List all connected SSH sessions?
I just SSH'd into root, and then SSH'd again into root on the same machine. So I have two windows open both SSH'd into root on my remote machine.
From the shell, how can I see a list of these two sessions?
ssh terminal
asked Sep 26 '13 at 21:28
themirror
2,363102130
add a comment |
I just SSH'd into root, and then SSH'd again into root on the same machine. So I have two windows open both SSH'd into root on my remote machine.
From the shell, how can I see a list of these two sessions?
ssh terminal
asked Sep 26 '13 at 21:28
themirror
2,363102130
add a comment |
I just SSH'd into root, and then SSH'd again into root on the same machine. So I have two windows open both SSH'd into root on my remote machine.
From the shell, how can I see a list of these two sessions?
ssh terminal
asked Sep 26 '13 at 21:28
themirror
2,363102130
I just SSH'd into root, and then SSH'd again into root on the same machine. So I have two windows open both SSH'd into root on my remote machine.
From the shell, how can I see a list of these two sessions?
ssh terminal
ssh terminal
asked Sep 26 '13 at 21:28
themirror
2,363102130
asked Sep 26 '13 at 21:28
themirror
2,363102130
asked Sep 26 '13 at 21:28
themirror
2,363102130
asked Sep 26 '13 at 21:28
themirror
2,363102130
asked Sep 26 '13 at 21:28
themirror
2,363102130
2,363102130
add a comment |
add a comment |
6 Answers
6
active
oldest
votes
who or w; who -a for additional information.
These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave (pts) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts. See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won't show anybody who's logged in to an SFTP session, since SFTP sessions aren't shell login sessions.
I don't know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp/wtmp via a tool like last, w, or who like I've just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).
A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log. On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here's a sample of what you might see:
[myhost ~]% cat /var/log/sshd.log | grep hendrenj | grep session
May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj
May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj
The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you're going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won't be an accurate list when you're done parsing, since the logs don't actually contain enough information to determine which sessions are still active - you're essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.
I recommend just using w. Most of the time, this will get you the information you want.
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
2
Related: Understanding the output of thewho -acommand
– Serge Stroobandt
Dec 18 '16 at 22:33
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
add a comment |
You can see every session ssh with the following command:
[root@router ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd'
tcp 0 0 192.168.1.136:22 192.168.1.147:45852 ESTABLISHED 1341/sshd
tcp 0 0 192.168.1.136:22 192.168.1.147:45858 ESTABLISHED 1360/sshd
O perhaps this may be useful:
[root@router ~]# ps auxwww | grep sshd:
root 1341 0.0 0.4 97940 3952 ? Ss 20:31 0:00 sshd: root@pts/0
root 1360 0.0 0.5 97940 4056 ? Ss 20:32 0:00 sshd: root@pts/1
root 1397 0.0 0.1 105300 888 pts/0 S+ 20:37 0:00 grep sshd:
edited Mar 26 '16 at 20:38
xuhdev
18211
answered Sep 26 '13 at 23:34
sebelk
1,76111833
3
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
1
on most boxes nowadays you can usepgrep -ai sshd
– ccpizza
Oct 26 '17 at 21:03
@ccpizza:pgrep: invalid option -- 'i'on Ubuntu 14.04.
– Martin Schröder
Mar 14 at 9:03
2
@MartinSchröder:-iis only available on mac/bsd flavours. on ubuntu you can usepgrep -af ssd. See serverfault.com/a/883270/116777 for details
– ccpizza
Mar 14 at 10:48
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
add a comment |
You can also use
ps ax | grep sshd
answered May 10 '16 at 13:33
Joel Inglao
11112
add a comment |
Expanding on @sebelk's answer:
The solution using netstat is a good one but requires root privileges. In addition, the net-tools package (which provides netstat) was deprecated in some newer Linux distro's (https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/).
