fajarpl - First, thanks for recommending rkhunter. That is a nice tool to have around. I have never used it in the past.
However, it found nothing because SSH v1 login is currently allowed by the system - which I changed.
I did have clear text login allowed. So I guess the sniffer is a possibility; however, the person with the sniffer would have to be outside of our physical LAN and on the Internet somewhere - to the best of my knowledge. I say that because we have a dedicated 6mbps/1mbps line coming from the CO into our office - and there are only two of us in the office. I say dedicated because it is one of those lines that do not require telephone service (it doesn't ride the primary pair). |