Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-14-2006, 07:36 AM
|
#1
|
Member
Registered: Oct 2004
Location: Singapore
Distribution: Slackware, FreeBsd
Posts: 43
Rep:
|
Monitoring ssh connections in slackware..
Im a windows convert , been on slackware for a month now and i never looked back ..Few days ago i managed to get my ssh running so i can connect to my pc remotely. Question is how do i monitor my ssh connections when im at home ? Is the program already included in slackware or is it a seperate download and if so what is it called ?
I did not post this in the newbie forum because i realised that diff distros have diff packages and programs to do certain things (/me remembers the 1 hour he spent following an rpm tutorial) .
Thanx for your time , any help would be greatly appreciated..
ps: win xp cd makes a great coaster..
|
|
|
05-14-2006, 11:33 AM
|
#2
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
The command
Code:
grep -e ' sshd\[\w*\]: ' /var/log/messages
will show you what connection attempts the ssh daemon accepted or denied.
A program like logwatch can distill this information from the messages log on a daily basis for you and send these results as an email.
Eric
|
|
|
05-14-2006, 01:08 PM
|
#3
|
Member
Registered: Oct 2004
Location: Singapore
Distribution: Slackware, FreeBsd
Posts: 43
Original Poster
Rep:
|
ahh it works, thanx bob really appreciate it.. is there anyway i can monitor it in real time ? Like a connection monitor running so i can see how many and who are the users that are connected at any given time? Once again thanx
|
|
|
05-14-2006, 01:36 PM
|
#4
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Well.... will show everyone who's currently logged in and will give you a list of the last 25 logins (that includes local terminal logins as well as remote ssh logins).
Eric
|
|
|
05-14-2006, 01:41 PM
|
#5
|
Member
Registered: Oct 2004
Location: Singapore
Distribution: Slackware, FreeBsd
Posts: 43
Original Poster
Rep:
|
Thanx again bob , yer a life saviour
|
|
|
05-15-2006, 03:34 AM
|
#6
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Provided the wiki doesn't explode (it's been feeling poorly of late) you might want to peruse a page I wrote about blocking ssh brute force attacks with iptables. Unless you intend to use tcp_wrappers to deny access to your sshd from all but a few, trusted locations (like you should) then you're going to see about 100-300 connections a day coming from sites all over the place doing lame dictionary attacks. The techniques outlined on that page will stop those attacks on the second connection.
Note that before you upgrade to iptables 1.3.5 you'll want to take a look at your kernel config (if you're not using the default Slackware kernel) and make sure you've actually got netfilter support enabled, and it wouldn't hurt to just turn on everything under there as modules.
|
|
|
05-15-2006, 07:55 AM
|
#7
|
Member
Registered: Oct 2004
Location: Singapore
Distribution: Slackware, FreeBsd
Posts: 43
Original Poster
Rep:
|
Page wont display hmm.. ill try later.. anyways thanx for the suggestion evil.
|
|
|
05-15-2006, 11:03 AM
|
#8
|
Member
Registered: Jan 2004
Location: /lost+found
Distribution: Slackware 14.2
Posts: 849
Rep:
|
Also, if your running Gkrellm you can go to the Internet setup and specify what port you want gkrellm to keep and eye one. Gkrellm shows when someone logs into that port, how many connections, etc.. Neat little tool. I have mine set up to show SSH (22) and FTP (21).
|
|
|
All times are GMT -5. The time now is 06:36 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|