[net] user connction to sshd : SOLVED

Andy Bradford amb-plug at bradfords.org
Wed Jul 20 16:10:44 MDT 2005

Thus said "Sean Kirkby" on Wed, 20 Jul 2005 12:12:24 MDT:

> Apparently, if you ssh with password  auth, and let the prompt sit for
> a  number of  seconds, this  is what  you see  in the  netstat report.
> Apparently  the [net]  element  indicates that  the  auth attempt  was
> occuring via password (as opposed to PAM or key-based auth).

Actually, if you are running a current version of OpenSSH I believe this
[net]  appears  due to  the  privsep  functionality. Basically,  privsep
separates network  code (hence the [net])  from the code that  is run by
root,  thus minimizing  the impact  of a  compromised sshd.  Had someone
actually completed  the authorization, it would  instead shown something
else, like ``sshd: skirby [priv]''

GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204  2219 A43E F450 A638 88C9)
[-----------[system uptime]--------------------------------------------]
  4:10pm  up 30 days, 48 min,  1 user,  load average: 1.00, 1.00, 1.00

More information about the PLUG mailing list