List all sessions linux

6 commands to check and list active SSH connections in Linux

Table of Contents

How to check active SSH connections in Linux. Show SSH connection history. How to show active ssh sessions in Linux. List all the active SSH connections in Unix. Find out all the currently active ssh connections on any Linux node. Which all tools can be used to list all the active ssh connections in Linux. Show active SSH sessions. Check ssh connection history using log files in Linux.

Some more more articles you may be interested on similar topics:

Check active SSH connections

There are various commands and tools available in Linux which can be used to check active SSH connections or sessions on your Linux node. In this article I will share a list of tools which can be used to get the list of active SSH connections. If you are aware of any more commands to show active ssh sessions then please let me know via comment section.

1. Using ss command

ss is used to dump socket statistics. It allows showing information similar to netstat . It can display more TCP and state information than other tools. We will use grep function to only get the list of active SSH sessions on our local host

From the above example we know that there are three hosts which are currently connected to our node3. We have active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

2. Using last command

last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last will show only those entries matching the arguments.

Using this command you can also get the information about the user using which the SSH connection was created between server and client. So below we know the connection from 10.0.2.31 is done using ‘deepak‘ user, while for other two hosts, ‘root‘ user was used for connecting to node3.

Here I am grepping for a string «still» to get all the patterns with » still logged in «. So now we know we have three active SSH connections from 10.0.2.31, 10.0.2.30 and 10.0.2.2

3. Using who command

who is used to show who is logged on on your Linux host. This tool can also give this information

Using this command we also get similar information as from last command. Now you get the user details used for connecting to node3 from source host, also we have terminal information on which the session is still active.

4. Using w command

w displays information about the users currently on the machine, and their processes. This gives more information than who and last command and also serves our purpose to get the list of active SSH connections. Additionally it also gives us the information of the running process on those sessions.

Using w command you will also get the idle time details, i.e. for how long the session is idle. If the SSH session is idle for long period then it is a security breach and it is recommended that such idle SSH session must be killed, you can configure your Linux host to automatically kill such idle SSH session.

5. Using netstat command

Similar to ss we have netstat command to show active ssh sessions. Actually we can also say that ss is the new version of netstat. Here we can see all the ESTABLISHED SSH sessions from remote hosts to our localhost node3. it is also possible that one or some of these active ssh connections are in hung state so you can configure your host to automatically disconnect or kill these hung or unresponsive ssh sessions in Linux.

Источник

List all connected SSH sessions?

I just SSH’d into root, and then SSH’d again into root on the same machine. So I have two windows open both SSH’d into root on my remote machine.

From the shell, how can I see a list of these two sessions?

7 Answers 7

who or w ; who -a for additional information.

These commands just show all login sessions on a terminal device. An SSH session will be on a pseudo-terminal slave ( pts ) as shown in the TTY column, but not all pts connections are SSH sessions. For instance, programs that create a pseudo-terminal device such as xterm or screen will show as pts . See Difference between pts and tty for a better description of the different values found in the TTY column. Furthermore, this approach won’t show anybody who’s logged in to an SFTP session, since SFTP sessions aren’t shell login sessions.

I don’t know of any way to explicitly show all SSH sessions. You can infer this information by reading login information from utmp / wtmp via a tool like last , w , or who like I’ve just described, or by using networking tools like @sebelk described in their answer to find open tcp connections on port 22 (or wherever your SSH daemon(s) is/are listening).

A third approach you could take is to parse the log output from the SSH daemon. Depending on your OS distribution, SSH distribution, configuration, and so on, your log output may be in a number of different places. On an RHEL 6 box, I found the logs in /var/log/sshd.log . On an RHEL 7 box, and also on an Arch Linux box, I needed to use journalctl -u sshd to view the logs. Some systems might output SSH logs to syslog. Your logs may be in these places or elsewhere. Here’s a sample of what you might see:

The logs show when sessions open and close, who the session belongs to, where the user is connecting from, and more. However, you’re going to have to do a lot of parsing if you want to get this from a simple, human-readable log of events to a list of currently active sessions, and it still probably won’t be an accurate list when you’re done parsing, since the logs don’t actually contain enough information to determine which sessions are still active — you’re essentially just guessing. The only advantage you gain by using these logs is that the information comes directly from SSHD instead of via a secondhand source like the other methods.

I recommend just using w . Most of the time, this will get you the information you want.

Источник

Is there a command to list all open displays on a machine?

When SSH’d locally into my computer (don’t ask, it’s a workaround), I can’t start graphical applications without running:

If I run this first and then run a graphical application, things work out. If not, it doesn’t work, there’s no display to attach to.

Is there a command for listing all available displays (ie: all possible values) on a machine?

5 Answers 5

If you want the X connection forwarded over SSH, you need to enable it on both the server side and the client side. (Depending on the distribution, it may be enabled or disabled by default.) On the server side, make sure that you have X11Forwarding yes in /etc/sshd_config (or /etc/ssh/sshd_config or wherever the configuration file is). On the client side, pass the -X option to the ssh command, or put ForwardX11 in your

If you run ssh -X localhost , you should see that $DISPLAY is (probably) localhost:10.0 . Contrast with :0.0 , which is the value when you’re not connected over SSH. (The .0 part may be omitted; it’s a screen number, but multiple screens are rarely used.) There are two forms of X displays that you’re likely to ever encounter:

• Local displays, with nothing before the : .
• TCP displays, with a hostname before the : .

