Re: Net::SSH::Perl Module Problem

There is an extremely large problem with this idea that has not been covered. An operating system can have only one thing in 'Listen' on a port at any one time. If you were to connect to a box via ssh (port 22) and attempt to open a listen socket on port 22 you would receive an error that the port is in use (assuming that sshd is running as a daemon). If sshd is running from inetd (not recommended) you may be able to start a listen socket on port 22, but now ssh connections would not be accepted because your application is now listening on port 22 and handling all connections instead of the sshd process. When you connect to a machine using ssh your initial connection is accepted on port 22, but almost immediately that request is shifted to an alternate port for the remainder of the session. The reason for this is that a particular port can not only have just one 'thing' in listen mode but it can also only handle one connection at a time. If you were to stay on port 22 no other people would be able to connect to the server.

Also, as requested, please explain in full detail exactly what you are attempting to accomplish, maybe it has been done before. If you want immediate notification when someone logs in or out there are many ways to do it depending on the level of system access you have (user level vs. root).

UPDATE: After posting noticed that this issue was partially addressed in this post by crenz

Comment on Re: Net::SSH::Perl Module Problem

Replies are listed 'Best First'.
Re: Re: Net::SSH::Perl Module Problem by Anonymous Monk on Jul 30, 2003 at 18:22 UTC
Hi , Thanks for ur help . Here is what I want to achieve . I want to display the list of user's logged in on port 22 . This display should include the IP addresses from where they arrived , their time of connection ,userid and their time of disconnection . Is it possible using IO:Socket. Also the display should include the userid's who after getting connected to port 22 made exit i.e got disconnected . Can i keep a track of user's in the manner mentioned above . Thankyou !	[reply]
Re: Re: Re: Net::SSH::Perl Module Problem by gnu@perl (Pilgrim) on Jul 30, 2003 at 19:46 UTC
Just to make sure I understand you completely. You only want to moniter users connecting using ssh. You don't care about telnet (shouldn't use telnet anyway). There are only two ways I can think of to do this, the realy easy way that is less accurate and the really hard way (some think it's hard) that is much more accurate. The easy way, and still not too bad is to monitor the log file from sshd or your messages file. It has basically all the information you want there. Since I don't know what OS you are running I will relate things to Red Hat linux. In my /var/log/messages file I have the following: K, this gets long winded... Read more... (3 kB)	[reply] [d/l]
Re: Re: Re: Net::SSH::Perl Module Problem by SyN/AcK (Scribe) on Jul 30, 2003 at 23:22 UTC
Seriously, as others have said there is better ways of doing this. Are you on a *Nix box? If so, you should be able to use tcpdump or ethereal or any kind of sniffer to figure out whoose making connections to ssh. Furthermore, you could use ntop to display a list of all incoming connections. Whether this would display a list of users, I doubt it, but what is the point of that anyways? Why don't you do as others have suggested and take a look at working with SSH's log files. Hell, if you really want to get funky and generate some sort of report with perl, you could easily just manipulate what is inside of the logs to how you want to see it.	[reply]