3

I checked this answer and this option - it is good, but it requires sudo rights. I need that this command may be performed by any user, for this reason I am using next command 

ps -ef | grep sshd: | grep -v grep

and getting following result:

[owner@localhost ~]$ ps -ef | grep sshd: | grep -v grep
root      3175  2217  0 15:09 ?        00:00:00 sshd: [accepted] //Here just oppened putyy from windows pc
sshd      3177  3175  0 15:09 ?        00:00:00 sshd: [net]      //same as above
root      8062  2217  0 12:34 ?        00:00:00 sshd: root@pts/8 
root     24241  2217  0 13:37 ?        00:00:00 sshd: root@pts/10
root     31515  2217  0 14:38 ?        00:00:00 sshd: owner [priv] //non-root user connected
503      31567 31515  0 14:38 ?        00:00:00 sshd: owner@pts/12 //the same as above line

How to filter out only real connections? What are the meaning of keywords "priv", "accepted", "net"?

P.S. I need to do it without sudo rights.

Community
  • 1
ALZ
  • 931
  • see also those commands: who, pinky, finger, netstat and their options. Also, check user:jherran answer for: w. Happy Mapped Show with Snow :p. – Vitalie Ghelbert Dec 04 '14 at 08:29

1 Answers1

5

Check command w:

w displays information about the users currently on the machine, and their processes. The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.

The following entries are displayed for each user: login name, the tty name, the remote host, login time, idle time, JCPU, PCPU, and the command line of their current process.

The JCPU time is the time used by all processes attached to the tty. It does not include past background jobs, but does include currently running background jobs.

The PCPU time is the time used by the current process, named in the "what" field.

Community
  • 1
jherran
  • 3,939
  • and how to filter only ssh connected users? – ALZ Dec 03 '14 at 17:58
  • You could do w | grep -v localhost. This command does not show localhost connections, so, all displayed are from outside. – jherran Dec 03 '14 at 19:11
  • and it's equivalent that all rest are ssh connections? – ALZ Dec 04 '14 at 07:25
  • 1
    Note that w only lists users that are logged in through a tty. It is still possible to have users connected, running scripts, skipping the tty. ps will then show something like : sshd: user@notty, and this will not show up in w. To make this sort of ssh connection, use something like # ssh -t '/bin/bash -c 'while true; do sleep 1; done' -t user@1.2.3.4. – Arnout Jan 12 '19 at 11:13