Hello, I took a look at my /var/log/messages and now I have a question about the log-entries from ssh-daemon. Remote-users are only allowed to login via ssh2 and only RSA-authentication is enabled, login via password isn't possible. Root-logins are forbidden. If I use ssh to log into my box, the log-entries of sshd look like this: --snip-- Nov 11 12:56:02 xxx sshd[698]: Connection from ::ffff:my.ip.add.res port 32775 Nov 11 12:56:02 xxx sshd[698]: Found matching RSA key: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff Nov 11 12:56:02 xxx sshd[698]: Found matching RSA key: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff Nov 11 12:56:02 xxx sshd[698]: Accepted publickey for meinloginname from ::ffff:xxx.xxx.xxx.xxx port 32775 ssh2 --snip-- If somebody else uses a wrong loginname it looks like this --snip-- Nov 11 21:50:20 xxx sshd[4109]: Connection from ::ffff:xxx.xxx.xxx.xxx port 35472 Nov 11 21:50:22 xxx sshd[4109]: Illegal user test from ::ffff:xxx.xxx.xxx.xxx --snip-- If somebody uses an existing username , eg "root", only this single line is in the logs --snip-- Nov 11 21:50:20 xxx sshd[4109]: Connection from ::ffff:xxx.xxx.xxx.xxx port 35472 --snip-- MY QUESTION IS: WHAT DO THIS TWO ENTRIES MEAN? --snip-- Nov 11 22:09:40 xxx sshd[4132]: Connection from ::ffff:xxx.xxx.xxx.xxx port 48806 Nov 11 22:09:40 xxx sshd[4132]: Did not receive identification string from ::ffff:xxx.xxx.xxx.xxx --snip-- Thank You Kai Pfeiffer