Hi,

What could this process mean:
" sshd: unknown [priv] " or " sshd: unknown [net] "

Is this an indication of a possible intrusion by a hacker?

If yes, what actions should be taken?

Thanks

sshd: unknown [priv]  and sshd: unknown [net] is when someone trying to attempt to login to your system, but there is no account under the username.

mostly such log entries will be followed by something like below in /var/log/messages

Mar 26 10:41:33 athena sshd(pam_unix)[3984]: check pass; user unknown
Mar 26 10:41:33 athena sshd(pam_unix)[3984]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.141.89

where you can block the IP 210.0.141.89.

Meanwhile you should edit /etc/ssh/sshd_config to read the config as below,

Protocol 2 (only SSH2 should be allowed, SSH1 is vulnerable)
Port 22 (22 can be changed to something else, preferably a number 10000+, but you have to know that once changed and restarted the sshd, you won't be able to connect with default port 22, instead specifically mention the port number given here in your SSH client  to connect to SSH. Don't change it unless you know what you are doing)

and follow the steps at http://www.lunarforums.com/viewtopic.php?t=26253

su = substitute user

It allows you to log in as a "regular", unpriviledged user and then "promote" yourself to "root" (by using su) to perform certain commands without having to actually log in using the root account.

If you did log in as root though, you would probably not need to use su though since you are already at that level...

There's also a sudo command (if I'm remembering correctly, but it's been a while since I really played around with the command line in linux) that allows you to run a particular command/program as the root user but does not "promote" you to that roll...

if you do a "man su" at the command line, it should give you the manual pages for the su command... though it might not be setup that way at LP, in which case just do a google search for man su and it will give you essentially the same information. Same goes for other commands as well "man ls" to get info on the ls command, "man sudo" for info on sudo, etc.

Not sure if this helps or not, but hope it clears something up somewhere for someone

You also might hear under the linux folks that "su" stands for "superuser" which more or less the purpose of the su command is, to become root (= superuser). If you ssh to your server as regular user and then just type on the command prompt su and hit enter. You then will be asked for the root password.

And I thought it meant Stanford University.

Is it possible to ... uh... desu? unsu? or do you just su back to whatever user?

And now I feel technically correct about my previous answer but some how less geeky because of it  

(Oh, and according to my wife it stands for Southwestern University...)

Yeah, but which SU university has contributed more to computing?

okay..I go for "switch user" . The gloss page at http://tldp.org/LDP/intro-linux/html/gloss.html says so.

whatis su says run a shell with substitute user and group IDs. So it is "substitute user".

But I am sure after all these, buy-steroids.biz won't forget the use of "su"   ever