Stay out of the logs — /var/log/auth.log
PROBLEM: the auth.log gets appended to after logging out… Oct 24 00:38:23 gateway sshd[1801]: pam_unix(sshd:session): session closed for user root You can erase all other traces but not that… Let’s try adding a process right before logging out, and NOHUP’ing …