In Linux systems, there are various commands and methods to view the status of remote login users. Here are some commonly used commands and techniques:
1. Using the who command
The who command is used to display information about users currently logged into the system, including usernames, login times, and login terminals. It can also show remote login users.
“`bash
who
“`
Example output:
“`
user1 pts/0 2024-03-29 10:00 (192.168.1.100)
user2 pts/1 2024-03-29 10:05 (192.168.1.101)
“`
• The first column is the username.
• The second column is the terminal device (e.g., pts/0 indicates login via SSH).
• The third column is the login time.
• The fourth column is the IP address of the login source.
2. Using the w command
The w command not only displays information about currently logged-in users but also shows the commands they are running and system load information.
“`bash
w
“`
Example output:
“`
10:15:00 up 2 days, 3:45, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
user1 pts/0 192.168.1.100 10:00 10:00 0.03s 0.03s -bash
user2 pts/1 192.168.1.101 10:05 5:00 0.01s 0.01s -bash
“`
3. Using the last command
The last command is used to display information about the most recent logins, including both remote and local users.
“`bash
last
“`
Example output:
“`
user1 pts/0 192.168.1.100 Fri Mar 29 10:00 still logged in
user2 pts/1 192.168.1.101 Fri Mar 29 10:05 still logged in
reboot system boot 5.4.0-42-generic Fri Mar 27 08:00
“`
4. Checking the /etc/ssh/sshd_config file
By checking the SSH service configuration file /etc/ssh/sshd_config, you can find out which users are allowed or denied SSH login.
• To check allowed users:
“`bash
grep AllowUsers /etc/ssh/sshd_config
“`
Example output:
“`
AllowUsers user1 [email protected] [email protected]/24
“`
• To check denied users:
“`bash
grep DenyUsers /etc/ssh/sshd_config
“`
Example output:
“`
DenyUsers user4 user5
“`
5. Using the lastlog command
The lastlog command is used to display the last login information for all users.
“`bash
lastlog
“`
Example output:
“`
root pts/0 192.168.1.100 Fri Mar 29 10:00
user1 pts/0 192.168.1.100 Fri Mar 29 10:00
user2 pts/1 192.168.1.101 Fri Mar 29 10:05
“`
6. Checking the /var/log/auth.log file
In Debian-based systems (like Ubuntu), the /var/log/auth.log file records all logs related to user authentication, including SSH login information.
“`bash
grep “sshd” /var/log/auth.log
“`
Example output:
“`
Mar 29 10:00:00 server sshd[1234]: Accepted password for user1 from 192.168.1.100 port 5678 ssh2
Mar 29 10:05:00 server sshd[1235]: Accepted password for user2 from 192.168.1.101 port 6789 ssh2
“`
7. Using the whoami command
The whoami command is used to display the currently logged-in username.
“`bash
whoami
“`
Example output:
“`
user1
“`
Summary
• who: Displays information about currently logged-in users.
• w: Displays information about currently logged-in users and the commands they are running.
• last: Displays information about the most recent logins.
• lastlog: Displays the last login information for all users.
• /etc/ssh/sshd_config: Check the configuration for allowed or denied login users.
• /var/log/auth.log: View logs related to SSH login information.
• whoami: Displays the currently logged-in username.
These commands and files can help you gain a comprehensive understanding of user information for remote logins to Linux systems.