> Alternatively I was running vulnerable/compromised software. My box > has sshd running, root login in ssh is not allowed, and pubkey only > logins (no passwords). It is behind a wireless router but port 22 is > open and pointing to this box, and a few others needed by other > applications. So I will check out which keys exist on the compromised > machine and make sure I recognize them all. I'll also need to check > the status of any other computer my key is stored on (a mix of linux & > windows, and my mobile phone). Sigh... >
Since you're sshd setup is pretty secure i'd look at other network services. What else was running, and were there any servers that were only available from the local net (or were less protected from connections from the local net) than the Internet? That's the only case where a router compromise would assist in attacking your gentoo box. There have been some web browser based attacks that have come out against routers recently. They run the attack on your browser (cross site scripting IIRC) to get access to the web interface of the router because that is typically not available via the Internet side interface. Then then run a password guessing attack. Did your router have a strong password?
