allow ssh then kill the programme

master · 02-05-2005, 04:29 PM

Hello i was wandering if i allow some one to use ssh on my computer is it possible to watch what they are doing and then if i decided i did not want them on any more how would i kill the programme, im running suse9.1 .
thanks nige

MikeOliveri · 02-05-2005, 07:04 PM

The "w" command will tell you who's logged in, where from, and what they're currently doing:

19:01:45 up 22:43, 1 user, load average: 0.27, 0.29, 0.21
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
mike tty1 - Fri20 22:38m 0.29s 0.04s /bin/sh /usr/X

You can also run "ps waux | grep username" to see what they're doing, which will also find their SSH session. From there you can use kill (or kill -9) to stop whatever they're doing. You'll need to take steps to keep them from logging back in, though, such as changing their login shell to an invalid one, shutting down SSH, or blocking them at the firewall or with /etc/hosts.allow or /etc/hosts.deny.

Take care,
Mike

master · 02-05-2005, 07:50 PM

Thanks very much for your answer is it possible you could show me an example of the w command please thanks nige

MikeOliveri · 02-05-2005, 08:04 PM

You're actually looking at it up in my reply. Just type w and click enter at the command line and you'll see what I typed. It'll be a little more readable on the command line than what you see above. For someone logged in remotely, you'll see an IP address or domain name rather than tty1, which is someone logged in locally.

Take care,
Mike

master · 02-06-2005, 02:17 AM

Thats great cheers very much