Question

4

How to know who accessing my computer via ssh command remote in Ubuntu?

rated 0 times [ 4] [ 0] / answers: 1 / hits: 17060 / 3 Years ago, fri, september 17, 2021, 1:51:18

Somebody accessing my computer with my password, i want to know who login my system via ssh [email protected], i want to know that ip how to trace it.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

rillrage

Add To Favorites

Follow

Total Points: 122

Total Questions: 120

Total Answers: 103

Location: Tokelau

Member since Thu, Aug 26, 2021

3 Years ago

rillrage questions

1 Is there any way to control ls output format

Wed, Apr 6, 22, 17:39, 2 Years ago

1 Added a Samsung NVMe SSD, but I can't see it in File Explorer

Sat, May 7, 22, 07:10, 2 Years ago

1 Accidentally terminating installing restricted extras and vlc during installation

Fri, Apr 28, 23, 18:11, 1 Year ago

1 How to fix the ugly font rendering of "Tex Gyre Pagella" in Firefox?

Wed, Aug 3, 22, 21:02, 2 Years ago

1 Changing screenshot directory in Ubuntu 21.10

Sat, Apr 30, 22, 13:11, 2 Years ago

View All

answered 3 Years ago sipwing · Accepted Answer

sshd logs all authorizations in /var/log/auth.log . You can check for logins by performing
grep sshd /var/log/auth.log. The output will look something the following:

Jun  5 13:56:06 computer-name sshd[1582]: Accepted password for user from 10.0.2.2 port 41341 ssh2

However, if you are sure that your system is compromised, these logs cannot be trusted. You need to change your password immediately, backup all data and reinstall the system. If an attacker managed to get root access (either because your user has sudo rights or through an exploit) to the system neither the logs nor any executables (even system ones) can be trusted. The only thing left to do is to nuke it from orbit.