Главная » Linux

Linux show ssh sessions

На чтение 12 мин Просмотров 1 Опубликовано
Содержание
  1. List all connected SSH sessions?
  2. 7 Answers 7
  3. How to List All Connected SSH Sessions on Linux
  4. List of SSH sessions connected with the who command
  5. List of SSH sessions connected with the w command
  6. List of SSH sessions connected with the last command
  7. List of SSH sessions connected with the who -u command
  8. List of SSH sessions connected with the ss command
  9. Conclusion
  10. 6 commands to check and list active SSH connections in Linux
  11. Check active SSH connections
  12. 1. Using ss command
  13. 2. Using last command
  14. 3. Using who command
  15. 4. Using w command
  16. 5. Using netstat command
  17. 6. Using ps command
  18. Check ssh connection history

List all connected SSH sessions?

I just SSH’d into root, and then SSH’d again into root on the same machine. So I have two windows open both SSH’d into root on my remote machine. From the shell, how can I see a list of these two sessions?

7 Answers 7

who or w ; who -a for additional information.

These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave ( pts ) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts . See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won’t show anybody who’s logged in to an SFTP session, since SFTP sessions aren’t shell login sessions.

I don’t know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp / wtmp via a tool like last , w , or who like I’ve just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).

A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log . On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here’s a sample of what you might see:

[myhost ~]% grep hendrenj /var/log/sshd.log | grep session May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0) May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0) May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj

The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you’re going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won’t be an accurate list when you’re done parsing, since the logs don’t actually contain enough information to determine which sessions are still active — you’re essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.

I recommend just using w . Most of the time, this will get you the information you want.

Читайте также:  Acer swift 3 linux

Источник

How to List All Connected SSH Sessions on Linux

Secure Shell (SSH) is a commonly used protocol for secure remote access to Linux servers. When multiple users are connected to a Linux server via SSH, it can be useful to list all connected SSH sessions for administrative or monitoring purposes. In this article, we will discuss how to list all connected SSH sessions on Linux using various command line tools.

List of SSH sessions connected with the who command

The who command is a simple and widely available command-line tool for listing logged in users on a Linux system. To list all connected SSH sessions, you can use the “who -a” command. The -a option shows all users, including those who are not logged in through the system console. The result will show your username, terminal, and login date and time.

$ who -a root pts/0 2020-12-19 14:20 (10.0.0.1) user1 pts/1 2020-12-19 15:25 (10.0.0.2) user2 pts/2 2020-12-19 14:30 (10.0.0.3)

In this example, the output shows that there are three users currently connected: «root», «user1» and «user2», along with the endpoint they connected to and the IP addresses they connected from.

List of SSH sessions connected with the w command

Another command-line tool that can be used to list connected SSH sessions is “w”. This command displays information about users currently logged on to the system, and also displays the process each user is running. To list all connected SSH sessions, you can use the “w -h” command, which omits the header and shows only the process.

$ w -h root pts/0 14:20 2.00s 0.00s ssh 10.0.0.1 user1 pts/1 14:25 1.00s 0.00s ssh 10.0.0.2 user2 pts/2 14:30 1.00s 0.00s ssh 10.0.0.3

In this example, the output shows that the three users are currently connected, the terminal they are connected to, and the IP addresses they are connecting from.

List of SSH sessions connected with the last command

The last command is used to display users who have recently logged on to the system. This command can also be used to list connected SSH sessions using the latest “-i” command.

$ last -i root pts/0 10.0.0.1 Sun Dec 19 14:20 - 14:25 (00:05) user1 pts/1 10.0.0.2 Sun Dec 19 14:25 - 14:30 (00:05) user2 pts/2 10.0.0.3 Sun Dec 19 14:30 - 14:35 (00:05)

In this example, the output shows the three users currently connected, the endpoint they connected to, the IP addresses they connected from, and the length of their session.

List of SSH sessions connected with the who -u command

You can also use the “who -u” command to list all connected SSH sessions. This command displays the user, terminal, and login date and time.

$ who -u root pts/0 2020-12-19 14:20 (10.0.0.1) user1 pts/1 2020-12-19 14:25 (10.0.0.2) user2 pts/2 2020-12-19 14:30 (10.0.0.3)

The “-u” option shows users and their idle time, but does not show IP addresses. So, if IP information is important to you, you can combine this command with the “-i” option which will show the IP addresses.

$ who -u -i root pts/0 2020-12-19 14:20 (10.0.0.1) . . . . . . . . . . . . . . . user1 pts/1 2020-12-19 14:25 (10.0.0.2) . . . . . . . . . . . . . . . user2 pts/2 2020-12-19 14:30 (10.0.0.3) . . . . . . . . . . . . . . .

List of SSH sessions connected with the ss command

Another command that can be used to list connected SSH sessions is ss. This command is similar to netstat but more efficient and is used to dump socket statistics. To list all connected SSH sessions, you can use the “ss -t -a” command.

$ ss -t -a | grep ssh tcp ESTAB 0 0 10.0.0.1:ssh 10.0.0.1:46754 users:(("sshd",pid=9987,fd=3)) tcp ESTAB 0 0 10.0.0.2:ssh 10.0.0.2:47754 users:(("sshd",pid=9987,fd=3)) tcp ESTAB 0 0 10.0.0.3:ssh 10.0.0.3:48754 users:(("sshd",pid=9987,fd=3))

The “-t” option shows only TCP connections and the “-a” option shows all sockets. The grep command is used to filter the output and shows only ssh connections.

