how to react on ssh attacks?

[Les Mikesell]

On Tue, 2005-10-25 at 11:43, Michael A. Peters wrote:

> Furthermore, if you ssh in as root - there is no accountability.
> If you ssh in as a user and then su to root, that action is recorded in
> the log files - and you know who logged into root and when.

Well, sort-of.  After su-ing to root, that person has the
ability to alter the logs - and the programs you might use
to view the logs.

-- 
  Les Mikesell
    lesmikesell at gmail.com