ssh - Linux: Find out who was logged on when?

  • Robert

    I need to find out which user screwed up the ssh config. There's nothing in anyone's bash history. But I did see when a bunch of ssh-related errors in the logs that started at a specific time.

    I'm thinking I could narrow it down by finding out who was logged on then. Is this possible on linux?

    (On a side note: this is for a class, the other users are my classmates, they're doing the same thing, and we're all aware that everyone is snooping on our activity)

  • Answers
  • vonbrand

    Check the output of lastlog. Check also utmp(5).

  • max

    You can check with /var/log/secure file

    /var/log/secure Contains information related to authentication and authorization privileges. For example ssh logs all the messages here, including unsuccessful login.

  • Related Question

    user accounts - How do I find out who is logged into Windows XP?
  • Mike Akers

    How do I find out which users are logged into a Windows XP machine?

    I'm looking for something like the Unix who command, or a screen that just gives me a list of users currently logged in.

  • Related Answers
  • Igal Tabachnik

    You can see logged on users in the Users tab in Task Manager.

  • Jeff Atwood

    qwinsta from the command line should show you who logged on, though I'm not sure if that's just for terminal server sessions or not.

     SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
     services                                    0  Disc
    >console           Jeff                      1  Active
  • Hafthor

    psloggedon - a small utility that is part of the SysInternals Suite of tools

    Stand-alone link:

  • user202604

    If you Remote Desktop into the machine and fill out the login dialog, the next dialog should tell you who is logged in and give you the option to log them out or to cancel.