An alternative solution is then to use the replacement for netstat, ss. For example (note you no longer need root):
user@router:~# ss | grep ssh
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37620
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37628
answered May 4 at 9:22
A.Meijer
412
add a comment |
Added for simple reference.
If you are in a pseudo shell
(example: /dev/pts/0 ) one of the simplest ways would be:
[user1@host ~]$ echo $SSH_CONNECTION
It should return: your ip and port and the ip your connected to and port
192.168.0.13 50473 192.168.0.22 22
You can also get some info from using tty or who (w): (edit: I see it's now list above in another post)
[user1@host ~]$ who
user1 tty1 2018-01-03 18:43
user2 pts/0 2018-01-03 18:44 (192.168.0.13)
To expand on the previous answers dealing with Bash globals. Might I suggest referencing theSECONDSglobal. You can use this viaecho $SECONDS, which it then displays the amount of time, since the perceived connection
– NerdOfCode
Sep 4 at 15:19
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
add a comment |
You can use
last | head
I used this in my .login script for years to see who had recently logged into the system. It was a poor-man-security device to see if someone was on the system using your login.
answered yesterday
J.O. Williams
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ranlastin may not be listed.
– muru
yesterday
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f92560%2flist-all-connected-ssh-sessions%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
who or w; who -a for additional information.
These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave (pts) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts. See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won't show anybody who's logged in to an SFTP session, since SFTP sessions aren't shell login sessions.
I don't know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp/wtmp via a tool like last, w, or who like I've just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).
A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log. On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here's a sample of what you might see:
[myhost ~]% cat /var/log/sshd.log | grep hendrenj | grep session
May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj
May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj
The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you're going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won't be an accurate list when you're done parsing, since the logs don't actually contain enough information to determine which sessions are still active - you're essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.
I recommend just using w. Most of the time, this will get you the information you want.
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
2
Related: Understanding the output of thewho -acommand
– Serge Stroobandt
Dec 18 '16 at 22:33
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
add a comment |
who or w; who -a for additional information.
These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave (pts) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts. See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won't show anybody who's logged in to an SFTP session, since SFTP sessions aren't shell login sessions.
I don't know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp/wtmp via a tool like last, w, or who like I've just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).
A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log. On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here's a sample of what you might see:
[myhost ~]% cat /var/log/sshd.log | grep hendrenj | grep session
May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj
May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj
The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you're going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won't be an accurate list when you're done parsing, since the logs don't actually contain enough information to determine which sessions are still active - you're essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.
I recommend just using w. Most of the time, this will get you the information you want.
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
2
Related: Understanding the output of thewho -acommand
– Serge Stroobandt
Dec 18 '16 at 22:33
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
add a comment |
who or w; who -a for additional information.
These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave (pts) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts. See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won't show anybody who's logged in to an SFTP session, since SFTP sessions aren't shell login sessions.
I don't know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp/wtmp via a tool like last, w, or who like I've just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).
A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log. On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here's a sample of what you might see:
[myhost ~]% cat /var/log/sshd.log | grep hendrenj | grep session
May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj
May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj
The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you're going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won't be an accurate list when you're done parsing, since the logs don't actually contain enough information to determine which sessions are still active - you're essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.
I recommend just using w. Most of the time, this will get you the information you want.
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
who or w; who -a for additional information.
These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave (pts) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts. See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won't show anybody who's logged in to an SFTP session, since SFTP sessions aren't shell login sessions.
I don't know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp/wtmp via a tool like last, w, or who like I've just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).
A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log. On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here's a sample of what you might see:
[myhost ~]% cat /var/log/sshd.log | grep hendrenj | grep session
May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj
May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj
The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you're going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won't be an accurate list when you're done parsing, since the logs don't actually contain enough information to determine which sessions are still active - you're essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.
I recommend just using w. Most of the time, this will get you the information you want.
