Tfb*_*fb9 6 ssh command-line sudo ip netstat
我试图找出当前 ssh 会话的原始 IP 地址。我发现以下内容很有用,但它需要 sudo:
$ sudo netstat -tapen | grep ssh | awk '{ print $5}' | sed '/0.0.0.0\|::/d'
192.168.1.1:60119
99.xxx.xxx.xxx:1213
有没有办法在不调用 sudo 的情况下获取 99.xxx.xxx.xxx 信息?
(已回答!问题 1:如何通过管道传递到 grep 仅返回错误?)
问题 2:是否有使用 netstat 获取 WAN 信息的解决方法?或者...
问题 3:我的目标有更好的选择吗?
mur*_*uru 15
您可以使用SSH_CONNECTION和SSH_CLIENT变量:
$ echo $SSH_CONNECTION
10.0.0.1 42276 10.0.0.2 22
$ echo $SSH_CLIENT
10.0.0.1 42276 22
$ SSH_IP=${SSH_CONNECTION%% *}
$ echo $SSH_IP
10.0.0.1
来自man 1 ssh:
SSH_CONNECTION Identifies the client and server ends of the
connection. The variable contains four space-
separated values: client IP address, client port
number, server IP address, and server port number.
SSH_CONNECTION如果将其拆分为 bash 数组,则可以更轻松地访问每个条目:
ssh_details=($SSH_CONNECTION)
然后您可以使用其索引获取每个条目:
$ echo $SSH_CONNECTION
127.0.0.1 55719 127.0.0.1 22
$ ssh_details=($SSH_CONNECTION)
$ echo ${ssh_details[0]}
127.0.0.1
$ echo ${ssh_details[1]}
55719
$ printf "You are logging in from host IP %s from port # %d\n" ${ssh_details[0]} ${ssh_details[1]}
You are logging in from host IP 127.0.0.1 from port # 55719
出于某种原因,SSH_CLIENT英文联机帮助页中没有记录。
对 1 和 2 的回答:
The warning is from netstat, not from grep and its about the PID/Program name column of the netstat output:
$ netstat -tapen
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
Using sudo:
$ sudo netstat -tapen
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
The alert is self explanatory, you have to be root to view the process IDs and program names owned by other (all) users, otherwise you will only get the PID/names of programs owned by you although you will get the open socket listings for those processes.
The distinction is basically summed up by the following, from man netstat:
PID/Program name
Slash-separated pair of the process id (PID) and process name of
the process that owns the socket. --program causes this column to
be included. You will also need superuser privileges to see this
information on sockets you don't own. This identification information is
not yet available for IPX sockets.
In you case, the program sshd is owned by root, so without using sudo all the socket info will appear in the output, not the program name and PID. As a result while using grep on the result of netstat -taepn you are getting the warning.
On the other hand if you use sudo, the PID/program name will appear in the netstat -taepn output and you can use grep to find the output.
The following will make you more clear (check the last column(PID/Program name)):
$ netstat -tapen
PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11088 -
$sudo netstat -taepn
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 11088 1002/sshd
If you are running this from a client machine then you can just ignore it as the process in that case will be ssh (not sshd) and will be owned by you.
Answer to 3:
There are so many ways. I will add a few:
$ sudo netstat -taepn | grep "ssh" | tr -s ' ' | cut -d' ' -f4 | head -1
192.168.5.3:22
$ sudo netstat -taepn | grep -Po "\b(\d|\.)+:22(?= .*ssh)"
192.168.5.3:22
$ sudo netstat -taepn | sed -nr '/ssh/s/.* ([^:]+:22) .*/\1/p'
192.168.5.3:22
EDIT: Without sudo:
$ netstat -taepn 2>/dev/null | grep ":22 " | tr -s ' ' | cut -d' ' -f4 | head -1
192.168.5.3:22
$ netstat -taepn 2>/dev/null | grep -Po "\b(\d|\.)+:22\b"
192.168.5.3:22
$ netstat -taepn 2>/dev/null | sed -nr '/:22 /s/.* ([^:]+:22) .*/\1/p'
192.168.5.3:22
EDIT 2:
If you want to get the remote IP address connected to port 22 (ssh) of the server without using sudo, your best best would be to read the socket statistics via ss command and get the desired output from that.
$ ss -ant | grep -Po "(\d|\.)+:22\s+\K[^:]+"
192.168.6.4
$ ss -ant | sed -nr 's/.*([0-9]|\.)+:22 +([^:]+).*/\2/p'
192.168.6.4
$ ss -ant | grep -e "ESTAB" | grep ":22" | tr -s ' ' | cut -d' ' -f5 | cut -d':' -f1
192.168.6.4
We have run the above commands in the server and 192.168.6.4 is the IP address of the remote computer connected to the server via ssh on port 22.