Hi, I have a machine in which just ssh login is allowed. When I login as root, I see that I am the only one logged in (by running w / who) but when I see the result of "last", I see that there is another login of root from a different IP address. Is it possible for somebody to login in a hidden manner so that it does not show up in "who"? BTW, that IP had access to this machine some time back but since then I too have changed the password of root and have rebooted the machine a couple of times. I guessed that he might have left some ssh key due to which he is still able to access my machine inspite of the password being changed. I tried to move ssh_host_key from /etc/ssh/ to another place but then I too lost access to the machine after rebooting. Then I had to start in single user mode and restore "ssh_host_key" to the original place. Now I am not sure how to proceed lest I commit more mistakes which I cant afford to. Shall be garteful if somebody could guide here too. Thanks, Uk ---------------------------------------------------------------------- The LIH mailing list archives are available at: http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
