How to find the machine from which a user logged into current machine using ssh?
Solution 1
If you are an ordinary user on host2, you can see who is currently logged in from where with the who command, and who logged in from where in the past with the last command. Both show the remote host name or IP address for ssh logins; this is usually host1, but can be a gateway that relayed the ssh connection.
It is in principle impossible to know who user1 is. After all, host1 might not even be running a multiuser system, or might be an anonymous relay. This doesn't mean user2 has absolute privacy amongst the known users of host1; for example, if you're the administrator on host2, and the user uses public key authentication, and you've configured the ssh server to dump information about the public key used, then you can find out the user's public key, and perhaps correlate it from information obtained elsewhere.
Some past questions on Super User may interest you:
- https://superuser.com/questions/202123/if-someone-is-signed-into-ssh-on-my-computer-can-i-access-their-computer
- https://superuser.com/questions/174494/get-ssh-session-information
Solution 2
The who and last commands might be useful for displaying the host from which users are connected.
Comments
-
Srikanth almost 2 years
In a multi server architecture, is it possible to find out from which machine a user logged into current machine using
ssh?For example,
user1logged intohost1. From there, the user logged intohost2assruserusingssh.In above example, would it be possible to trace the
srusersession ofhost2back touser1session inhost1?Would it be possible to get the hostname or terminal of
user1session?