The "w" command will tell you who's logged in, where from, and what they're currently doing:
19:01:45 up 22:43, 1 user, load average: 0.27, 0.29, 0.21
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
mike tty1 - Fri20 22:38m 0.29s 0.04s /bin/sh /usr/X
You can also run "ps waux | grep username" to see what they're doing, which will also find their SSH session. From there you can use kill (or kill -9) to stop whatever they're doing. You'll need to take steps to keep them from logging back in, though, such as changing their login shell to an invalid one, shutting down SSH, or blocking them at the firewall or with /etc/hosts.allow or /etc/hosts.deny.