Suspicious SSH process

Gewürzwiesel asked:

today I found a running ssh process that was not there a few days ago. Can anyone know what this ist doing?

ssh -x -a -oClearAllForwardings=yes -2 ssh@172.30.0.56 -s sftp

My answer:


This is the command that actually gets run when someone runs sftp.

In this case someone has run sftp ssh@172.30.0.56, which spawns this process to handle the actual connection.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.