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
edited Aug 10 '17 at 20:33
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
answered Sep 26 '13 at 21:55
jayhendren
5,33721444
5,33721444
2
Related: Understanding the output of thewho -acommand
– Serge Stroobandt
Dec 18 '16 at 22:33
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
add a comment |
2
Related: Understanding the output of thewho -acommand
– Serge Stroobandt
Dec 18 '16 at 22:33
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
2
2
Related: Understanding the output of the
who -a command– Serge Stroobandt
Dec 18 '16 at 22:33
Related: Understanding the output of the
who -a command– Serge Stroobandt
Dec 18 '16 at 22:33
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
Found this while searching for a tangentially related problem. Doesn't matter. This is one of the best answers I've seen on any Stack site! I now know a ton more about this particular area (for lack of a better word). EDIT: Thank you!
– jscharf
Aug 21 '17 at 2:25
add a comment |
You can see every session ssh with the following command:
[root@router ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd'
tcp 0 0 192.168.1.136:22 192.168.1.147:45852 ESTABLISHED 1341/sshd
tcp 0 0 192.168.1.136:22 192.168.1.147:45858 ESTABLISHED 1360/sshd
O perhaps this may be useful:
[root@router ~]# ps auxwww | grep sshd:
root 1341 0.0 0.4 97940 3952 ? Ss 20:31 0:00 sshd: root@pts/0
root 1360 0.0 0.5 97940 4056 ? Ss 20:32 0:00 sshd: root@pts/1
root 1397 0.0 0.1 105300 888 pts/0 S+ 20:37 0:00 grep sshd:
edited Mar 26 '16 at 20:38
xuhdev
18211
answered Sep 26 '13 at 23:34
sebelk
1,76111833
3
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
1
on most boxes nowadays you can usepgrep -ai sshd
– ccpizza
Oct 26 '17 at 21:03
@ccpizza:pgrep: invalid option -- 'i'on Ubuntu 14.04.
– Martin Schröder
Mar 14 at 9:03
2
@MartinSchröder:-iis only available on mac/bsd flavours. on ubuntu you can usepgrep -af ssd. See serverfault.com/a/883270/116777 for details
– ccpizza
Mar 14 at 10:48
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
add a comment |
You can see every session ssh with the following command:
[root@router ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd'
tcp 0 0 192.168.1.136:22 192.168.1.147:45852 ESTABLISHED 1341/sshd
tcp 0 0 192.168.1.136:22 192.168.1.147:45858 ESTABLISHED 1360/sshd
O perhaps this may be useful:
[root@router ~]# ps auxwww | grep sshd:
root 1341 0.0 0.4 97940 3952 ? Ss 20:31 0:00 sshd: root@pts/0
root 1360 0.0 0.5 97940 4056 ? Ss 20:32 0:00 sshd: root@pts/1
root 1397 0.0 0.1 105300 888 pts/0 S+ 20:37 0:00 grep sshd:
edited Mar 26 '16 at 20:38
xuhdev
18211
answered Sep 26 '13 at 23:34
sebelk
1,76111833
3
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
1
on most boxes nowadays you can usepgrep -ai sshd
– ccpizza
Oct 26 '17 at 21:03
@ccpizza:pgrep: invalid option -- 'i'on Ubuntu 14.04.
