SSH getting started

[neocytrix]

Ciao Tutti!

I am looking to learn more about SSH servers. Is there a site out there that can teach me how to manage one(for example, my friend can SSH into my computer, how would I kick them out, see what they were doing, etc) I can't really find much on the net. Does anyone know of a good place to start??

 

 

-Neocytrix

[jboy]

Here's some useful references:

 

ssh FAQ

 

openssh.com

 

linux.com article on ssh

Edited February 21, 2006 by jboy

[paul]

you can't see what they are doing .. .that's why its called ssh (Secure SHell )

[aioshin]

I think its possible to know what applications they're running on the ssh server by viewing the process by "ps auxf"

.

see:

the command who displays who's logggin in on the server.

marjielen :0 - log on locally

marjielen pts/1 - log on from remote

#who

marjielen :0 Feb 21 07:44

marjielen pts/1 Feb 21 11:32 (172.16.0.37)

now, by the command "ps auxf" it will display all the process that runs... below, marjielen pings the ip 20x...

now, if you want to kick marjielen .. you can just kill the pid 5832 (second row) as root

#kill 5832

.

.

.

root 5037 0.0 0.6 4108 1624 ? Ss 07:44 0:00 /usr/sbin/sshd

root 5827 0.0 0.7 6776 1976 ? Ss 11:32 0:00 \_ sshd: marjielen [priv]

500 5832 2.1 0.9 7092 2296 ? S 11:32 0:10 \_ sshd: marjielen@pts/1

500 5839 0.0 0.7 3224 1928 pts/1 Ss 11:32 0:00 \_ -bash

500 5975 0.0 0.2 1700 508 pts/1 S+ 11:39 0:00 \_ ping 20x.7x.1xx.x

below displays that marjielen has been using mozila-firefox

500 5832 2.1 0.9 7240 2308 ? S 11:32 0:10 \_ sshd: marjielen@pts/1

500 5839 0.0 0.7 3224 1928 pts/1 Ss 11:32 0:00 \_ -bash

500 5993 0.1 0.6 3052 1620 pts/1 S+ 11:40 0:00 \_ /bin/sh /usr/bin/mozilla-firefox

I think sessions thru ssh can't be seen if you sniff its packets from a network using something like ethereal, but if you are inside the ssh server, you can see what applications they are using from remote

[well, just correct me if I'd say something not correct..]

[tyme]

also, if you have root access, you could go into their home directory and look at their .bash_history file, unless of course the person is smart enough to clean this file up to keep what they do from you.

[paul]

also, if you have root access, you could go into their home directory and look at their .bash_history file, unless of course the person is smart enough to clean this file up to keep what they do from you.

 

 

bash_history isn't written until after you logout .. but yes useful

[tyme]

especially if you aren't on your pc at the same time as the person who's ssh'ing in :)

[Qchem]

Basically you can use any of the tools that you'd generally use to manage multiple users on a system. Try looking at w and last (try last -20 to see the last 20 logins). w will show you a little of what the user is doing at that time too.