kyser
Reputation: 107
How to know which specific machine connected to my EC2 instance
Is there any way to know which particular machine connected to an EC2(ubuntu 12.04) instance during a specific time?
For example, I want to know which public key(ssh key) was used to connect to my EC2 instance during a specific time?
Is there any feature in AWS to get that information or can I enable some extra logging in ubuntu to know that?
P.S. The "last" command does not help me as it shows the IP address which connected to the EC2 machine and in my case it shows the IP address of my company not the machine's
Upvotes: 1
Views: 622
Answers (1)
jazgot
Reputation: 2073
You can look into log file: /var/log/auth.log, login information look like this:
Mar 30 11:09:19 void sshd[1895]: Accepted publickey for vagrant from 10.0.2.2 port 63936 ssh2
Mar 30 11:09:19 void sshd[1895]: pam_unix(sshd:session): session opened for user vagrant by (uid=0)
As you can see time, user login, ip and authentication method data is logged by default.
Upvotes: 1
Related Questions
- How to get the instance Name from the instance in AWS?
- Finding EC2 instance ID for someone else's instance
- How to find which IP address is used by EC2 instance when it's making requests to some other server outwards
- When I SSH into my EC2 instance, how do I figure out what server it is currently running?
- Identify Amazon EC2 machines uniquely
- How do I get the server name with aws ec2 describe-instances
- How to identify Amazon AWS EC2 instance?
- Know IP address of system which started EC2 instance
- Where can I find information about the instance I have on ec2
- How do you distinguish your EC2 instances?