Читайте также:  Prtg установка на linux

Conclusion

In this article, we have discussed several command-line tools for listing connected SSH sessions on Linux. Each command has its own specific options and output format, so it’s up to you to choose the one that best suits your needs. It is always recommended to consult the man pages of each command before using it, to ensure that you are using the correct options and getting the expected result.

Источник

6 commands to check and list active SSH connections in Linux

How to check active SSH connections in Linux. Show SSH connection history. How to show active ssh sessions in Linux. List all the active SSH connections in Unix. Find out all the currently active ssh connections on any Linux node. Which all tools can be used to list all the active ssh connections in Linux. Show active SSH sessions. Check ssh connection history using log files in Linux.

6 commands to check and list active SSH connections in Linux

Some more more articles you may be interested on similar topics:

Check active SSH connections

There are various commands and tools available in Linux which can be used to check active SSH connections or sessions on your Linux node. In this article I will share a list of tools which can be used to get the list of active SSH connections. If you are aware of any more commands to show active ssh sessions then please let me know via comment section.

1. Using ss command

ss is used to dump socket statistics. It allows showing information similar to netstat . It can display more TCP and state information than other tools. We will use grep function to only get the list of active SSH sessions on our local host

[root@node3 ~]# ss | grep -i ssh tcp ESTAB 0 0 10.0.2.32:ssh 10.0.2.31:37802 tcp ESTAB 0 64 10.0.2.32:ssh 10.0.2.2:49966 tcp ESTAB 0 0 10.0.2.32:ssh 10.0.2.30:56088

From the above example we know that there are three hosts which are currently connected to our node3. We have active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

2. Using last command

last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments.

Using this command you can also get the information about the user using which the SSH connection was created between server and client. So below we know the connection from 10.0.2.31 is done using ‘deepak‘ user, while for other two hosts, ‘root‘ user was used for connecting to node3.

[root@node3 ~]# last -a | grep -i still deepak pts/1 Fri May 31 16:58 still logged in 10.0.2.31 root pts/2 Fri May 31 16:50 still logged in 10.0.2.30 root pts/0 Fri May 31 09:17 still logged in 10.0.2.2

Here I am grepping for a string «still» to get all the patterns with » still logged in «. So now we know we have three active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

3. Using who command

who is used to show who is logged on on your Linux host. This tool can also give this information

[root@node3 ~]# who root pts/0 2019-05-31 09:17 (10.0.2.2) root pts/1 2019-05-31 16:47 (10.0.2.31) root pts/2 2019-05-31 16:50 (10.0.2.30)

Using this command we also get similar information as from last command. Now you get the user details used for connecting to node3 from source host, also we have terminal information on which the session is still active.

Читайте также:  Linux создать файл большого размера

4. Using w command

w displays information about the users currently on the machine, and their processes. This gives more information than who and last command and also serves our purpose to get the list of active SSH connections. Additionally it also gives us the information of the running process on those sessions.

Using w command you will also get the idle time details, i.e. for how long the session is idle. If the SSH session is idle for long period then it is a security breach and it is recommended that such idle SSH session must be killed, you can configure your Linux host to automatically kill such idle SSH session.

[root@node3 ~]# w 17:01:41 up 7:44, 3 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 10.0.2.2 09:17 9:41 0.31s 0.00s less -s deepak pts/1 10.0.2.31 16:58 3:06 0.03s 0.03s -bash root pts/2 10.0.2.30 16:50 5.00s 0.07s 0.02s w

5. Using netstat command

Similar to ss we have netstat command to show active ssh sessions. Actually we can also say that ss is the new version of netstat. Here we can see all the ESTABLISHED SSH sessions from remote hosts to our localhost node3. it is also possible that one or some of these active ssh connections are in hung state so you can configure your host to automatically disconnect or kill these hung or unresponsive ssh sessions in Linux.

[root@node3 ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd' tcp 0 0 10.0.2.32:22 10.0.2.31:37806 ESTABLISHED 10295/sshd: deepak tcp 0 0 10.0.2.32:22 10.0.2.2:49966 ESTABLISHED 4329/sshd: root@pts tcp 0 0 10.0.2.32:22 10.0.2.30:56088 ESTABLISHED 10125/sshd: root@pt

6. Using ps command

Now to show active ssh sessions, ps command may not give you accurate results like other commands we discussed in this article but it can give you some more additional information i.e. PID of the SSHD process which are currently active and connected.

# ps auxwww | grep sshd: | grep -v grep root 4329 0.0 0.1 154648 5512 ? Ss 09:17 0:00 sshd: root@pts/0 root 10125 0.0 0.1 154648 5532 ? Ss 16:50 0:00 sshd: root@pts/2 root 10295 0.0 0.1 154648 5480 ? Ss 16:58 0:00 sshd: deepak [priv] deepak 10301 0.0 0.0 156732 2964 ? S 16:58 0:00 sshd: deepak@pts/1

Check ssh connection history

To get the ssh connection history you can always check your SSHD logs for more information on connected or disconnected SSH session. Now the sshd log file may vary from distribution to distribution. On my RHEL 7.4 my sshd logs are stored inside /var/log/sshd

Lastly I hope the steps from the article to check active SSH connections and ssh connection history in Linux was helpful. So, let me know your suggestions and feedback using the comment section.

Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Источник

Оцените статью
© 2023 Posetke
Adblock
detector