Previous section   Next section

Recipe 3.6 Displaying Active Users

3.6.1 Problem

You want to find out who else is logged into a router.

3.6.2 Solution

To see which users are currently logged into the router and on which line, use the show users EXEC command:

Router1#show users

Use the keyword all to view all lines, including those that are inactive:

Router1#show users all

The EXEC command who gives the same output as the show users command:

Router1#who

To remotely view which users are logged into a router, use the finger command from your management server:

Freebsd% finger @Router1

This last command works only if the finger service is enabled on the router.

3.6.3 Discussion

The router provides a number of different methods to view active users. The output from all of these commands is nearly identical. Many administrators like to know which users are accessing the router for security purposes, operational reasons, or just out of curiosity.

The format of the output is as follows: the absolute line number, the VTY line number, the username, a listing of connected hosts, the inactivity timer, and the source address of the session. Note that one line of the output has an asterisk (*) in the left margin, indicating your current session.

The show users command displays the current active users and their associated line information:

Router1#show users
    Line       User       Host(s)              Idle       Location
    66 vty 0   ijbrown    idle                 00:56:15   freebsd.oreilly.com
    67 vty 1   kdooley    idle                 00:17:52   freebsd.oreilly.com
  * 68 vty 2   weak       idle                 00:00:00   freebsd.oreilly.com
   
  Interface    User       Mode                  Idle      Peer Address
   
Router1#

If you add the keyword all to this command, the router displays all of its lines, active and inactive:

Router1#show users all
    Line       User       Host(s)              Idle       Location
    0 con 0                                    00:00:00 
    65 aux 0                                   00:00:00 
    66 vty 0   ijbrown    idle                 00:56:24   freebsd.oreilly.com
    67 vty 1   kdooley    idle                 00:18:01   freebsd.oreilly.com
  * 68 vty 2   weak       idle                 00:00:00   freebsd.oreilly.com
    69 vty 3                                   00:00:00 
    70 vty 4                                   00:00:00 
   
  Interface    User       Mode                 Idle       Peer Address
   
Router1#

The who command is named after the popular Unix program, which displays active users. The router's version of who displays exactly the same information as the show users command:

Router1#who
    Line       User       Host(s)              Idle       Location
    66 vty 0   ijbrown    idle                 00:56:58   freebsd.oreilly.com
    67 vty 1   kdooley    idle                 00:18:36   freebsd.oreilly.com
  * 68 vty 2   weak       idle                 00:00:00   freebsd.oreilly.com
   
  Interface    User       Mode                 Idle       Peer Address
   
Router1#

The finger command is another popular Unix program that displays the active users of a remote system using a simple open IP-based protocol. The router responds to any finger request with output similar to that of the show users command. In the following example, we use finger from a Unix server to see which users are logged into a particular router:

Freebsd% finger @Router1
[Router1]
   
    Line       User       Host(s)              Idle       Location
  * 66 vty 0              idle                 00:00:00   freebsd.oreilly.com
    67 vty 1   ijbrown    idle                 00:01:48   freebsd.oreilly.com
    69 vty 3   ijbrown    idle                 00:59:04   freebsd.oreilly.com
   
   Interface   User       Mode                 Idle       Peer Address
Freebsd%

Notice that we were able to remotely extract the active user list without even logging into the router. For security purposes, we recommend that you disable the finger service to prevent illegitimate use of the protocol. For example, somebody could use this command to discover a valid username as well as a remote workstation that is allowed to log into the router. This can be a dangerous amount of information to give away freely.

You can disable the finger service on a router with the following configuration command:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#no ip finger
Router1(config)#end
Router1#

3.6.4 See Also

Recipe 2.6; Recipe 3.1; Recipe 3.7; Chapter 4


  Previous section   Next section
Top