– Martin Schröder
Mar 14 at 9:03
2
@MartinSchröder:-iis only available on mac/bsd flavours. on ubuntu you can usepgrep -af ssd. See serverfault.com/a/883270/116777 for details
– ccpizza
Mar 14 at 10:48
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
add a comment |
You can see every session ssh with the following command:
[root@router ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd'
tcp 0 0 192.168.1.136:22 192.168.1.147:45852 ESTABLISHED 1341/sshd
tcp 0 0 192.168.1.136:22 192.168.1.147:45858 ESTABLISHED 1360/sshd
O perhaps this may be useful:
[root@router ~]# ps auxwww | grep sshd:
root 1341 0.0 0.4 97940 3952 ? Ss 20:31 0:00 sshd: root@pts/0
root 1360 0.0 0.5 97940 4056 ? Ss 20:32 0:00 sshd: root@pts/1
root 1397 0.0 0.1 105300 888 pts/0 S+ 20:37 0:00 grep sshd:
edited Mar 26 '16 at 20:38
xuhdev
18211
answered Sep 26 '13 at 23:34
sebelk
1,76111833
You can see every session ssh with the following command:
[root@router ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd'
tcp 0 0 192.168.1.136:22 192.168.1.147:45852 ESTABLISHED 1341/sshd
tcp 0 0 192.168.1.136:22 192.168.1.147:45858 ESTABLISHED 1360/sshd
O perhaps this may be useful:
[root@router ~]# ps auxwww | grep sshd:
root 1341 0.0 0.4 97940 3952 ? Ss 20:31 0:00 sshd: root@pts/0
root 1360 0.0 0.5 97940 4056 ? Ss 20:32 0:00 sshd: root@pts/1
root 1397 0.0 0.1 105300 888 pts/0 S+ 20:37 0:00 grep sshd:
edited Mar 26 '16 at 20:38
xuhdev
18211
answered Sep 26 '13 at 23:34
sebelk
1,76111833
edited Mar 26 '16 at 20:38
xuhdev
18211
edited Mar 26 '16 at 20:38
xuhdev
18211
edited Mar 26 '16 at 20:38
xuhdev
18211
18211
answered Sep 26 '13 at 23:34
sebelk
1,76111833
answered Sep 26 '13 at 23:34
sebelk
1,76111833
answered Sep 26 '13 at 23:34
sebelk
1,76111833
1,76111833
3
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
1
on most boxes nowadays you can usepgrep -ai sshd
– ccpizza
Oct 26 '17 at 21:03
@ccpizza:pgrep: invalid option -- 'i'on Ubuntu 14.04.
– Martin Schröder
Mar 14 at 9:03
2
@MartinSchröder:-iis only available on mac/bsd flavours. on ubuntu you can usepgrep -af ssd. See serverfault.com/a/883270/116777 for details
– ccpizza
Mar 14 at 10:48
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
add a comment |
3
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
1
on most boxes nowadays you can usepgrep -ai sshd
– ccpizza
Oct 26 '17 at 21:03
@ccpizza:pgrep: invalid option -- 'i'on Ubuntu 14.04.
– Martin Schröder
Mar 14 at 9:03
2
@MartinSchröder:-iis only available on mac/bsd flavours. on ubuntu you can usepgrep -af ssd. See serverfault.com/a/883270/116777 for details
– ccpizza
Mar 14 at 10:48
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
3
3
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
Thank you; this answer is much better than the top answer, which only lists users who are logged into a shell. This solution also finds SFTP users.
– Hayden Schiff
May 1 '17 at 18:51
1
1
on most boxes nowadays you can use
pgrep -ai sshd– ccpizza
Oct 26 '17 at 21:03
on most boxes nowadays you can use
pgrep -ai sshd– ccpizza
Oct 26 '17 at 21:03
@ccpizza:
pgrep: invalid option -- 'i' on Ubuntu 14.04.– Martin Schröder
Mar 14 at 9:03
@ccpizza:
pgrep: invalid option -- 'i' on Ubuntu 14.04.– Martin Schröder
Mar 14 at 9:03
2
2
@MartinSchröder:
-i is only available on mac/bsd flavours. on ubuntu you can use pgrep -af ssd. See serverfault.com/a/883270/116777 for details– ccpizza
Mar 14 at 10:48
@MartinSchröder:
-i is only available on mac/bsd flavours. on ubuntu you can use pgrep -af ssd. See serverfault.com/a/883270/116777 for details– ccpizza
Mar 14 at 10:48
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
Similar to @HaydenSchiff I had to also find users that only have an SSH Tunnel open for port-forwarding, without a shell. This helped!
