Sstrhsrtj

I just SSH'd into root, and then SSH'd again into root on the same machine. So I have two windows open both SSH'd into root on my remote machine.

From the shell, how can I see a list of these two sessions?

who or w; who -a for additional information.

These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave (pts) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts. See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won't show anybody who's logged in to an SFTP session, since SFTP sessions aren't shell login sessions.

I don't know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp/wtmp via a tool like last, w, or who like I've just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).

A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log. On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here's a sample of what you might see:

[myhost ~]% cat /var/log/sshd.log | grep hendrenj | grep session

May  1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)

May  1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj

May  5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)

May  5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj

The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you're going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won't be an accurate list when you're done parsing, since the logs don't actually contain enough information to determine which sessions are still active - you're essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.

I recommend just using w. Most of the time, this will get you the information you want.

You can see every session ssh with the following command:

[root@router ~]# netstat -tnpa | grep 'ESTABLISHED.*sshd'

tcp        0      0 192.168.1.136:22            192.168.1.147:45852         ESTABLISHED 1341/sshd           

tcp        0      0 192.168.1.136:22            192.168.1.147:45858         ESTABLISHED 1360/sshd

O perhaps this may be useful:

[root@router ~]# ps auxwww | grep sshd:

root      1341  0.0  0.4  97940  3952 ?        Ss   20:31   0:00 sshd: root@pts/0 

root      1360  0.0  0.5  97940  4056 ?        Ss   20:32   0:00 sshd: root@pts/1 

root      1397  0.0  0.1 105300   888 pts/0    S+   20:37   0:00 grep sshd:

You can also use

ps ax | grep sshd

Expanding on @sebelk's answer:

The solution using netstat is a good one but requires root privileges. In addition, the net-tools package (which provides netstat) was deprecated in some newer Linux distro's (https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/).

An alternative solution is then to use the replacement for netstat, ss. For example (note you no longer need root):

user@router:~# ss | grep ssh

tcp    ESTAB      0      0      192.168.1.136:ssh                  192.168.1.147:37620                

tcp    ESTAB      0      0      192.168.1.136:ssh                  192.168.1.147:37628

Added for simple reference.

If you are in a pseudo shell
(example: /dev/pts/0 ) one of the simplest ways would be:

[user1@host ~]$ echo $SSH_CONNECTION

It should return: your ip and port and the ip your connected to and port

192.168.0.13 50473 192.168.0.22 22

You can also get some info from using tty or who (w): (edit: I see it's now list above in another post)

[user1@host ~]$ who

user1 tty1          2018-01-03 18:43

user2 pts/0        2018-01-03 18:44 (192.168.0.13)

You can use

last | head

I used this in my .login script for years to see who had recently logged into the system. It was a poor-man-security device to see if someone was on the system using your login.