Linux

How to Find Active SSH Connections on Linux

How to Find Active SSH Connections on Linux

If you are a Linux system administrator and responsible for managing servers, then you might need to know how many SSH connections are active on your server and where those connections are coming from. There are several commands and tools available on Linux to find an active SSH connection on your server.

In this tutorial, we will show you how to find active SSH connections with various methods on Linux.

Precondition

  • Server running the Linux operating system.
  • You have root access on that server.

Find Active SSH Connections with whose commands

who’s the Linux command line utility used to display a list of users who are currently logged into the server.

Open your terminal and run the command who can find an active connection on your server:

who

You should get the following output:

root     pts/0        2020-05-01 02:37 (27.61.161.61)
root     pts/1        2020-05-01 02:39 (45.58.38.21)

As you can see there are two active SSH connections from IP 27.61.161.61 and 45.58.38.21.

Find the Active SSH Connection with the command w

w is another command line utility that displays information about the user that is currently logged on your server. This command provides more information than who ordered such an active session and runs the process in that session.

You can run the command as shown below:

w

You should get the following output:

 02:40:07 up 1 day, 18:35,  2 users,  load average: 0.02, 0.02, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    27.61.161.61     02:37    1.00s  0.04s  0.01s ssh root@45.58.38.21
root     pts/1    45.58.38.21      02:39    1.00s  0.02s  0.00s w

As you can see, this command also displays details of idle time, IP source, entry time, average load and process.

Find the Active SSH Connection with the ps command

The ps command also gives you information about active SSH sessions on your server. This gives you some additional information such as the PID of the active SSH connection.

You can run the ps command as shown below

ps auxwww | grep sshd: | grep -v grep

You will see the following output:

root         609  0.0  0.1  12160  7268 ?        Ss   Apr29   0:01 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
root       35532  0.0  0.2  13864  8796 ?        Ss   02:37   0:00 sshd: root@pts/0
root       35669  0.0  0.2  13860  8916 ?        Ss   02:38   0:00 sshd: root@pts/1

Find the Active SSH Connection with the netstat command

Netstat is a command line tool that can be used to display an active SSH connection or that has been created from a remote host to your server.

You can run the netstat command as shown below:

netstat -tnpa | grep 'ESTABLISHED.*sshd'

You will see the following output:

tcp        0     88 45.58.38.21:22          27.61.161.61:8363       ESTABLISHED 35532/sshd: root@pt 
tcp        0      0 45.58.38.21:22          45.58.38.21:51166       ESTABLISHED 35669/sshd: root@pt

Find the Active SSH Connection with the last command

The last command is used to display a list of all incoming and outgoing users since the / var / log / wtmp file was created. With the last command you can also find active SSH connection information between the client and server.

Run the following command to find an active SSH connection on your server.

last -a | grep -i still

You will see the following output:

root     pts/1        Fri May  1 02:39   still logged in    45.58.38.21
root     pts/0        Fri May  1 02:37   still logged in    27.61.161.61
reboot   system boot  Wed Apr 29 08:04   still running      5.4.0-26-generic

Find the Active SSH Connection with the ss command

ss is very similar to netstat and is used to display more information than other tools. You can use the ssh command with grep to register an active SSH connection on your server.

Run the ss command with grep as shown below:

ss | grep -i ssh

You will see the following output:

tcp   ESTAB  0      0                      45.58.38.21:51166        45.58.38.21:ssh                                                                             
tcp   ESTAB  0      56                     45.58.38.21:ssh         27.61.161.61:8363                                                                            
tcp   ESTAB  0      0                      45.58.38.21:ssh          45.58.38.21:51166

As you can see, there are two active connections from the client IP 45.58.38.21 and 27.61.161.61.

Conclusion

In the guide above, we learned how to find active SSH connections by various methods. You can now easily monitor who is logging in to your server.

Related posts

How to Destroy / Erase Data Safely on Hard Drive with Damaged on Linux

Linux

How to Use Sudo Commands on Linux

Linux

How to use the classic Unity Desktop on Ubuntu 20.04

Linux

Linux Pinky Command Tutorial for Beginners (8 Examples)

Linux

How to Install Yarn on Ubuntu 20.04

Linux

How to Install PyroCMS with Nginx and Let’s Encrypt SSL on CentOS 8

Linux

How to Install Xrdp Server (Remote Desktop) on Ubuntu 20.04

Linux

How to Install the NoSQL Apache CouchDB Database on CentOS 8

Linux

How to Install MariaDB on Ubuntu 20.04

Linux