Sometimes you may just want to know how many ssh connections on one of your server, and where the client come from?

Here just some of my tips. To be exact, the ways described below not exactlly limited to 'ssh session', but also can be for other login session, for example rlogin, telnet etc.. But, for most of real cases, people should use ssh other than others for remote login.

Get ip from environment varialbes

There are two envronment variables you can get


$ echo $SSH_CLIENT 51839 22
$ echo $SSH_CONNECTION 51839 22

In the case above, $SSH_CLIENT shows client ip, client port and server port.

While, $SSH_CONNECTION shows client ip, client port and server ip and port

It's a quick way to get connection info in script, good for logging.


 $ pinky
Login    Name              TTY      Idle   When             Where
test                       pts/0    00:06  2015-01-23 11:07
john                       pts/1    00:12  2015-01-19 11:49
ddes                       pts/2    3d     2015-01-23 11:06

Different with $SSH_CLIENT, it tells you all connections on the host and where they came from


It's very much like pinky, tells you the list of login user name, tty, login time and remote machine

test              pts/0 2015-01-23 11:07
john              pts/1  2015-01-19 11:49
ddes              pts/2  2015-01-23 11:06


Like pinky and who, it list all login user info, but with more info:

$ w
 15:04:07 up 138 days,  3:35, 10 users,  load average: 0.04, 0.01, 0.00
USER     TTY      FROM               [email protected]   IDLE   JCPU   PCPU WHAT
tapeguy  pts/0  Fri11   31.00s  0.05s  0.05s -bash
tapeguy  pts/1 19Jan15 17:12   1.74s  0.16s -bash
tapeguy  pts/2  Fri11    3days  0.03s  0.03s -bash
tapeguy  pts/3 19Jan15 18:42   0.53s  0.52s mysql -u taper -p smallhsm_test


$ netstat | grep ssh
tcp        0      0      ESTABLISHED
tcp        0      0      ESTABLISHED
tcp        0      0      ESTABLISHED

[[email protected] var]$ netstat -tapen | grep ssh

tcp        0      0          ESTABLISHED 502        289566175  7027/ssh  
Note: (Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)


last searches  back  through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created, seems not same as other tools above shows live connections, however, there is a way to find live connections.q

$ last -i | grep ' still logged in'
root        pts/6     Mon Jan 26 14:44   still logged in   
tapeguy  pts/10   Fri Jan 23 12:32   still logged in   
tapeguy  pts/5    Fri Jan 23 11:15   still logged in   
tapeguy  pts/0    Fri Jan 23 11:07   still logged in   
tapeguy  pts/2    Fri Jan 23 11:06   still logged in   

ssh library

Yes, you can always call ssh library to get it, in the case below shows within ssh connection session, it got ip from environment variable $SSH_CLIENT:

public static String getIpAddress() throws TaskExecFailException{
    ConnBean cb = new ConnBean(host, username, password);
    SSHExec ssh = SSHExec.getInstance(cb);
    CustomTask sampleTask = new ExecCommand("echo \"${SSH_CLIENT%% *}\"");
    String Result = ssh.exec(sampleTask).sysout;
    return Result;

Of course, you need ssh library installed. libss2-devel


Comments powered by CComment