![](https://seccdn.libravatar.org/avatar/0f95ee15404283d02fab1efbfc8a8469.jpg?s=120&d=mm&r=g)
Folks, Has anyone run across this issue. When remotely logging into my SuSE 9.0 linux box using ssh, I notice that there are 2 sshd processes that seem to get spawned to service the login. Before upgrading to SuSE 9.0 from 8.3 there was only 1 sshd process for the login. My suspision is that my system has been compromised by an attacker, but don't know how to tell for sure or how to determine who the attacker might be. Can someone give some advice. Thanks Stuart root 20100 901 0 20:58 ? 00:00:00 sshd: <userid>@pts/5 root 20101 20100 0 20:58 ? 00:00:00 sshd: <userid>@pts/5 <userid> 20103 20100 2 20:58 pts/5 00:00:00 -bash <userid> 20323 20103 0 21:31 pts/5 00:00:00 ps -ef I have the following ssh and pam packages installed on SuSE 9.0 box. openssh-askpass-3.7.1p2-18 openssh-3.7.1p2-113 yast2-pam-2.8.5-65 pam-0.77-124 pam-modules-9.0-5 pam_krb5-1.3-54 pam-devel-0.77-124