Powershell 替代 Unix who 命令来显示 ssh 会话 [英] Powershell alternative to Unix who command to show ssh sessions

问题描述

我在 Windows 服务器上，想知道谁通过 ssh 连接到服务器.在 Linux 上，以下命令有效

I am on a windows server and want to know who has ssh-ed into the server. On Linux following command works

who -s

它在 Windows 10 上的替代品是什么?

What is its alternative on Windows 10?

推荐答案

使用提升的 PowerShell，您可以列出所有登录的用户:

With an elevated PowerShell, you can list all logged on users with:

Get-CimInstance -ClassName Win32_LogonSession | Get-CimAssociatedInstance -Association Win32_LoggedOnUser

要仅获取通过 SSH 登录的用户，您可以使用以下管道:

To only get the users that are logged on via SSH, you can use the following pipeline:

Get-CimInstance -ClassName Win32_Process -Filter "Name = 'sshd.exe'" | Get-CimAssociatedInstance -Association Win32_SessionProcess | Get-CimAssociatedInstance -Association Win32_LoggedOnUser | Where-Object {$_.Name -ne 'SYSTEM'}

说明:

您正在寻找已登录(通过 SSH)的帐户.在 WMI 中，帐户由 Win32_Account 类.登录会话由 Win32_LogonSession 表示 类.如果用户已登录，Win32_Account 将与 Win32_LogonSession 相关联.此关联将由 Win32_LoggedOnUser 的实例表示 类.

You are looking for accounts that are logged on (via SSH). In WMI, accounts are represented by the Win32_Account class. Logon sessions are represented by the Win32_LogonSession class. If a user is logged on, a Win32_Account will be associated with a Win32_LogonSession. This association will be represented by an instance of the Win32_LoggedOnUser class.

上面的第一个管道获取所有现有的登录会话并返回与这些登录会话关联的所有用户帐户.总之，您将获得所有登录用户的列表.

The first pipeline from above takes all existing logon sessions and returns all user accounts that are associated with these logon sessions. In conclusion, you get a list of all logged on users.

要获取通过 SSH 登录的所有用户的列表，您可以评估更多关联.每个进程 (Win32_Process) 通过 Win32_SessionProcess 与登录会话相关联 类.上面的第二条管道执行以下操作:

To get a list of all users that are logged on via SSH, you can evaluate some more associations. Each process (Win32_Process) is associated with a logon session via the Win32_SessionProcess class. The second pipeline from above does the following:

1. 它过滤所有进程，只获取 SSH 守护进程的进程.
2. 对于 SSH 进程，它通过 Win32_SessionProcess 关联类确定关联的登录会话 (Win32_LogonSession).
3. 然后使用这些登录会话通过 Win32_LoggedOnUser 关联类确定登录用户，就像在第一个管道中一样.
4. 最后，它过滤结果以省略 SYSTEM 帐户.

1. It filters all processes to only get the processes of the SSH daemon.
2. For the SSH processes, it determines the associated logon sessions (Win32_LogonSession) via the Win32_SessionProcess association class.
3. It then uses these logon sessions to determine the logged on users via the Win32_LoggedOnUser association class like in the first pipeline.
4. In the end, it filters the result to omit the SYSTEM account.

这篇关于Powershell 替代 Unix who 命令来显示 ssh 会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！