In a multi server architecture, is it possible to find out from which machine a user logged into current machine using
user1 logged into
host1. From there, the user logged into
In above example, would it be possible to trace the
sruser session of
host2 back to
user1 session in
Would it be possible to get the hostname or terminal of
Here is Solutions:
We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.
last commands might be useful for displaying the host from which users are connected.
If you are an ordinary user on
host2, you can see who is currently logged in from where with the
who command, and who logged in from where in the past with the
last command. Both show the remote host name or IP address for ssh logins; this is usually
host1, but can be a gateway that relayed the ssh connection.
It is in principle impossible to know who
user1 is. After all,
host1 might not even be running a multiuser system, or might be an anonymous relay. This doesn’t mean
user2 has absolute privacy amongst the known users of
host1; for example, if you’re the administrator on
host2, and the user uses public key authentication, and you’ve configured the ssh server to dump information about the public key used, then you can find out the user’s public key, and perhaps correlate it from information obtained elsewhere.
Some past questions on Super User may interest you:
Not sure about Solaris but on Linux
lsof -u user | grep \:ssh should work fine
Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