[net] user connction to sshd : SOLVED
Andy Bradford
amb-plug at bradfords.org
Wed Jul 20 16:10:44 MDT 2005
Thus said "Sean Kirkby" on Wed, 20 Jul 2005 12:12:24 MDT:
> Apparently, if you ssh with password auth, and let the prompt sit for
> a number of seconds, this is what you see in the netstat report.
> Apparently the [net] element indicates that the auth attempt was
> occuring via password (as opposed to PAM or key-based auth).
Actually, if you are running a current version of OpenSSH I believe this
[net] appears due to the privsep functionality. Basically, privsep
separates network code (hence the [net]) from the code that is run by
root, thus minimizing the impact of a compromised sshd. Had someone
actually completed the authorization, it would instead shown something
else, like ``sshd: skirby [priv]''
Andy
--
GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204 2219 A43E F450 A638 88C9)
[-----------[system uptime]--------------------------------------------]
4:10pm up 30 days, 48 min, 1 user, load average: 1.00, 1.00, 1.00
More information about the PLUG
mailing list