Powershell 替代 Unix who 命令来显示 ssh 会话 [英] Powershell alternative to Unix who command to show ssh sessions
问题描述
我在 Windows 服务器上,想知道谁通过 ssh 连接到服务器.在 Linux 上,以下命令有效
I am on a windows server and want to know who has ssh-ed into the server. On Linux following command works
who -s
它在 Windows 10 上的替代品是什么?
What is its alternative on Windows 10?
推荐答案
使用提升的 PowerShell,您可以列出所有登录的用户:
With an elevated PowerShell, you can list all logged on users with:
Get-CimInstance -ClassName Win32_LogonSession | Get-CimAssociatedInstance -Association Win32_LoggedOnUser
要仅获取通过 SSH 登录的用户,您可以使用以下管道:
To only get the users that are logged on via SSH, you can use the following pipeline:
Get-CimInstance -ClassName Win32_Process -Filter "Name = 'sshd.exe'" | Get-CimAssociatedInstance -Association Win32_SessionProcess | Get-CimAssociatedInstance -Association Win32_LoggedOnUser | Where-Object {$_.Name -ne 'SYSTEM'}
说明:
您正在寻找已登录(通过 SSH)的帐户.在 WMI 中,帐户由 Win32_Account表示代码>
类.登录会话由 Win32_LogonSession
表示 类.如果用户已登录,Win32_Account
将与 Win32_LogonSession
相关联.此关联将由 Win32_LoggedOnUser 的实例表示
类.
You are looking for accounts that are logged on (via SSH). In WMI, accounts are represented by the Win32_Account
class. Logon sessions are represented by the Win32_LogonSession
class. If a user is logged on, a Win32_Account
will be associated with a Win32_LogonSession
. This association will be represented by an instance of the Win32_LoggedOnUser
class.
上面的第一个管道获取所有现有的登录会话并返回与这些登录会话关联的所有用户帐户.总之,您将获得所有登录用户的列表.
The first pipeline from above takes all existing logon sessions and returns all user accounts that are associated with these logon sessions. In conclusion, you get a list of all logged on users.
要获取通过 SSH 登录的所有用户的列表,您可以评估更多关联.每个进程 (Win32_Process
) 通过 Win32_SessionProcess 与登录会话相关联
类.上面的第二条管道执行以下操作:
To get a list of all users that are logged on via SSH, you can evaluate some more associations. Each process (Win32_Process
) is associated with a logon session via the Win32_SessionProcess
class. The second pipeline from above does the following:
- 它过滤所有进程,只获取 SSH 守护进程的进程.
- 对于 SSH 进程,它通过
Win32_SessionProcess
关联类确定关联的登录会话 (Win32_LogonSession
). - 然后使用这些登录会话通过
Win32_LoggedOnUser
关联类确定登录用户,就像在第一个管道中一样. - 最后,它过滤结果以省略
SYSTEM
帐户.
- It filters all processes to only get the processes of the SSH daemon.
- For the SSH processes, it determines the associated logon sessions (
Win32_LogonSession
) via theWin32_SessionProcess
association class. - It then uses these logon sessions to determine the logged on users via the
Win32_LoggedOnUser
association class like in the first pipeline. - In the end, it filters the result to omit the
SYSTEM
account.
这篇关于Powershell 替代 Unix who 命令来显示 ssh 会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!