– Tobias K.
Sep 17 at 11:15
add a comment |
You can also use
ps ax | grep sshd
answered May 10 '16 at 13:33
Joel Inglao
11112
add a comment |
You can also use
ps ax | grep sshd
answered May 10 '16 at 13:33
Joel Inglao
11112
add a comment |
You can also use
ps ax | grep sshd
answered May 10 '16 at 13:33
Joel Inglao
11112
You can also use
ps ax | grep sshd
answered May 10 '16 at 13:33
Joel Inglao
11112
answered May 10 '16 at 13:33
Joel Inglao
11112
answered May 10 '16 at 13:33
Joel Inglao
11112
answered May 10 '16 at 13:33
Joel Inglao
11112
11112
add a comment |
add a comment |
Expanding on @sebelk's answer:
The solution using netstat is a good one but requires root privileges. In addition, the net-tools package (which provides netstat) was deprecated in some newer Linux distro's (https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/).
An alternative solution is then to use the replacement for netstat, ss. For example (note you no longer need root):
user@router:~# ss | grep ssh
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37620
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37628
answered May 4 at 9:22
A.Meijer
412
add a comment |
Expanding on @sebelk's answer:
The solution using netstat is a good one but requires root privileges. In addition, the net-tools package (which provides netstat) was deprecated in some newer Linux distro's (https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/).
An alternative solution is then to use the replacement for netstat, ss. For example (note you no longer need root):
user@router:~# ss | grep ssh
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37620
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37628
answered May 4 at 9:22
A.Meijer
412
add a comment |
Expanding on @sebelk's answer:
The solution using netstat is a good one but requires root privileges. In addition, the net-tools package (which provides netstat) was deprecated in some newer Linux distro's (https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/).
An alternative solution is then to use the replacement for netstat, ss. For example (note you no longer need root):
user@router:~# ss | grep ssh
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37620
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37628
answered May 4 at 9:22
A.Meijer
412
Expanding on @sebelk's answer:
The solution using netstat is a good one but requires root privileges. In addition, the net-tools package (which provides netstat) was deprecated in some newer Linux distro's (https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/).
An alternative solution is then to use the replacement for netstat, ss. For example (note you no longer need root):
user@router:~# ss | grep ssh
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37620
tcp ESTAB 0 0 192.168.1.136:ssh 192.168.1.147:37628
answered May 4 at 9:22
A.Meijer
412
answered May 4 at 9:22
A.Meijer
412
answered May 4 at 9:22
A.Meijer
412
answered May 4 at 9:22
A.Meijer
412
412
add a comment |
add a comment |
Added for simple reference.
If you are in a pseudo shell
(example: /dev/pts/0 ) one of the simplest ways would be:
[user1@host ~]$ echo $SSH_CONNECTION
It should return: your ip and port and the ip your connected to and port
192.168.0.13 50473 192.168.0.22 22
You can also get some info from using tty or who (w): (edit: I see it's now list above in another post)
[user1@host ~]$ who
user1 tty1 2018-01-03 18:43
user2 pts/0 2018-01-03 18:44 (192.168.0.13)
To expand on the previous answers dealing with Bash globals. Might I suggest referencing theSECONDSglobal. You can use this viaecho $SECONDS, which it then displays the amount of time, since the perceived connection
– NerdOfCode
Sep 4 at 15:19
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
add a comment |
Added for simple reference.
If you are in a pseudo shell
(example: /dev/pts/0 ) one of the simplest ways would be:
[user1@host ~]$ echo $SSH_CONNECTION
It should return: your ip and port and the ip your connected to and port
192.168.0.13 50473 192.168.0.22 22
You can also get some info from using tty or who (w): (edit: I see it's now list above in another post)
[user1@host ~]$ who
user1 tty1 2018-01-03 18:43
user2 pts/0 2018-01-03 18:44 (192.168.0.13)
To expand on the previous answers dealing with Bash globals. Might I suggest referencing theSECONDSglobal. You can use this viaecho $SECONDS, which it then displays the amount of time, since the perceived connection
– NerdOfCode
Sep 4 at 15:19
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
add a comment |
Added for simple reference.
