I'd suggest learning a little software engineering, it'll be invaluable to you later on. Organizing the way you develop your code is pretty damn essential to tackling real-world projects.
If you're already building simple tools and apps there are a couple of things you should really master.
* Version Control [1][2]
* Packaging python eggs [3]
* Command line parsing [4]
* Configuration [5]
* Documentation generation [6]
* Unit Testing [7]
If you can get comfortable with the above concepts and tools before you're deep into school, you're going to be head and shoulders above most of your peers.
First, setup a github account if you don't already have one. Make sure you're committing your code, keep a history of small, succint changes. Learn branching and merging!
As the others have suggested, pick up a project! Whatever you want to build (this keeps it interesting) and integrate in the above tools. Set it up as a package, give it cli options, have it load a default config file if it exists, or use sane defaults. Document your functions; you'll be spending a majority of your time reading code, so make it useful for others.
Most importantly, get yourself some unit tests. Build your application one function at a time. Test it with nose. After it's doing what you want, commit the changes in git, push to your github branch, and onto the next one.
If you're having issues with python in particular, pickup an irc client and join #python on freenode. The community there is pretty excellent and if you're at a difficult point, it's likely someone can point you in the right direction.
Lastly put together a blog. While you're going through all of this, document what you're doing. Put together a couple things you learned when you tackle a difficult problem. Write about what things you had the most trouble with. This will pay back for you two fold; you'll reflect on the material which will help your understanding, and you'll also be setting yourself up for success when you're ready to either start your first internships or jobs.
If the file really was already in the badguys group and 0440 it's already been compromised so that's just covering it up. I suppose if SSH really had the courage of its convictions it'd automatically upload the key fingerprint to some revoked key blacklist.
You have the ordering backwards: SSH complains now so the problem is fixed before someone gets limited access to the computer.
If your account or computer has already been compromised you're still screwed but this helps considerably on shared computers, NFS, etc. where the access situation is easier to misunderstand.
on a fresh debian install, the first user (me) wasn't in the sudoers list. I sudo'd, and got reported. The report mail went to root, which was cloned to the first user...
8k/mo is roughly 100k/yr
So he's asking if the project's pulling six figures.