Find the IP address of the client in an SSH session

Question

I have a script that is to be run by a person that logs in to the server with SSH   Is there a way to find out automatically what IP address the user is connecting from   Of course  I could ask the user  it is a tool for programmers  so no problem with that   but it would be cooler if I just found out

User · Answer

Usually there is a log entry in  var log messages  or similar  depending on your OS  which you could grep with the username

User · Answer

netstat will work  at the top something like this  tcp        0      0 10 x xx xx ssh          someipaddress or domainame 9379 ESTABLISHED

User · Answer

who am i   awk   print  5     sed  s       g    cut -f1 -d       sed  s -   g    export DISPLAY  who am i   awk   print  5     sed  s       g    cut -f1 -d       sed  s -   g   0 0   I use this to determine my DISPLAY variable for the session when logging in via ssh and need to display remote X

User · Answer

netstat -tapen   grep ssh   awk    print  10     Output   two   in my experiment  netstat -tapen   grep ssh   awk    print  4      gives the IP address   Output   127 0 0 1 22   in my experiment   But the results are mixed with other users and stuff  It needs more work

User · Answer

Improving on a prior answer  Gives ip address instead of hostname  --ips not available on OS X   who am i --ips awk   print  5    ubuntu 14   more universal  change  5 to  6 for OS X 10 11   WORKSTATION  who -m awk   print  5   sed  s       g   WORKSTATION IP  dig  short  WORKSTATION  if    -z   WORKSTATION IP      then WORKSTATION IP   WORKSTATION   fi echo  WORKSTATION IP

User · Answer

Simplest command to get the last 10 users logged in to the machine is last head  To get all the users  simply use last command

User · Answer

You can get it in a programmatic way via an SSH library  https   code google com p sshxcute   public static String getIpAddress   throws TaskExecFailException      ConnBean cb   new ConnBean host  username  password       SSHExec ssh   SSHExec getInstance cb       ssh connect        CustomTask sampleTask   new ExecCommand  echo     SSH CLIENT               String Result   ssh exec sampleTask  sysout      ssh disconnect           return Result

User · Answer

One thumb up for  Nikhil Katre s answer    Simplest command to get the last 10 users logged in to the machine is  last head  To get all the users simply use last command  The one using who or pinky did what is basically asked  But But But they don t give historical sessions info  Which might also be interesting if you want to know someone who has just logged in and logged out already when you start this checking  if it is a multiuser system  I recommand add the user account you are looking for  last   grep  USER   head  EDIT  In my case  both  SSH CLIENT and  SSH CONNECTION do not exist

User · Answer

netstat -tapen   grep ssh   awk    print  4

User · Answer

I m getting the following output from who -m --ips on Debian 10      root     pts 0        Dec  4 06 45 123 123 123 123   Looks like a new column was added  so  print  5  or  take 5th column  attempts don t work anymore   Try this   who -m --ips   egrep -o    0-9  1 3     3  0-9  1 3     Source     Yvan s comment on  AlexP s answer  Sankalp s answer

User · Answer

You could use the command   server    pinky   that will give to you somehting like this   Login      Name                 TTY    Idle   When                 Where   root       root                 pts 0         2009-06-15 13 41     192 168 1 133

User · Answer

Just type the following command on your Linux machine   who

User · Answer

who   cut -d    -f2  cut -d    -f1

User · Answer

Linux  who am i   awk   print  5     sed  s       g   AIX  who am i   awk   print  6     sed  s       g

User · Answer

Check if there is an environment variable called    SSH CLIENT    OR   SSH CONNECTION    or any other environment variables  which gets set when the user logs in  Then process it using the user login script   Extract the IP     echo  SSH CLIENT   awk    print  1   1 2 3 4   echo  SSH CONNECTION   awk   print  1   1 2 3 4

User · Answer

Assuming he opens an interactive session  that is  allocates a pseudo terminal  and you have access to stdin  you can call an ioctl on that device to get the device number   dev pts 4711  and try to find that one in  var run utmp  where there will also be the username and the IP address the connection originated from

User · Answer

an older thread with a lot of answers  but none are quite what i was looking for  so i m contributing mine   sshpid    sshloop 0 while     sshloop     0     do         if      strings  proc   sshpid  environ   grep  SSH CLIENT      then                 read sshClientIP sshClientSport sshClientDport  lt  lt  lt    strings  proc   sshpid  environ   grep  SSH CLIENT   cut -d  -f2                  sshloop 1         else                 sshpid   cat  proc   sshpid  status   grep PPid   awk   print  2                        sshpid     0     amp  amp  sshClientIP  localhost   amp  amp  sshloop 1         fi done   this method is compatible with direct ssh  sudoed users  and screen sessions  it will trail up through the process tree until it finds a pid with the SSH CLIENT variable  then record its IP as  sshClientIP  if it gets too far up the tree  it will record the IP as  localhost  and leave the loop

User · Answer

Try the following to get just the IP address   who am i awk    print  5

User · Answer

Search for SSH connections for  myusername  account   Take first result string   Take 5th column   Split by     and return 1st part  port number don t needed  we want just IP    netstat -tapen   grep  sshd  myusername    head -n1   awk   split  5  a        print a 1       Another way   who am i   awk   l   length  5  - 2  print substr  5  2  l

[linux] Find the IP address of the client in an SSH session

Examples related to linux

Examples related to networking

Examples related to ssh

Examples related to ip-address