How can I track who SSH'es into my linux machine?

ssh security logs
60,224

Solution 1

The information of who logged in when is available in /var/log/auth.log (or other log files on other distributions). There are multiple log monitoring programs that can extract the information you configure as relevant. On any sane system, every user authentication is logged.

To log every command invocation (but not their arguments), use process accounting, provided by the acct package Install acct on Ubuntu. If the accounting subsystem is up and running, then lastcomm shows information about finished processes.

Solution 2

You can also use who or w to see who is currently logged in to the system, including SSH users.

Solution 3

You can also try entering the command last into the console, which displays all recent log-ins, including the user name they logged in under (but does not record if they changed their user name after logging in), IP, date, and duration of time logged in.

This command was mentioned by @jasonwryan in a comment here.

Share:
60,224

Related videos on Youtube

cwd
Author by

cwd

Updated on September 18, 2022

Comments

  • cwd
    cwd almost 2 years

    I'm running Ubuntu 10.04. Is there a way I can get a daily report of who has logged onto the box, what time, and even - this may be asking too much - a report of the commands they used? This is a low-usage box and so I think this would be a nice way to see what activity is happening on it.

    Along these same lines, I heard it was not possible to track when things are done on the box via non-interactive shells, such as rsync or just remotely executing single commands via ssh. Is that true, or is there a way to log and track this as well?

  • Adrian Cornish
    Adrian Cornish over 12 years
    /var/log/secure.log is another common logfile
  • jasonwryan
    jasonwryan over 12 years
    last might be a better option for what the OP was looking for...
  • Sirex
    Sirex over 12 years
    indeed. "last" is the command you want.
  • PaulBGD
    PaulBGD about 10 years
    This is a MUCH better answer then the selected one.
  • mcdoomington
    mcdoomington almost 8 years
    Fine. I will update it.
  • Merlin
    Merlin over 4 years
    I could not find the appropriate log file, last was exactly what I needed.
  • Dizzie KX
    Dizzie KX about 3 years
    cat: /var/log/messages: No such file or directory

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Linux - Log What Username and Password Was Tried
What audit log files are created in linux to track a users activities?
Monitor all login attempts
Help! My server has been hacked - .IptabLes and .IptabLex in /boot
Ubuntu - saying your security settings have blocked an application from running with an out-of-date version of java
Does reinstalling openssh-server change the host key?
Disable interactive SSH at user-level
Disable all Logging in Ubuntu Server
ssh-copy-id without authentication
strange folder in /tmp with name ssh-*