The login logs of ssh users are mainly wtmp and utmp, which are located in the /var/log/ directory and /var/run directory respectively. They are all binary files and cannot be viewed directly with commands such as cat and tail. You need to use four commands, who, w, Users and last, to view them. Let me briefly introduce how to use these four commands to view the login log of ssh users:
who
This command is mainly used to list the users currently logged into Linux system. The output is user name, tty number, login time and remote connection host IP:
If the wtmp file is specified, the who command will list all previous login records as follows: From top to bottom, the time is getting closer and closer, the first login and the last login:
w
This is also a command to display users who have logged into Linux system, mainly used to view utmp files. Compared with WHO commands, it outputs more detailed information, including user name, tty number, remote connection address, login time, idle time and what the current user is doing (executing commands).
user
This command is also mainly used to display the users currently logged into Linux system. One session corresponds to one user. If the user has multiple sessions, it will be displayed multiple times, as shown below:
final
This command is mainly used to display the users who have recently logged into Linux system. The time from top to bottom is getting longer and longer. The latest will be displayed at the top and the farthest will be displayed at the bottom. For wtmp file, the output is as follows: user name, tty device number, remote link address, login time, logout time, etc. If the state is always static, it means that the current user is using a Linux system:
At this point, we have finished using the four commands of who, W, users and last to view the login log of ssh users. Generally speaking, the whole process is very simple. As long as you have a certain Linux foundation and are familiar with the above commands and instructions, you can master it quickly. You can refer to this article mandsanywhere.
root ALL =(ALL)ALL super meall =(ALL)ALL
As a protection mechanism, the file is read-only. If you use vi editor, just use: wq when saving! You can keep it. Or use the visudo command to enter sudoers file editing, or you can save it normally.
3、vim/etc/ssh/sshd_config
Find PermitRootLogin and change it to PermitRootLoginno.
Restart service hardware startup
How to log in to the server using SSH?
The full name of SSH is SecureShell. SSH is a security protocol created on the basis of application layer and transport layer, with port 22. Let me explain how to use the putty tool to connect to the server:
Tools/raw materials
putty
Server with ssh service
Connection server
1. Download putty software. This software is downloaded a lot from Internet search. Not necessarily this one, of course. You can also use other similar software to connect:
2. After opening the software, enter the ip address of the server you are connected to, and check ssh, port 22:
3. Click OK and enter the account number and password (the password is invisible, just enter it); After completion, enter the car to see if the connection is successful; If you can connect, you can execute the command; If you can't connect, please check whether there is a password error or a server configuration problem:
How does ssh get data?
SSH, which is usually used under Linux, is a key-based connection: the machine provides the user name and password to connect to the remote server, and applies for security verification with the key.
After receiving the request, the server first looks for the public key in the user root directory of the server according to the user name provided when connecting, and then compares it with the public key stored in the computer.
If the two keys match, the server encrypts the information with the public key and sends it to the client software.
How to directly enter the user name and password when logging in with ssh under linux?
The default user name is root.
If you forget, you can enter single-user cracking.
Heat splitting method
After 1linux starts, press the E key on the keyboard to enter the grub menu interface.
2. When the grub startup screen appears (centos(2.6. 18-274**)), press the letter E to enter the grub editing state.
3. Move the cursor to the kernel line ... and then type "e" to enter the command line for editing.
Add a space s at the end of the kernel line, and then press enter.
Type "b" to start the system, that is, enter the single-user mode.
4. At this point, you can use the passwd command to change the password.
passwdroot
Restart after the change.