LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   allow ssh then kill the programme (http://www.linuxquestions.org/questions/linux-security-4/allow-ssh-then-kill-the-programme-286685/)

master 02-05-2005 04:29 PM

allow ssh then kill the programme
 
Hello i was wandering if i allow some one to use ssh on my computer is it possible to watch what they are doing and then if i decided i did not want them on any more how would i kill the programme, im running suse9.1 .
thanks nige

MikeOliveri 02-05-2005 07:04 PM

The "w" command will tell you who's logged in, where from, and what they're currently doing:

19:01:45 up 22:43, 1 user, load average: 0.27, 0.29, 0.21
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
mike tty1 - Fri20 22:38m 0.29s 0.04s /bin/sh /usr/X

You can also run "ps waux | grep username" to see what they're doing, which will also find their SSH session. From there you can use kill (or kill -9) to stop whatever they're doing. You'll need to take steps to keep them from logging back in, though, such as changing their login shell to an invalid one, shutting down SSH, or blocking them at the firewall or with /etc/hosts.allow or /etc/hosts.deny.

Take care,
Mike

master 02-05-2005 07:50 PM

Thanks very much for your answer is it possible you could show me an example of the w command please thanks nige

MikeOliveri 02-05-2005 08:04 PM

You're actually looking at it up in my reply. Just type w and click enter at the command line and you'll see what I typed. It'll be a little more readable on the command line than what you see above. For someone logged in remotely, you'll see an IP address or domain name rather than tty1, which is someone logged in locally.

Take care,
Mike

master 02-06-2005 02:17 AM

Thats great cheers very much


All times are GMT -5. The time now is 12:46 PM.