When using the implant module for authorized_keys, checks should be made during install to ensure the .ssh directory has 700 perms so login can occur. Some distros have 777 perms on the .ssh dir which prevents the authorized_key from working after the implant.
One step better would be to adjust the perms of the .ssh directory accordingly. Although this does have the artifact of possibly triggering an alert, it at least ensures they can use the implant. If the change was recorded in a tamper fact, then on uninstall the perms could be set back to its original state.
Feature description
When using the implant module for authorized_keys, checks should be made during install to ensure the .ssh directory has 700 perms so login can occur. Some distros have 777 perms on the .ssh dir which prevents the authorized_key from working after the implant.
One step better would be to adjust the perms of the .ssh directory accordingly. Although this does have the artifact of possibly triggering an alert, it at least ensures they can use the implant. If the change was recorded in a tamper fact, then on uninstall the perms could be set back to its original state.