lackdaz · May 28, 2020 16:51
diff --git a/monitor.sh b/monitor.sh
 #!/bin/bash

 authorized_keys="/home/seth/.ssh/authorized_keys"
 ssh_login_file="/var/log/auth.log"

 ports=$(netstat -tn -o state established | grep -F ":22"  | awk '{ print $5 }' | sed -e 's/.*://')

 echo "Active logins:"

 # Iterate through established peer ports connected to :22
 for entry in $ports; do
  # Get timestamp of login
  time=$(grep -F $entry $ssh_login_file | awk '{print $1, $2, $3}')
  # Get IP of login from ssh log
  ip=$(grep -F $entry $ssh_login_file | sed -e 's/.*from //' -e 's/ .*//')
  # Get hash of key used to login
  key_hash=$(grep -F $entry $ssh_login_file | awk 'NF>1{print $NF}')
  if [[ $key_hash == *":"* ]]; then
    # Get hash of authorized keys and find the match
    echo "$time: $(ssh-keygen -lf $authorized_keys | grep -F $key_hash | awk '{print $(NF-1)}')"
  else
    echo "$time: Unknown, password login"
  fi
 done
	#!/bin/bash

	authorized_keys="/home/seth/.ssh/authorized_keys"
	ssh_login_file="/var/log/auth.log"

	ports=$(netstat -tn -o state established \| grep -F ":22" \| awk '{ print $5 }' \| sed -e 's/.*://')

	echo "Active logins:"

	# Iterate through established peer ports connected to :22
	for entry in $ports; do
	# Get timestamp of login
	time=$(grep -F $entry $ssh_login_file \| awk '{print $1, $2, $3}')
	# Get IP of login from ssh log
	ip=$(grep -F $entry $ssh_login_file \| sed -e 's/.from //' -e 's/ .//')
	# Get hash of key used to login
	key_hash=$(grep -F $entry $ssh_login_file \| awk 'NF>1{print $NF}')
	if [[ $key_hash == ":" ]]; then
	# Get hash of authorized keys and find the match
	echo "$time: $(ssh-keygen -lf $authorized_keys \| grep -F $key_hash \| awk '{print $(NF-1)}')"
	else
	echo "$time: Unknown, password login"
	fi
	done