From f6afd9391541df91c11f6a76c32b3b5e6a019bfa Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 13 Feb 2018 14:22:18 +0800 Subject: [PATCH] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Have=20I=20been=20hacked?= =?UTF-8?q?=20by=20root@notty=3F=20=E2=80=93=20Sysadmin=20World?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... hacked by root-notty- - Sysadmin World.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 sources/tech/20110917 Have I been hacked by root-notty- - Sysadmin World.md diff --git a/sources/tech/20110917 Have I been hacked by root-notty- - Sysadmin World.md b/sources/tech/20110917 Have I been hacked by root-notty- - Sysadmin World.md new file mode 100644 index 0000000000..853fd11791 --- /dev/null +++ b/sources/tech/20110917 Have I been hacked by root-notty- - Sysadmin World.md @@ -0,0 +1,23 @@ +translating by lujun9972 +Have I been hacked by root@notty? – Sysadmin World +====== + +If you see sshd:root@notty in the output of `ps aux` and wonder what kind of host notty is and if that’s the name of a hacker’s computer, don’t worry; notty actually just stands for no tty. + +When you login locally to a linux machine the terminal will appear in the process list as tty (e.g. tty7). If you login to a remote server via ssh you will see something like root@pts/0. + +However if a connection is made via sftp or you are copying files with scp then it will show as no tty (notty). + +If you are still wondering on what is going on you might want to check the output of ps auxf to see a tree of processes or run `netstat -vatn` to examine all TCP connections. + +-------------------------------------------------------------------------------- + +via: http://www.sysadminworld.com/2011/ps-aux-shows-sshd-rootnotty/ + +作者:[sysadminworld][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.sysadminworld.com