SSHd session information

View information about SSH client sessions.

The system creates a row in the sessions table each time an SSH client connects (or attempts to connect) to the SSHd server in the Sun Secure Application Switch. Ultimately, all active SSH connections are recorded in the sessions table, which tracks and describes several of the session characteristics. In addition to IP address and TCP port, these include session type (CLI or SFTP), client user name, packet and byte counts, negotiation summary, type of service requested, and authentication method.

Access mode

exec

Syntax

show switchServices sshd sessions

Output Description

Heading Description Filter
Client IP The IP address of the SSH client (the user's application that is talking to the server). clientIp ipAddress
Client Port The number of the TCP port the client is using to connect to the server. clientPort integer
Session State The state of the SSH session.

Valid values:
  • up : The session is up.
  • negotiating : Client and server are negotiating a connection.
  • down : The session is down.
operState enumeration
Session Type The session type.

Valid values:
  • unknown : The client's service request has not been completed.
  • cli : The session has been established with CLI functionality.
  • sftp : The session has been established with SFTP functionality.
sessionType enumeration
UserName The login name of the user connected over SSH to the server. userName text
User Privs The privilege level of the connected user for this session.

Valid values:
  • none : The user is not configured or is configured without privileges.
  • session : The user has CLI session privileges.
  • sftpRead : The user has SFTP read-only session privileges.
  • sftpWrite : The user has SFTP read-write session privileges.
userPrivilegeLevel enumeration
UserProfile The profile associated with the SSH user. This does not have to be the same profile/user that logs into the CLI. userProfileName text
TX Bytes The total number of bytes sent during this SSH session. bytesSentTotal counter32
RX Bytes The total number of bytes received during this SSH session. bytesReceivedTotal counter32
TX CLI Bytes The bytes sent from the CLI during this SSH session. bytesSentCli counter32
RX CLI Bytes The bytes received, destined for the CLI, during this SSH session. bytesReceivedCli counter32
TX SFTP Bytes The bytes sent from SFTP during this SSH session. bytesSentSftp counter32
RX SFTP Bytes The bytes received, destined for SFTP, during this SSH session. bytesReceivedSftp counter32
Neg Info A summary of session negotiation information. This summary lists client-to-server and server-to-client encryption methods, HMAC algorithm types, client key algorithm setting, and user authentication method(s). kexNegotiationSummary text
Session Time The number of seconds the session has been active. sesDuration integer
Idle Time The number of seconds the session has been idle. idleDuration integer
Session Status The operational status for the session.

Valid values:
  • active : The sshd session is active.
  • destroy : The sshd session is terminated.
sesStatus enumeration
Patch IDs The sum of the patch bit IDs applied for this client version. This is session-specific patch information. sessionPatchMask integer
Patch Summary A list of applied patches, by Display Name, for this client version. This is session-specific patch information.

Name (SSH Patch Identifier), Bit Value
SigBlob-fix (SSH_BUG_SIGBLOB), 1
HMAC-fix (SSH_BUG_HMAC), 4
OldSessionId (SSH_OLD_SESSIONID), 16
DebugMsg-fix (SSH_BUG_DEBUG), 64
DeriveKey-fix (SSH_BUG_DERIVEKEY), 262144
SecureFX-NoUserAuth (SSH_VDFX_NOUSERAUTH), 2097152.		 sessionPatchSummary text

Related actions

You can do the following