I have a script that is to be run by a person that logs in to the server with SSH.
Is there a way to find out automatically what IP address the user is connecting from?
Of course, I could ask the user (it is a tool for programmers, so no problem with that), but it would be cooler if I just found out.
This question is related to
linux
networking
ssh
ip-address
I'm getting the following output from who -m --ips on Debian 10:
root pts/0 Dec 4 06:45 123.123.123.123
Looks like a new column was added, so {print $5} or "take 5th column" attempts don't work anymore.
Try this:
who -m --ips | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}'
Source:
netstat -tapen | grep ssh | awk '{ print $10}'
Output:
two # in my experiment
netstat -tapen | grep ssh | awk '{ print $4}'
gives the IP address.
Output:
127.0.0.1:22 # in my experiment
But the results are mixed with other users and stuff. It needs more work.
Just type the following command on your Linux machine:
who
who | cut -d"(" -f2 |cut -d")" -f1
You could use the command:
server:~# pinky
that will give to you somehting like this:
Login Name TTY Idle When Where
root root pts/0 2009-06-15 13:41 192.168.1.133
Assuming he opens an interactive session (that is, allocates a pseudo terminal) and you have access to stdin, you can call an ioctl on that device to get the device number (/dev/pts/4711) and try to find that one in /var/run/utmp (where there will also be the username and the IP address the connection originated from).
You can get it in a programmatic way via an SSH library (https://code.google.com/p/sshxcute)
public static String getIpAddress() throws TaskExecFailException{
ConnBean cb = new ConnBean(host, username, password);
SSHExec ssh = SSHExec.getInstance(cb);
ssh.connect();
CustomTask sampleTask = new ExecCommand("echo \"${SSH_CLIENT%% *}\"");
String Result = ssh.exec(sampleTask).sysout;
ssh.disconnect();
return Result;
}
netstat -tapen | grep ssh | awk '{ print $4}'
Improving on a prior answer. Gives ip address instead of hostname. --ips not available on OS X.
who am i --ips|awk '{print $5}' #ubuntu 14
more universal, change $5 to $6 for OS X 10.11:
WORKSTATION=`who -m|awk '{print $5}'|sed 's/[()]//g'`
WORKSTATION_IP=`dig +short $WORKSTATION`
if [[ -z "$WORKSTATION_IP" ]]; then WORKSTATION_IP="$WORKSTATION"; fi
echo $WORKSTATION_IP
who am i | awk '{print $5}' | sed 's/[()]//g' | cut -f1 -d "." | sed 's/-/./g'
export DISPLAY=`who am i | awk '{print $5}' | sed 's/[()]//g' | cut -f1 -d "." | sed 's/-/./g'`:0.0
I use this to determine my DISPLAY variable for the session when logging in via ssh and need to display remote X.
Linux: who am i | awk '{print $5}' | sed 's/[()]//g'
AIX: who am i | awk '{print $6}' | sed 's/[()]//g'
One thumb up for @Nikhil Katre's answer :
Simplest command to get the last 10 users logged in to the machine is
last|head.To get all the users simply use
lastcommand
The one using who or pinky did what is basically asked. But But But they don't give historical sessions info.
Which might also be interesting if you want to know someone who has just logged in and logged out already when you start this checking.
if it is a multiuser system. I recommand add the user account you are looking for:
last | grep $USER | head
EDIT:
In my case, both $SSH_CLIENT and $SSH_CONNECTION do not exist.
Search for SSH connections for "myusername" account;
Take first result string;
Take 5th column;
Split by ":" and return 1st part (port number don't needed, we want just IP):
netstat -tapen | grep "sshd: myusername" | head -n1 | awk '{split($5, a, ":"); print a[1]}'
Another way:
who am i | awk '{l = length($5) - 2; print substr($5, 2, l)}'
Simplest command to get the last 10 users logged in to the machine is last|head. To get all the users, simply use last command
Try the following to get just the IP address:
who am i|awk '{ print $5}'
Usually there is a log entry in /var/log/messages (or similar, depending on your OS) which you could grep with the username.
netstat will work (at the top something like this) tcp 0 0 10.x.xx.xx:ssh someipaddress.or.domainame:9379 ESTABLISHED
an older thread with a lot of answers, but none are quite what i was looking for, so i'm contributing mine:
sshpid=$$
sshloop=0
while [ "$sshloop" = "0" ]; do
if [ "$(strings /proc/${sshpid}/environ | grep ^SSH_CLIENT)" ];
then
read sshClientIP sshClientSport sshClientDport <<< $(strings /proc/${sshpid}/environ | grep ^SSH_CLIENT | cut -d= -f2)
sshloop=1
else
sshpid=$(cat /proc/${sshpid}/status | grep PPid | awk '{print $2}')
[ "$sshpid" = "0" ] && sshClientIP="localhost" && sshloop=1
fi
done
this method is compatible with direct ssh, sudoed users, and screen sessions. it will trail up through the process tree until it finds a pid with the SSH_CLIENT variable, then record its IP as $sshClientIP. if it gets too far up the tree, it will record the IP as 'localhost' and leave the loop.
Source: Stackoverflow.com