neocytrix Posted February 21, 2006 Report Share Posted February 21, 2006 Ciao Tutti! I am looking to learn more about SSH servers. Is there a site out there that can teach me how to manage one(for example, my friend can SSH into my computer, how would I kick them out, see what they were doing, etc) I can't really find much on the net. Does anyone know of a good place to start?? -Neocytrix Quote Link to comment Share on other sites More sharing options...
jboy Posted February 21, 2006 Report Share Posted February 21, 2006 (edited) Here's some useful references: ssh FAQ openssh.com linux.com article on ssh Edited February 21, 2006 by jboy Quote Link to comment Share on other sites More sharing options...
paul Posted February 21, 2006 Report Share Posted February 21, 2006 you can't see what they are doing .. .that's why its called ssh (Secure SHell ) Quote Link to comment Share on other sites More sharing options...
aioshin Posted February 21, 2006 Report Share Posted February 21, 2006 I think its possible to know what applications they're running on the ssh server by viewing the process by "ps auxf" . see: the command who displays who's logggin in on the server. marjielen :0 - log on locally marjielen pts/1 - log on from remote #whomarjielen :0 Feb 21 07:44 marjielen pts/1 Feb 21 11:32 (172.16.0.37) now, by the command "ps auxf" it will display all the process that runs... below, marjielen pings the ip 20x... now, if you want to kick marjielen .. you can just kill the pid 5832 (second row) as root #kill 5832 .. . root 5037 0.0 0.6 4108 1624 ? Ss 07:44 0:00 /usr/sbin/sshd root 5827 0.0 0.7 6776 1976 ? Ss 11:32 0:00 \_ sshd: marjielen [priv] 500 5832 2.1 0.9 7092 2296 ? S 11:32 0:10 \_ sshd: marjielen@pts/1 500 5839 0.0 0.7 3224 1928 pts/1 Ss 11:32 0:00 \_ -bash 500 5975 0.0 0.2 1700 508 pts/1 S+ 11:39 0:00 \_ ping 20x.7x.1xx.x below displays that marjielen has been using mozila-firefox 500 5832 2.1 0.9 7240 2308 ? S 11:32 0:10 \_ sshd: marjielen@pts/1500 5839 0.0 0.7 3224 1928 pts/1 Ss 11:32 0:00 \_ -bash 500 5993 0.1 0.6 3052 1620 pts/1 S+ 11:40 0:00 \_ /bin/sh /usr/bin/mozilla-firefox I think sessions thru ssh can't be seen if you sniff its packets from a network using something like ethereal, but if you are inside the ssh server, you can see what applications they are using from remote [well, just correct me if I'd say something not correct..] Quote Link to comment Share on other sites More sharing options...
tyme Posted February 21, 2006 Report Share Posted February 21, 2006 also, if you have root access, you could go into their home directory and look at their .bash_history file, unless of course the person is smart enough to clean this file up to keep what they do from you. Quote Link to comment Share on other sites More sharing options...
paul Posted February 21, 2006 Report Share Posted February 21, 2006 also, if you have root access, you could go into their home directory and look at their .bash_history file, unless of course the person is smart enough to clean this file up to keep what they do from you. bash_history isn't written until after you logout .. but yes useful Quote Link to comment Share on other sites More sharing options...
tyme Posted February 21, 2006 Report Share Posted February 21, 2006 especially if you aren't on your pc at the same time as the person who's ssh'ing in :) Quote Link to comment Share on other sites More sharing options...
Qchem Posted February 21, 2006 Report Share Posted February 21, 2006 Basically you can use any of the tools that you'd generally use to manage multiple users on a system. Try looking at w and last (try last -20 to see the last 20 logins). w will show you a little of what the user is doing at that time too. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.