To prepare for how it will be when I get a Librem 14, I installed PureOS on a 10 year old Lenovo thinkpad that I had around the house.
I have used it on and off, but today I got it out and plugged it in after not using it for 4 or 5 days. And I discovered that the files
~/.ssh/id_rsa.pub have disappeared and are no longer present.
Is there any known case in PureOS that would cause these files to be removed during the normal operation of the device?
[I needed these files for the purpose of identifying the device for a remote login.]
No, not that I am aware of. Once generated, they stay there under normal operation.
That being said, you can import the PGP public key into the Librem Key.
I suppose probably one of two things happened. Either someone wanted to make a point of the fact that they had hacked me and could modify the encrypted hard drive, and nudge me into thinking that I was never safe, or else the hard drive had some kind of failure and nuked these files because it was an aging drive. The device was a 2013 Lenovo ThinkPad tablet with an SSD from 2015 or 2016 that had been repurposed with PureOS installed on it in September of 2023.
So there could have been several possible attack vectors if somebody had wanted to hack it, because it had traveled with me to many places throughout time.
I am highly tempted to consider the incident non-actionable because I was able to generate a new SSH key and use the new one for my use cases and revoke the old one.
Question for any readers: if this had happened to you, are there any additional logs you would check or would you likewise simply move on?
Well if it happened to me, then I would be unable to log into it remotely in the first place and have to resort to a rescue drive or mode depending on my physical proximity to it. After that I would reinstall the Linux distribution and reconfigure everything again.