> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Backdoored library loaded into sshd (cve 2024 3094)

### Event Information

#### Meaning

* This event indicates that a backdoored library has been loaded into the SSHD process in the Kubernetes cluster, potentially compromising the security of the system.
* To investigate further, you can check the logs of the SSHD pod where the event occurred using the following command:
  kubectl logs `<sshd-pod-name>`
* To mitigate this issue, you should immediately remove the compromised SSHD pod from the cluster and replace it with a clean, secure version using the following command:
  kubectl delete pod `<sshd-pod-name>`

#### Remediation

* Create a ConfigMap containing the updated SSHD configuration to remove the backdoored library:
  ```
  kubectl create configmap sshd-config --from-file=sshd_config_updated
  ```

* Update the SSHD Deployment to mount the ConfigMap containing the updated configuration:
  ```
  kubectl set volume deployment/sshd-deployment --add --name=sshd-config-volume --type=configmap --configmap-name=sshd-config --mount-path=/etc/sshd
  ```

* Rollout the updated SSHD Deployment to apply the remediation changes:
  ```
  kubectl rollout restart deployment/sshd-deployment
  ```
