Thus said "Sean Kirkby" on Wed, 20 Jul 2005 12:12:24 MDT: > Apparently, if you ssh with password auth, and let the prompt sit for > a number of seconds, this is what you see in the netstat report. > Apparently the [net] element indicates that the auth attempt was > occuring via password (as opposed to PAM or key-based auth).
Actually, if you are running a current version of OpenSSH I believe this [net] appears due to the privsep functionality. Basically, privsep separates network code (hence the [net]) from the code that is run by root, thus minimizing the impact of a compromised sshd. Had someone actually completed the authorization, it would instead shown something else, like ``sshd: skirby [priv]'' Andy -- GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204 2219 A43E F450 A638 88C9) [-----------[system uptime]--------------------------------------------] 4:10pm up 30 days, 48 min, 1 user, load average: 1.00, 1.00, 1.00 .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
