In Linux Server Hacks, I gave the following tiny script (called ssh-to) as a simple time saver to use when logging into ssh with client keys:
ssh `basename $0` $*
The idea was to put this somewhere in your PATH, and make symlinks to it using the name of the machine you want to log into. This is very similar to the symlink functionality that rsh provides.
I've added a tiny bit of code to ssh-to to make it even more useful. Try this:
[ -r $TIMESTAMP ] && cat $TIMESTAMP
echo " Last ssh:" `date +'%a %b %e %H:%M:%S %Y'` > $TIMESTAMP
ssh -AC $ME $*
The first time you use it to log into a machine, it creates a timestamp file (called .[machine name].timestamp in your ~/.ssh directory). On subsequent logins, it shows the timestamp of the last time you logged in just before it connects. The spacing coincides nicely with the "Last login" message displayed by most servers on login. For example:
Last ssh: Tue Aug 26 22:17:50 2003
Last login: Tue Aug 26 22:17:50 2003 from caligula.rob.swn
This tells you at a glance the difference between the last time you used the script to log in, and the last time the system noticed your presence. If these times are greatly out of sync, it can mean one of three things:
While not completely foolproof, it gives you a bit more information than the default login time display (do you really remember every time you log into a box? To the second?) Of course, it is standard procedure to doctor the logs on any box that has been compromised by would-be system hijackers. But if you give any credence to the last log system, this tiny script can give you yet another data point to be paranoid about.
- You aren't syncing your system times with ntpd
- You logged into the server from some machine other than your laptop
- Someone else has been using your account