Tjyylli

Fizzy, soft, pop and still drinks

How to verbalise code in Mathematica?

How did Captain America manage to do this?

Is there a way to get a compiler for the original B programming language?

Is it possible to determine the symmetric encryption method used by output size?

Which big number is bigger?

Was there a Viking Exchange as well as a Columbian one?

Is it idiomatic to construct against `this`?

Does holding a wand and speaking its command word count as V/S/M spell components?

Realistic Necromancy?

Why does nature favour the Laplacian?

How come there are so many candidates for the 2020 Democratic party presidential nomination?

Phrase for the opposite of "foolproof"

What's the polite way to say "I need to urinate"?

Combinable filters

Examples of subgroups where it's nontrivial to show closure under multiplication?

Does Gita support doctrine of eternal cycle of birth and death for evil people?

What is the most expensive material in the world that could be used to create Pun-Pun's lute?

A ​Note ​on ​N!

What makes accurate emulation of old systems a difficult task?

Is this homebrew Wind Wave spell balanced?

What does the "ep" capability mean?

What are the potential pitfalls when using metals as a currency?

What is Niska's accent?

Determine the application client is using to connect

rpd over https using a linux clientDefault username for Samba share that is not the user name on the client systemOpen programs without locking terminal through PuttyUnable to connect FTP: 530 Login incorrectInvalid port number while changing current directory through PuTTY in VBScriptCreate SSH session between Kali Linux to Windows XPSFTP connect through an other serverPuTTY does not connect over SSH; other clients work fineUnable to Connect to VNC Server Using SSH TunnelRouting multiple Virtual IP (192.168.11.X) to connect with test server (192.168.10.246)

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

3

Is there any way in Linux/Unix to determine the client application user is using to connect to OS. In our environment thousand of users connect to our system via client applications like WinSCP, Dbvisualizer, putty etc. We need to check the client application that users are using to connect to Server.

linux aix putty

share|improve this question

edited yesterday

Rui F Ribeiro

42.4k1485146

asked yesterday

Salman RazaSalman Raza

254

add a comment | 

3

Is there any way in Linux/Unix to determine the client application user is using to connect to OS. In our environment thousand of users connect to our system via client applications like WinSCP, Dbvisualizer, putty etc. We need to check the client application that users are using to connect to Server.

linux aix putty

share|improve this question

edited yesterday

Rui F Ribeiro

42.4k1485146

asked yesterday

Salman RazaSalman Raza

254

add a comment | 

Is there any way in Linux/Unix to determine the client application user is using to connect to OS. In our environment thousand of users connect to our system via client applications like WinSCP, Dbvisualizer, putty etc. We need to check the client application that users are using to connect to Server.

linux aix putty

share|improve this question

edited yesterday

Rui F Ribeiro

42.4k1485146

asked yesterday

Salman RazaSalman Raza

254

share|improve this question

edited yesterday

Rui F Ribeiro

42.4k1485146

asked yesterday

Salman RazaSalman Raza

254

share|improve this question

edited yesterday

Rui F Ribeiro

42.4k1485146

asked yesterday

Salman RazaSalman Raza

254

edited yesterday

Rui F Ribeiro

42.4k1485146

edited yesterday

Rui F Ribeiro

42.4k1485146

asked yesterday

Salman RazaSalman Raza

254

asked yesterday

Salman RazaSalman Raza

254

2 Answers
2

active

oldest

votes

11

Simple answer: No, there is no sure way. Terminal applications often will report available features when queried with the right escape sequences but this is sometimes not enough to detect which application is used, and it can very easily be faked.

In general, the actual terminal application used should not matter, so maybe you should rephrase your question to state the actual problem you try to solve instead.

share|improve this answer

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply, my actual problems are: 1.- To stop use of unknow client applications ( since I cannot determine it in unix so only option I have is to monitor & restrict installation on each client machine.) 2.- To determine a way to log user activity perform via client such as Winscp.
  
  – Salman Raza
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  So this is an enterprise environment where you control the network, servers and clients? If so there are plenty on ways to solve your problem, only allows clients to install approved software, only allow admins to install any software, network profiling ( hard for encrypted traffic ), NAC etc
  
  – Matt Douhan
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  Why exactly do you need to stop users from using client applications of their choice? Your server integrity should not depend on it, otherwise your security is broken at the core. If the client machines are provisioned by your IT department they should have means of installing only approved software, no need to check that via unreliable mechanisms from the server side.
  
