I am quite fresh with Linux as a whole, so this may be a silly question – but
I would still like to know the answer
This morning when I look at my /var/log/auth.log (which I've been told to make a habit)
I notice that once an hour it has logged an event that looks like this:
May 13 20:17:01 Ubuntu-Server-1401-VM CRON: pam_unix(cron:session): session opened for user root by (uid=0) May 13 20:17:01 Ubuntu-Server-1401-VM CRON: session closed for user root
It has then proceeded to happen every hour at x:17:01 until I opened the log.
An SSH connection to this server has been kept alive during this time (where the log entires occured). My best guess is that every hour my SSH client has looked to see whether or not it could obtain root access as a way to verify the connection to the SSH connection to the server – but I would like to be on the safe side. Does anyone know what this is?