Hi, as far as I can see, one can get at least 2 out of the following 3 items: * sshd Privilege Separation * /var/log/wtmp not world readable * users get a lastlog message at ssh login Am I right here? One could also enable the sshd UseLogin option to get the login lastlog message, but I'm not shure about the security implications. This would also break X11 forwarding. Thanks for any comment. Cheers, Thomas