With ssh -X localhost , you can access the X server through both displays, but the applications will use a different method: :NUMBER accesses the server via local sockets and shared memory, whereas HOSTNAME:NUMBER accesses the server over TCP, which is slower and disables some extensions.

Note that you need a form of authorization to access an X server, called a cookie and normally stored behind the scenes in the file

/.Xauthority . If you’re using ssh to access a different user account, or if your distribution puts the cookies in a different file, you may find that DISPLAY=:0 doesn’t work within the SSH session (but ssh -X will, if it’s enabled in the server; you never need to mess with XAUTHORITY when doing ssh -X ). If that’s a problem, you need to set the XAUTHORITY environment variable or obtain the other user’s cookies.

To answer your actual question:

Local displays correspond to a socket in /tmp/.X11-unix .

Remote displays correspond to open TCP ports above 6000; accessing display number N on machine M is done by connecting to TCP port 6000+N on machine M. From machine M itself:

(The rest of this bullet point is of academic interest only.)

From another machine, you can use nmap -p 6000-6099 host_name to probe open TCP ports in the usual range. It’s rare nowadays to have X servers listening on a TCP socket, especially outside the loopback interface.

Strictly speaking, another application could be using a port in the range usually used by X servers. You can tell whether an X server is listening by checking which program has the port open.

If that shows something ambiguous like sshd , there’s no way to know for sure whether it’s an X server or a coincidence.

Источник

5 practical examples to list running processes in Linux

Table of Contents

How to list processes by user and name in Linux? How to check if process is running by pid ? How to check process status? which command is used to kill a process?

In this tutorial we will cover all these questions and explore different commands and tools to list and manage processes in Linux and Unix. ps command is the best tool to list down all the running processes across the server. There are a wide range of arguments which can be used with ps to list processes based in our requirement.

List all the running processes

Method-1: Using «px aux»

To list every process on the system using BSD syntax:

This will give you a long list of output with more details on individual process such as memory and cpu usage, status, user owner of the process and more. Following is a snippet from my terminal:

ps aux output

Method-2: Using «ps -ef»

The next method will list all the running process using standard syntax:

This gives lesser information compared to ps aux :

Method-3: Using «ps -ely»

We can use some more arguments with ps to list the running processes in Linux:

This command will give us additional detail compared to ps -ef such as priority and nice value of individual process.

ps -ely output

List processes by user

To list all the processes based on user owner we can use following syntax:

To list the process started by user root:

Sample output from my terminal:

list processes by user

To list the process started by normal user deepak :

List the process tree

Method-1: Using «ps axjf» or «ps -ef —forest»

We can also use ps command to list the running process in the tree format to understand the parent and child processes.

list process in tree structure

Method-2: Using pstree

Although you have a better alternative to above command if you wish to see the structure of all the running process using pstree which is part of psmisc rpm in RHEL/CentOS distribution. This command is used to display the parent-child relationship in hierarchical format.

pstree output

To list the process tree of process started by individual user, you can use

For example to show the process tree of user deepak :

You can check the man page of pstree for more list of supported options.

List thread count for individual process

We can use -L argument to list the number of threads along with individual process. It will add a new column in the output possibly with LWP and NLWP

Sample output from this command:

list process with thread count

List process with user defined format

By default ps will show a certain default list of columns. You can manipulate and print your own set of columns to get the required details of a process by using following syntax:

Here, you can replace the ARGUMENTS with supported list of values from man page of ps

Example-1: Show only PID and command

To show only the list of PID and their respective commands:

Example-2: Show memory and cpu details of each process

There are different arguments which you can use to print the memory and cpu related information of individual process, here I have consolidated a few:

Get process ID of a process

Now assuming you have a running process for which you want to get the PID so we can again use ps in this format:

Here we need to replace PROCESS with the name of the process or command for which we want to perform the lookup of PID. For example to get the PID of rsyslogd process:

Similarly to get the list of PID for sshd daemon

Get process name using the PID

Now if the situation is reversed, i.e. you have the PID and you wish to get the process or command of the mapping PID then you can use following format:

Here, replace PID with the pid value of the process for which you have to perform lookup. Following are some examples where we get the process name using the PID value.

List stopped processes

You can stop a running or hung process using ctrl+z short key. When you press this key combination, the ongoing process on the terminal will be forcefully stopped.

For example, here I had an SFTP session which was stuck so I pressed ctrl+z to stop the process forcefully which immediately stops the process and returns to console.

To list all the processes which are in stopped state use jobs command

So currently in my server, I have 3 stopped processes. To kill a stopped process we use

where JOB ID is the ID number you see with «Stopped» under square brackets.

So for example to kill the process with job ID 3 we will use:

Next if I check the current stopped processes then I see that the process with JOB ID 3 is marked as Exit which means it is in the verge of getting killed (almost dead)

We check the status again in few seconds and our process with JOB ID 3 is not there in the list any more and was killed successfully

Conclusion

In this tutorial we learned about listing and managing Linux processes using ps command. We also have other tools such as top , htop which can list the system processes but I find ps more suitable in most scenarios. If you requirement is to watch the runtime status of process i.e. to monitor a process and it’s status then top would be your best alternative as it continuously monitors the status of process and shows you latest stat for memory, cpu usage and other related values.

Related Posts

Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Источник