How to know which IPs have been connected by SSH

I want to leave another really useful tip. Thanks to acurumo I know it, and it is precisely what I say in the title: How to know which IPs have been connected by SSH to our computer.

Our Linux systems save data, information, logs of practically everything, and looking for how I could easily read the specific logs of something, I found a post de acurumo, the first of su Blog By the way, I want to congratulate you on such a good start 😉

Well, to the point 😀

The logs are saved in / var / log / and there, those of us who use Debian-type distros or derivatives, we have the file auth.log, which, as its name suggests, saves the authentication, making a simple cat (listing the content of it) and specifying that it only show us the accepted connections, we will get what we want.

The line would be:

cat /var/log/auth* | grep Accepted

In my case it shows the following:

There we can see the date of the connection, the user and the IP from where they connected, as well as some other details.

But, we can filter a little more ... I leave you the same command, with some parameters of awk :

sudo cat /var/log/auth* | grep Accepted | awk '{print $1 " " $2 "\t" $3 "\t" $11 "\t" $9 }'

It would look like this:

As you can see, everything is a little cleaner.

In other types of distos, if they do not find any file similar to auth.log, try with secure *

And this has been everything, thank once again acurumo by the original article.

Well, nothing more to add 😉


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

16 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   wow said

    Excellent gaara, thank you! This page has helped me, greetings from Venezuela.

    1.    KZKG ^ Gaara said

      Thank you
      Greetings to you too friend.

  2.   E-miner said

    This page is great and its content is so specific !!!

    1.    KZKG ^ Gaara said

      Thank you
      Welcome to the site 😉

  3.   hackloper775 said

    Very good

  4.   msx said

    Even if they puteen me… isn't it 'dangerous' to log in as root? Not actually logging in but having a root account on your sshd server ...
    I know that the old school are going to jump to the jugular with this comment, but the reality is that it is more 'tanquilo' if you log in as a user X and then raise your permissions since even if the server is a Unix- like and that you have it secured with a kernel pf or grsec, selinux, {put here preferred security paraphernalia}, etc., having a root account can make more than one kiddie script have fun pulling brute force attacks, etc. 😛

    1.    KZKG ^ Gaara said

      This screenshot is from my laptop hehe, and with the iptables configuration that I have implemented ... believe me, I sleep without problems HAHA

  5.   Mystog @ N said

    I don't think the old school will boo you for that ... I say, everyone knows what they are doing, particularly I also disable the root account for ssh login, what's more, I don't even do it through the traditional port 22.

  6.   Marcelo said

    last -i

  7.   Giskard said

    It's very good. Step to save this link 🙂

  8.   browsons said

    It should be noted that in centos it is / var / log / secure *

    1.    KZKG ^ Gaara said

      Right, in RPM distros it's there 🙂

  9.   faustod said

    Good post!!!

  10.   Danilo said

    Good post !!! and how is it done to throw a command and see which ip they connected in specific?

  11.   Jose tapia said

    Excellent information a thousand thanks

  12.   Jose tapia said

    Thank you very much for the information, of course simple and concise, great 🙂