How to kill a users SSH Connection


Recommended Posts

Hi,

Yes I have been using kill however listing the processes for sshd will list ALL processes of sshd, sometimes I want to kill just 1 user and killing sshd will kill everyone which I dont want. If I want to kill every I just restart sshd with 'service sshd restart'

The only way using kill to kill sshd would be handy is if I could find out which user was using which instance of sshd so I could kill just that 1 instance of sshd. is there any way to find out what user is using what PID for sshd?

using 'w' will only display the programs a user is currently running so that doesnt work.

Anyone got any other ideas?

can't you just ps -u username (do you know their username?) this will give you the pid of their connection

[bud@<hidden> bud]$ ps -u bud

PID TTY TIME CMD

20444 ? 00:00:00 sshd

20445 pts/0 00:00:00 bash

20478 pts/0 00:00:00 ps

[bud@<hidden> bud]$

And then kill that PID ;)

  BudMan said:
can't you just ps -u username (do you know their username?) this will give you the pid of their connection

[bud@<hidden> bud]$ ps -u bud

PID TTY TIME CMD

20444 ? 00:00:00 sshd

20445 pts/0 00:00:00 bash

20478 pts/0 00:00:00 ps

[bud@<hidden> bud]$

And then kill that PID ;)

Never thought of that until now :laugh:

  BudMan said:
can't you just ps -u username (do you know their username?) this will give you the pid of their connection

[bud@<hidden> bud]$ ps -u bud

PID TTY TIME CMD

20444 ? 00:00:00 sshd

20445 pts/0 00:00:00 bash

20478 pts/0 00:00:00 ps

[bud@<hidden> bud]$

And then kill that PID ;)

BudMan you are TheMan!

Cheers so much, it works a treat :thumbsup:

Whey you kill -1, you are killing and restarting a process on your server (In this case the SSH Daemon (sshd) or ssh session process). Since the SSH session is actually a connection initiated by the SSH client, you have really no way of affecting what happens on that end, and that includes an auto restart of the session. As far as the client is concerned, when your process stops, it losses the connection and the remote user will see something like "Remote Server termintated connection" OR "Remote Connection lost".

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Ah .. lockout for suspicious activity. I bet they uploaded the SanDisk utility detected as malware
    • Microsoft 365 will soon disable outdated authentication protocols for file access by Usama Jawad On a fairly regular basis, Microsoft disables outdated protocols that are used to access its services. In the past few years, the company has deprecated Basic Auth in Exchange Online and cut access to Outlook for third-party apps relying on this protocol. Now, it has decided to get rid of old authentication protocols for file access across Microsoft 365 services. As reported by Bleeping Computer, Microsoft has posted a message on its Microsoft 365 Admin Center. Starting from mid-July 2025, the company will begin disabling legacy authentication protocols used to access files across Microsoft 365 and Office apps, SharePoint, and OneDrive. Essentially, applications or services which use the Relying Party Suite (RPS) or FrontPage Remote Procedure Call (FPRPC) will to perform browser-based authentication to perform open operations on Office files will no longer be able to do so. As expected, this is primarily being done to improve the cybersecurity posture of various services. Microsoft states that RPS can be brute-forced and phished with relative ease as it is fairly outdated. Similarly, FPRPC is typically used for remote web page authoring and it is susceptible to exploitation through various vulnerabilities too. As such, both of these protocols will be disabled by default starting from mid-July 2025, with the rollout of this change targeting completion by August 2025. The Redmond tech giant will update the protocol baseline by default without mandating any licensing changes for customers. In addition, once these modifications are rolled out, Microsoft 365 will require admin consent to get third-party access to files and sites. IT admins can view the guidance available here to configure admin consent workflows. Microsoft says that these changes align with the principles of its Secure Future Initiative (SFI). Earlier today, it announced the rollout of improved security defaults for Windows 365 citing the same reasons too.
    • It does and it can... I took an i3 board and upgraded it to my FX8350... no issues, just put in new drivers over the top that Windows didn't. Not the issue for me, (though I eventually did do a new install from 23H2 to 24H2)... I was on 22H2 at the time. The issue is activation. You may get hit with having to activate again.
  • Recent Achievements

    • First Post
      Fuzz_c earned a badge
      First Post
    • First Post
      TIGOSS earned a badge
      First Post
    • Week One Done
      slackerzz earned a badge
      Week One Done
    • Week One Done
      vivetool earned a badge
      Week One Done
    • Reacting Well
      pnajbar earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      705
    2. 2
      ATLien_0
      283
    3. 3
      Michael Scrip
      217
    4. 4
      +FloatingFatMan
      195
    5. 5
      Steven P.
      130
  • Tell a friend

    Love Neowin? Tell a friend!