I want to leave another really useful tip. Thanks to accumulating I know it, and it is precisely what I say in the title: How to know which IPs have been connected by SSH to our computer.
Our Linux systems save data, information, logs of practically everything, and looking for how I could easily read the specific logs of something, I found a post de accumulating, the first of su Blog By the way, I want to congratulate you on such a good start 😉
Well, to the point 😀
The logs are saved in / var / log / and there, those of us who use Debian-type distros or derivatives, we have the file auth.log, which, as its name suggests, saves the authentication, making a simple cat (listing the content of it) and specifying that it only show us the accepted connections, we will get what we want.
The line would be:
cat /var/log/auth* | grep Accepted
In my case it shows the following:
There we can see the date of the connection, the user and the IP from where they connected, as well as some other details.
But, we can filter a little more ... I leave you the same command, with some parameters of awk :
sudo cat /var/log/auth* | grep Accepted | awk '{print $1 " " $2 "\t" $3 "\t" $11 "\t" $9 }'
It would look like this:
As you can see, everything is a little cleaner.
In other types of distos, if they do not find any file similar to auth.log, try with secure *
And this has been everything, thank once again accumulating by the original article.
Well, nothing more to add 😉
regards
Excellent gaara, thank you! This page has helped me, greetings from Venezuela.
Thank you
Greetings to you too friend.
This page is great and its content is so specific !!!
Thank you
Welcome to the site 😉
Very good
Even if they puteen me… isn't it 'dangerous' to log in as root? Not actually logging in but having a root account on your sshd server ...
I know that the old school are going to jump to the jugular with this comment, but the reality is that it is more 'tanquilo' if you log in as a user X and then raise your permissions since even if the server is a Unix- like and that you have it secured with a kernel pf or grsec, selinux, {put here preferred security paraphernalia}, etc., having a root account can make more than one kiddie script have fun pulling brute force attacks, etc. 😛
This screenshot is from my laptop hehe, and with the iptables configuration that I have implemented ... believe me, I sleep without problems HAHA
I don't think the old school will boo you for that ... I say, everyone knows what they are doing, particularly I also disable the root account for ssh login, what's more, I don't even do it through the traditional port 22.
last -i
It's very good. Step to save this link 🙂
It should be noted that in centos it is / var / log / secure *
Right, in RPM distros it's there 🙂
Good post!!!
Good post !!! and how is it done to throw a command and see which ip they connected in specific?
Excellent information a thousand thanks
Thank you very much for the information, of course simple and concise, great 🙂