11
5
I run a linux file server for my office and we user SFTP for remote partners to login and download files. Is there a way to see if there are any active connections or logins so I can know when it is safe to perform maintenance on the machine?
Since the machine is almost constantly serving large files, scheduled maintenance is often bumped off due to someone either upload
aVeRTRAC
Posted 2011-08-09T19:04:57.983
Reputation: 461
11
You can also do:
ps -ef | grep '[s]shd' | grep -v ^root
which should show any sshd sessions (which are used for sftp). I notice on my machine my sshd process command line contains '$USER@notty' which makes sense since I'm not logged in with a terminal session. You could tighten up the grep above with:
ps -ef | grep '[s]shd:.*@notty' | grep -v ^root
BTW: the square brackets in the grep are to not have the 'grep sshd' process show up in the process list. [s]shd matches sshd, but doesn't match itself. It saves a 'grep -v grep'
Rich Homolka
Posted 2011-08-09T19:04:57.983
Reputation: 27 121
2
You could also try
fuser -u ssh/tcp
Uli
Posted 2011-08-09T19:04:57.983
Reputation: 21
1
I think you can use the command line program who to see this. I have noticed some reports that doing so doesn't work, but I still think it may work (maybe it's an ssh setting).
sftp is built on top of SSH. It stands for the "SSH File Transfer Protocol". And when you're logged in over ssh, 'who' will include you as a logged in user with its output. So I'd expect this to work with active sftp sessions too.
This discussion from 2008 also suggests that you may use 'netstat' for this. It also includes a suggestion to run 'who' via 'watch' so you can see updates without doing anything.
James T Snell
Posted 2011-08-09T19:04:57.983
Reputation: 5 726
1who shows who is currently running a login shell. Depending on what the user is running, it may or may not count as a login shell. The server half of sftp does not, hence why sftp sessions don't show up in who. – Perkins – 2015-10-22T17:23:34.920
1who does not show users logged in via ssh(I just logged in from my laptop and checked). – aVeRTRAC – 2011-08-10T00:27:00.937
That's wacky, that's GOT to be a setting.. As I'm pretty damned sure it has done so for me.. for years and years and years.. – James T Snell – 2011-08-10T01:42:03.620
Any idea where that setting would be? I tried this on a public server at my work & got back what looks like realistic results with several users listed. – aVeRTRAC – 2011-08-15T21:10:30.590
4I ended up using
netstat -atn | grep ':22'to see if there was open traffic on port 22. I also found that I could check the sshd logs, located at '/var/log/auth.log' on my system to see if all users who had opened a session had been closed out. – aVeRTRAC – 2011-08-10T00:30:36.660