Dear List, I have a question about SSHD: Since I installed SuSE 7.2 (about a week ago), I keep getting a strange entry in the seccheck reports (very nice script, well done!): + sshd root TCP *:6010 (LISTEN) Alarmed by this entry, I ran tripwire on the box, but it could not find any changed binaries. The entry is also not permanent, it does disappear and come back and I have, to be honest, no clear impression of what's going on. I have a few users on my box, most of them run a bounce or BitchX or some eggdrops; even an IRCU is present. As for running services, there is apache with PHP, Perl and Phyton on port 80, OpenSSH on port 22, Identd on port 113, postfix on port 25 and a firewalled XNTPD on port 123. When I ssh to the port (6010) while it is open, I get an SSH login. It seems to be the standard sshd running on the box, since logging into /var/log/messages occurs. I have also noticed, that the port has changed from 6011 to 6010. Right now it is closed again, whereas this morning, aroung 4:30am, it was open. Very weird. In /etc/ssh/sshd_config, it looks like this: <snip> Port 22 Protocol 1,2 ListenAddress 212.117.195.110 #ListenAddress :: </snip> So I dont think that SSHD listening on 6010 is legit? Or might it have to do with IPv6 support? I commented out the ListenAddress, since I do not wish to support ipv6 as long as the box is not connected to the 6bone ;-) Another theory would be that it has to do with X11 forwarding, but thats disabled in sshd config, too... Any comments and suggestions apperciated. Chr Burri .-. /v\ L I N U X // \\ >Phear the Penguin< /( )\ ^^-^^