I need to find out which user screwed up the ssh config.
There's nothing in anyone's bash history.
But I did see when a bunch of ssh-related errors in the logs that started at a specific time.
I'm thinking I could narrow it down by finding out who was logged on then.
Is this possible on linux?
(On a side note: this is for a class, the other users are my classmates, they're doing the same thing, and we're all aware that everyone is snooping on our activity)
Check the output of lastlog. Check also utmp(5).
You can check with /var/log/secure file
/var/log/secure Contains information related to authentication and authorization privileges. For example ssh logs all the messages here, including unsuccessful login.
How do I find out which users are logged into a Windows XP machine?
I'm looking for something like the Unix who command, or a screen that just gives me a list of users currently logged in.
You can see logged on users in the Users tab in Task Manager.
qwinsta from the command line should show you who logged on, though I'm not sure if that's just for terminal server sessions or not.
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
>console Jeff 1 Active
psloggedon - a small utility that is part of the SysInternals Suite of tools
Stand-alone link: http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx
If you Remote Desktop into the machine and fill out the login dialog, the next dialog should tell you who is logged in and give you the option to log them out or to cancel.