It appears to have been a hack. rpm -V openssh-server showed that sshd has been modified. I'll be damned if I know how they got in. I drop ssh packets after 3 attempts in one minute in iptables. I review logs every morning. I deleted all ssh packages from one of the minor servers and reinstalled them and everything worked ok ppublickeys etc. I know that's not the solution. Looks like I have several reinstalls to do. Unless someone has a better idea? Thanks for everyone's help. Mike
Can someone give me an example of how to quickly and easily deny ssh access from one network interface but allow it from another. For example, disallow from the internet but allow from an internal net? TIA, Mike
