How to find the machine from which a user logged into current machine using ssh?
Solution 1
If you are an ordinary user on host2
, you can see who is currently logged in from where with the who
command, and who logged in from where in the past with the last
command. Both show the remote host name or IP address for ssh logins; this is usually host1
, but can be a gateway that relayed the ssh connection.
It is in principle impossible to know who user1
is. After all, host1
might not even be running a multiuser system, or might be an anonymous relay. This doesn't mean user2
has absolute privacy amongst the known users of host1
; for example, if you're the administrator on host2
, and the user uses public key authentication, and you've configured the ssh server to dump information about the public key used, then you can find out the user's public key, and perhaps correlate it from information obtained elsewhere.
Some past questions on Super User may interest you:
- https://superuser.com/questions/202123/if-someone-is-signed-into-ssh-on-my-computer-can-i-access-their-computer
- https://superuser.com/questions/174494/get-ssh-session-information
Solution 2
The who
and last
commands might be useful for displaying the host from which users are connected.
Comments
-
Srikanth almost 2 years
In a multi server architecture, is it possible to find out from which machine a user logged into current machine using
ssh
?For example,
user1
logged intohost1
. From there, the user logged intohost2
assruser
usingssh
.In above example, would it be possible to trace the
sruser
session ofhost2
back touser1
session inhost1
?Would it be possible to get the hostname or terminal of
user1
session?