Find the Ip Address of the Client in an Ssh Session

Find the IP address of the client in an SSH session

Check if there is an environment variable called:

$SSH_CLIENT 

OR

$SSH_CONNECTION

(or any other environment variables) which gets set when the user logs in. Then process it using the user login script.

Extract the IP:

$ echo $SSH_CLIENT | awk '{ print $1}'
1.2.3.4
$ echo $SSH_CONNECTION | awk '{print $1}'
1.2.3.4

Find the IP address of the client in an SSH session

Check if there is an environment variable called:

$SSH_CLIENT 

OR

$SSH_CONNECTION

(or any other environment variables) which gets set when the user logs in. Then process it using the user login script.

Extract the IP:

$ echo $SSH_CLIENT | awk '{ print $1}'
1.2.3.4
$ echo $SSH_CONNECTION | awk '{print $1}'
1.2.3.4

Access SSH client IP address, within a screen session

If the screen session is launched as root, you can but it won't be perfectly reliable

1. If two users type in the same screen window, they will both interact within the same shell. One can write a command. The other can press the <enter> key.

2. You have to get access to the environment variable SSH_CONNECTION (or better SSH_CLIENT) which is only possible if you are root, or if you use the same user inside the screen session.

Supposing you are root inside the screen session, you can know the last user active in a screen session by using the ps command and finding the last active session.

ps h -C screen katime -o pid,user

By using the pid, and accessing the /proc/<pid>/environ file, you can get the SSH_CLIENT variable.

sed -z '/SSH_CLIENT/p;d' /proc/`ps h -C screen katime -o pid |head -1`/environ

--> SSH_CLIENT=257.31.120.12

All of this suppose that your screen is executed as root

You can also chose to log all the active connections.
For such need, I would suggest you to store both the full list of connections and their last activity.

ps eh -C screen kstime -o pid,atime | while read pid stime; do echo -n "$stime: ";\
    gawk -v 'RS=\0' -F= '$1=="SSH_CLIENT" {print $2}' /proc/$pid/environ; done

Result:
00:00:00: 257.31.120.12 61608 22
00:07:11: 258.1.2.3.4 49947 22

Note that you can also parse the result of the ps eh -C screen kstime -o args command if you find it easier.

EDIT:

This is a working Debian command to get all users currently connected to the same screen session:

 find /var/run/screen/
     -name $(pstree -sp $$ |sed 's/.*screen(\([0-9]*\)).*/\1/;q').*
     -printf "%h\n"
      | cut -f2 -d-

In Python, how do I get user's remote IP (their last hop) if they're connected over SSH?

GOT IT AT LAST!!!

The "last" command has list of users and their IPs!! So simple.

It has "still logged in" marked against sessions. Filter by these
And then filter by current pts ID

To get the IP for the current SSH session in Python, do this:

import os,sys,subprocess
(out, err) = subprocess.Popen(['last | grep "still logged in" | grep "' + os.ttyname(sys.stdout.fileno()).replace('/dev/','') + '"'], stdout=subprocess.PIPE, shell=True).communicate()
RemoteIP=out.split()[2].replace(":0.0","") #Returns "" if not SSH

For readability, across multiple lines:

import os,sys,subprocess
pseudoTermID = os.ttyname(sys.stdout.fileno()).replace('/dev/','')
cmdStr       = 'last | grep "still logged in" | grep "'+pseudoTermID+'"'
sp           = subprocess.Popen([cmdStr], stdout=subprocess.PIPE, shell=True)
(out, err)   = sp.communicate()
RemoteIP     = out.split()[2].replace(":0.0","")   #Returns "" if not SSH

---

Related Topics