HPE Community
Operating System - HP-UX
1832265 Members
3033 Online
110041 Solutions
New Discussion

How see that do user, which was connect from remsh?

 
dnn
Occasional Contributor

‎07-27-2005 05:22 PM

‎07-27-2005 05:22 PM

How see that do user, which was connect from remsh?

Hello!

In LAST I see session that was connect from remsh. How see that do user, which was connect from remsh? There is not this info in syslog.log.

Thanks!
0 Kudos
Reply
5 REPLIES 5
Chris Wilshaw
Honored Contributor

‎07-27-2005 08:13 PM

‎07-27-2005 08:13 PM

Re: How see that do user, which was connect from remsh?

If the user is just executing a single command, or a script via remsh

eg:

remsh server "uptime"

then there is no record of it on the local server itself - you'd need to check out their .sh_history file on the remote server from which they ran the command.

If they're running

remsh server

then commands are logged to the .sh_history file (or equivalent) as normal.

It's also possible that it's a cron job that's running a remsh command, in which case you'd need to check the job details on the remote server to see what it was doing.
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎07-27-2005 08:27 PM

‎07-27-2005 08:27 PM

Re: How see that do user, which was connect from remsh?

Hi,
One way it is possible is:

1. # who ( lists all sessions )
Get tty from this of sessions.

2. # ps -t tty
This shows "rlogind" daemon running on that tty if it is connected through remsh.

Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎07-27-2005 11:35 PM

‎07-27-2005 11:35 PM

Re: How see that do user, which was connect from remsh?

last command will give only remsh from the /var/adm/wtmp log. You can do like in /etc/profile as,


--/etc/profile--

ps | grep -q 'rlogin'
if [[ $? -eq 0 ]]
then
echo "`date` $LOGNAME is logging from who -mu" >> /tmp/remsh.log
fi

hth.


Easy to suggest when don't know about the problem!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎07-27-2005 11:37 PM

‎07-27-2005 11:37 PM

Re: How see that do user, which was connect from remsh?

Change the script as,

ps | grep -q 'rlogin'
if [[ $? -eq 0 ]]
then
echo "`date` $LOGNAME is logging from `who -mu`" >> /tmp/remsh.log
echo "...... if you want more" >> /tmp/remsh.log
fi

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
dnn
Occasional Contributor

‎07-28-2005 12:08 AM

‎07-28-2005 12:08 AM

Re: How see that do user, which was connect from remsh?

Thank you very much for reply! :)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.