If you are in a pseudo shell
(example: /dev/pts/0 ) one of the simplest ways would be:
[user1@host ~]$ echo $SSH_CONNECTION
It should return: your ip and port and the ip your connected to and port
192.168.0.13 50473 192.168.0.22 22
You can also get some info from using tty or who (w): (edit: I see it's now list above in another post)
[user1@host ~]$ who
user1 tty1 2018-01-03 18:43
user2 pts/0 2018-01-03 18:44 (192.168.0.13)
Added for simple reference.
If you are in a pseudo shell
(example: /dev/pts/0 ) one of the simplest ways would be:
[user1@host ~]$ echo $SSH_CONNECTION
It should return: your ip and port and the ip your connected to and port
192.168.0.13 50473 192.168.0.22 22
You can also get some info from using tty or who (w): (edit: I see it's now list above in another post)
[user1@host ~]$ who
user1 tty1 2018-01-03 18:43
user2 pts/0 2018-01-03 18:44 (192.168.0.13)
edited Jan 4 at 23:32
answered Jan 4 at 0:48
user267194
To expand on the previous answers dealing with Bash globals. Might I suggest referencing theSECONDSglobal. You can use this viaecho $SECONDS, which it then displays the amount of time, since the perceived connection
– NerdOfCode
Sep 4 at 15:19
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
add a comment |
To expand on the previous answers dealing with Bash globals. Might I suggest referencing theSECONDSglobal. You can use this viaecho $SECONDS, which it then displays the amount of time, since the perceived connection
– NerdOfCode
Sep 4 at 15:19
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
To expand on the previous answers dealing with Bash globals. Might I suggest referencing the
SECONDS global. You can use this via echo $SECONDS, which it then displays the amount of time, since the perceived connection– NerdOfCode
Sep 4 at 15:19
To expand on the previous answers dealing with Bash globals. Might I suggest referencing the
SECONDS global. You can use this via echo $SECONDS, which it then displays the amount of time, since the perceived connection– NerdOfCode
Sep 4 at 15:19
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
This will display information for the currently active session — the one you're typing into. But the question asks how to list all the currently connected sessions.
– G-Man
yesterday
add a comment |
You can use
last | head
I used this in my .login script for years to see who had recently logged into the system. It was a poor-man-security device to see if someone was on the system using your login.
answered yesterday
J.O. Williams
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ranlastin may not be listed.
– muru
yesterday
add a comment |
You can use
last | head
I used this in my .login script for years to see who had recently logged into the system. It was a poor-man-security device to see if someone was on the system using your login.
answered yesterday
J.O. Williams
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ranlastin may not be listed.
– muru
yesterday
add a comment |
You can use
last | head
I used this in my .login script for years to see who had recently logged into the system. It was a poor-man-security device to see if someone was on the system using your login.
answered yesterday
J.O. Williams
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
You can use
last | head
I used this in my .login script for years to see who had recently logged into the system. It was a poor-man-security device to see if someone was on the system using your login.
answered yesterday
J.O. Williams
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered yesterday
J.O. Williams
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered yesterday
J.O. Williams
9
answered yesterday
J.O. Williams
9
9
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
J.O. Williams is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ranlastin may not be listed.
– muru
yesterday
add a comment |
1
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ranlastin may not be listed.
– muru
yesterday
1
1
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ran
last in may not be listed.– muru
yesterday
... but it won't necessarily be a list of active sessions (what this question is about). Depending on the login activity, even the session you ran
last in may not be listed.– muru
yesterday
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f92560%2flist-all-connected-ssh-sessions%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
