p>Did they really store clear text passwords? Or perhaps I'm misinterpreting the announcement?