On Tuesday 01 June 2004 11:16 pm, Stuart wrote:
Folks,
Has anyone run across this issue. When remotely logging into my SuSE 9.0 linux box using ssh, I notice that there are 2 sshd processes that seem to get spawned to service the login. Before upgrading to SuSE 9.0 from 8.3 there was only 1 sshd process for the login. My suspision is that my system has been compromised by an attacker, but don't know how to tell for sure or how to determine who the attacker might be. Can someone give some advice.
I get the same thing here on a 9.0 system except that I only get one entry for sshd. root 21737 2036 0 08:45 ? 00:00:00 sshd: <userid>@pts/39 <userid> 21738 21737 0 08:45 pts/39 00:00:00 -bash <userid> 21763 21762 0 08:45 pts/39 00:00:00 ps -ef I wouldn't be too concerned about it.
Thanks
Stuart
root 20100 901 0 20:58 ? 00:00:00 sshd: <userid>@pts/5 root 20101 20100 0 20:58 ? 00:00:00 sshd: <userid>@pts/5 <userid> 20103 20100 2 20:58 pts/5 00:00:00 -bash <userid> 20323 20103 0 21:31 pts/5 00:00:00 ps -ef
I have the following ssh and pam packages installed on SuSE 9.0 box.
openssh-askpass-3.7.1p2-18 openssh-3.7.1p2-113
yast2-pam-2.8.5-65 pam-0.77-124 pam-modules-9.0-5 pam_krb5-1.3-54 pam-devel-0.77-124
-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 06/02/04 08:41 + +----------------------------------------------------------------------------+ "The Information Highway: 500 channels and not a thing to watch."