  – Hans-Martin Mosner
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  As I've written in an answer somewhere else: Don't fear your users! goodreads.com/quotes/…
  
  – Hans-Martin Mosner
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  For the logging problem: Log what you know and need (subject to business requirements and regulatory restrictions). User ID, timestamp of connection open and close, server directories visited, file read and write accesses, etc. The client software really shouldn't matter.
  
  – Hans-Martin Mosner
  yesterday
  
  
  

  
  
  
  

add a comment | 

4

There might be many tools the clients use, but the underlying techniques or protocols these "tools" might use are same like 'SFTP, SSH, telnet' etc, to connect to the server. So all that system will see is some remote host is trying to open a ssh or sftp session on this server. Check /var/log/secure for more. Some common messages you would come across are:

ssh via tools like putty or xshell:

sshd[19199]: Accepted password for root from 10.10.10.10 port 51162 ssh2

sshd[19199]: pam_unix(sshd:session): session opened for user root by (uid=0)

sftp via winscp :

sshd[19238]: Accepted password for root from 10.10.10.10 port 51163 ssh2

sshd[19238]: pam_unix(sshd:session): session opened for user root by (uid=0)

sshd[19238]: subsystem request for sftp

PS: But there might be some extravagant tools that might do your job.. never say never in this world of software!

share|improve this answer

answered yesterday

sai sasankasai sasanka

881311

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  When sshd is properly configured, no one can log in as root. An administrator must connect his SSH client using his personal credentials, then use sudo to elevate privileges after getting logged in. When someone tries to authenticate as root, it's a red flag that might trigger anti-cracking measures like fail2ban (or a redirect of traffic from the offending IP to a honeypot VLAN).
  
  – Monty Harder
  yesterday
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f515595%2fdetermine-the-application-client-is-using-to-connect%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

11

Simple answer: No, there is no sure way. Terminal applications often will report available features when queried with the right escape sequences but this is sometimes not enough to detect which application is used, and it can very easily be faked.

In general, the actual terminal application used should not matter, so maybe you should rephrase your question to state the actual problem you try to solve instead.

share|improve this answer

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply, my actual problems are: 1.- To stop use of unknow client applications ( since I cannot determine it in unix so only option I have is to monitor & restrict installation on each client machine.) 2.- To determine a way to log user activity perform via client such as Winscp.
  
  – Salman Raza
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  So this is an enterprise environment where you control the network, servers and clients? If so there are plenty on ways to solve your problem, only allows clients to install approved software, only allow admins to install any software, network profiling ( hard for encrypted traffic ), NAC etc
  
  – Matt Douhan
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  Why exactly do you need to stop users from using client applications of their choice? Your server integrity should not depend on it, otherwise your security is broken at the core. If the client machines are provisioned by your IT department they should have means of installing only approved software, no need to check that via unreliable mechanisms from the server side.
  
  – Hans-Martin Mosner
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  As I've written in an answer somewhere else: Don't fear your users! goodreads.com/quotes/…
  
  – Hans-Martin Mosner
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  For the logging problem: Log what you know and need (subject to business requirements and regulatory restrictions). User ID, timestamp of connection open and close, server directories visited, file read and write accesses, etc. The client software really shouldn't matter.
  
  – Hans-Martin Mosner
  yesterday
  
  
  

  
  
  
  

add a comment | 

11

Simple answer: No, there is no sure way. Terminal applications often will report available features when queried with the right escape sequences but this is sometimes not enough to detect which application is used, and it can very easily be faked.

In general, the actual terminal application used should not matter, so maybe you should rephrase your question to state the actual problem you try to solve instead.

share|improve this answer

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the reply, my actual problems are: 1.- To stop use of unknow client applications ( since I cannot determine it in unix so only option I have is to monitor & restrict installation on each client machine.) 2.- To determine a way to log user activity perform via client such as Winscp.
  
  – Salman Raza
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  So this is an enterprise environment where you control the network, servers and clients? If so there are plenty on ways to solve your problem, only allows clients to install approved software, only allow admins to install any software, network profiling ( hard for encrypted traffic ), NAC etc
  
  – Matt Douhan
  yesterday
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  Why exactly do you need to stop users from using client applications of their choice? Your server integrity should not depend on it, otherwise your security is broken at the core. If the client machines are provisioned by your IT department they should have means of installing only approved software, no need to check that via unreliable mechanisms from the server side.
  
  – Hans-Martin Mosner
  yesterday
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  As I've written in an answer somewhere else: Don't fear your users! goodreads.com/quotes/…
  
  – Hans-Martin Mosner
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  For the logging problem: Log what you know and need (subject to business requirements and regulatory restrictions). User ID, timestamp of connection open and close, server directories visited, file read and write accesses, etc. The client software really shouldn't matter.
  
