Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SSH Connections - Unknown

I

immobilus

macrumors member
Original poster
May 5, 2012
62
4
6/5/15 12:20:25.115 AM login[1069]: DEAD_PROCESS: 1069 ttys001
6/5/15 12:20:35.503 AM login[1556]: USER_PROCESS: 1556 ttys000
6/5/15 1:03:24.958 AM login[1556]: DEAD_PROCESS: 1556 ttys000
6/5/15 1:03:26.596 AM login[1674]: USER_PROCESS: 1674 ttys000
6/5/15 1:04:48.656 AM login[1674]: DEAD_PROCESS: 1674 ttys000
6/5/15 1:04:50.617 AM login[1687]: USER_PROCESS: 1687 ttys000

What do these mean, how do I find out who they are (IP addresses), and how do I see exactly what they're doing while logged on? Also, is there a specific log file which will provide improved information?
 
[bump]

I changed my password and the logins stopped. Is there a way to find out what they were doing or what they did while logged into the system?
 
immobilus said:
[bump]

I changed my password and the logins stopped. Is there a way to find out what they were doing or what they did while logged into the system?
Click to expand...
Assuming you have an administrator account they could have done anything. I would reformat/reinstall, and restore only your documents from backup.
 
Nothing there suggests these were SSH. Did you have any terminals open in the background you forgot about? If you don't have port forwarding enabled on your router (or port 22 for that matter) then it won't have been anyone SSH'ing in.
 
Kilamite said:
Nothing there suggests these were SSH. Did you have any terminals open in the background you forgot about? If you don't have port forwarding enabled on your router (or port 22 for that matter) then it won't have been anyone SSH'ing in.
Click to expand...
This is a good point. There would be log entries for ssh as well, indicating logins that way.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back