Usually they have two main functions:
+ Secret authentication : Password or RSA key auth for the backdoor user,In the example only password auth implemented.
+ Password|RSA key collection : Only passwords collection are implemented in this example.Both in and out. And in the example we won’t send the stolen passwords to our server, just simply write it to a file.
1. rookit to protect the backdoor
2. live-patch to make sure sshd won’t have to restart.
3. auto-send collected passwords and RSA secret keys.