  – Hans-Martin Mosner
  yesterday
  
  
  

  
  
  
  

add a comment | 

Simple answer: No, there is no sure way. Terminal applications often will report available features when queried with the right escape sequences but this is sometimes not enough to detect which application is used, and it can very easily be faked.

In general, the actual terminal application used should not matter, so maybe you should rephrase your question to state the actual problem you try to solve instead.

share|improve this answer

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

share|improve this answer

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

answered yesterday

Hans-Martin MosnerHans-Martin Mosner

1,325149

4

There might be many tools the clients use, but the underlying techniques or protocols these "tools" might use are same like 'SFTP, SSH, telnet' etc, to connect to the server. So all that system will see is some remote host is trying to open a ssh or sftp session on this server. Check /var/log/secure for more. Some common messages you would come across are:

ssh via tools like putty or xshell:

sshd[19199]: Accepted password for root from 10.10.10.10 port 51162 ssh2

sshd[19199]: pam_unix(sshd:session): session opened for user root by (uid=0)

sftp via winscp :

sshd[19238]: Accepted password for root from 10.10.10.10 port 51163 ssh2

sshd[19238]: pam_unix(sshd:session): session opened for user root by (uid=0)

sshd[19238]: subsystem request for sftp

PS: But there might be some extravagant tools that might do your job.. never say never in this world of software!

share|improve this answer

answered yesterday

sai sasankasai sasanka

881311

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  When sshd is properly configured, no one can log in as root. An administrator must connect his SSH client using his personal credentials, then use sudo to elevate privileges after getting logged in. When someone tries to authenticate as root, it's a red flag that might trigger anti-cracking measures like fail2ban (or a redirect of traffic from the offending IP to a honeypot VLAN).
  
  – Monty Harder
  yesterday
  

  
  
  
  

add a comment | 

4

There might be many tools the clients use, but the underlying techniques or protocols these "tools" might use are same like 'SFTP, SSH, telnet' etc, to connect to the server. So all that system will see is some remote host is trying to open a ssh or sftp session on this server. Check /var/log/secure for more. Some common messages you would come across are:

ssh via tools like putty or xshell:

sshd[19199]: Accepted password for root from 10.10.10.10 port 51162 ssh2

sshd[19199]: pam_unix(sshd:session): session opened for user root by (uid=0)

sftp via winscp :

sshd[19238]: Accepted password for root from 10.10.10.10 port 51163 ssh2

sshd[19238]: pam_unix(sshd:session): session opened for user root by (uid=0)

sshd[19238]: subsystem request for sftp

PS: But there might be some extravagant tools that might do your job.. never say never in this world of software!

share|improve this answer

answered yesterday

sai sasankasai sasanka

881311

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  When sshd is properly configured, no one can log in as root. An administrator must connect his SSH client using his personal credentials, then use sudo to elevate privileges after getting logged in. When someone tries to authenticate as root, it's a red flag that might trigger anti-cracking measures like fail2ban (or a redirect of traffic from the offending IP to a honeypot VLAN).
  
  – Monty Harder
  yesterday
  

  
  
  
  

add a comment | 

There might be many tools the clients use, but the underlying techniques or protocols these "tools" might use are same like 'SFTP, SSH, telnet' etc, to connect to the server. So all that system will see is some remote host is trying to open a ssh or sftp session on this server. Check /var/log/secure for more. Some common messages you would come across are:

ssh via tools like putty or xshell:

sshd[19199]: Accepted password for root from 10.10.10.10 port 51162 ssh2

sshd[19199]: pam_unix(sshd:session): session opened for user root by (uid=0)

sftp via winscp :

sshd[19238]: Accepted password for root from 10.10.10.10 port 51163 ssh2

sshd[19238]: pam_unix(sshd:session): session opened for user root by (uid=0)

sshd[19238]: subsystem request for sftp

PS: But there might be some extravagant tools that might do your job.. never say never in this world of software!

share|improve this answer

answered yesterday

sai sasankasai sasanka

881311

sshd[19199]: Accepted password for root from 10.10.10.10 port 51162 ssh2

sshd[19199]: pam_unix(sshd:session): session opened for user root by (uid=0)

sshd[19238]: Accepted password for root from 10.10.10.10 port 51163 ssh2

sshd[19238]: pam_unix(sshd:session): session opened for user root by (uid=0)

sshd[19238]: subsystem request for sftp

share|improve this answer

answered yesterday

sai sasankasai sasanka

881311

answered yesterday

sai sasankasai sasanka

881311

answered yesterday

sai sasankasai sasanka

881311