Displaying Active Users
Problem
You want to find out who else is logged in to a router.
Solution
To see which users are currently logged into the router and on which line, use the show users EXEC command:
Router1#show users
Use the keyword all to view all lines whether a user is currently active or not:
Router1#show users all
Use the EXEC command who to view the same output as the show users command:
Router1#who
To remotely view which users are logged into a router, use the finger command from your management server:
Freebsd% finger @Router1
This last command will work only if the finger service is enabled on the router.
Discussion
The router provides a number of different methods to view active users. The output from all of these commands is nearly identical. For security purposes, for operational reasons, or just for curiosity, many administrators like to know which users are accessing the router.
The format of the output is as follows: the absolute line number, the VTY line number, the username, listing of connected hosts, the inactivity timer, and the source address of the session. Also notice that one line of the output has an asterisk * in the left margin, indicating your current session.
The show users command displays the current active users and their associated line information:
Router1#show users Line User Host(s) Idle Location 66 vty 0 ijbrown idle 00:56:15 freebsd.oreilly.com 67 vty 1 kdooley idle 00:17:52 freebsd.oreilly.com * 68 vty 2 weak idle 00:00:00 freebsd.oreilly.com Interface User Mode Idle Peer Address Router1#
If you add the keyword all to this command, the router will display all of its lines, whether or not they have an active session:
Router1#show users all Line User Host(s) Idle Location 0 con 0 00:00:00 65 aux 0 00:00:00 66 vty 0 ijbrown idle 00:56:24 freebsd.oreilly.com 67 vty 1 kdooley idle 00:18:01 freebsd.oreilly.com * 68 vty 2 weak idle 00:00:00 freebsd.oreilly.com 69 vty 3 00:00:00 70 vty 4 00:00:00 Interface User Mode Idle Peer Address Router1#
The who command is named after popular Unix program, which displays active users. The router's version of who displays exactly the same information as the show users command:
Router1#who Line User Host(s) Idle Location 66 vty 0 ijbrown idle 00:56:58 freebsd.oreilly.com 67 vty 1 kdooley idle 00:18:36 freebsd.oreilly.com * 68 vty 2 weak idle 00:00:00 freebsd.oreilly.com Interface User Mode Idle Peer Address Router1#
The finger command is another popular Unix program that displays the active users of a remote system by using a simple open IP based protocol. The router will respond to any finger request with output similar to that of the show users command. In the following example, we use finger from a Unix server to see which users are logged into a particular router:
Freebsd% finger @Router1 [Router1] Line User Host(s) Idle Location * 66 vty 0 idle 00:00:00 freebsd.oreilly.com 67 vty 1 ijbrown idle 00:01:48 freebsd.oreilly.com 69 vty 3 ijbrown idle 00:59:04 freebsd.oreilly.com Interface User Mode Idle Peer Address Freebsd%
Notice that we were able to remotely extract the active user list without even logging into the router. For security purposes, we recommend that you disable the finger service to prevent illegitimate use of protocol. For example, somebody could use this command to discover a valid username as well as a remote workstation that is allowed to log into the router. This can be a dangerous amount of information to give away freely.
You can disable the finger service on a router with the following configuration command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#no ip finger Router1(config)#end Router1#
For more information regarding the disabling of the finger service, see Recipe 2.7.
See Also
Recipe 2.7; Recipe 3.1; Recipe 3.7; Chapter 4