This is the traditional "Last login:" message on steroids!
Parses the output from last and displays the following data:
- The date and host of your last login that is now closed (alternatively, a notice if this is your first time logging in)
- The list of all sessions that are still logged in
The library also includes the ability to print the host names in a more "friendly" format; instead of printing out something non-descriptive like Last login from dsl-123-53.geneseo.net, you can adjust the script to print Last login from work instead. See friendly-hostnames for more details.
The script ignores all non-remote connections, and only displays the last connections via ssh (or whatever other types of connections that are logged to /var/log/wtmp, such as getty/login and ftpd). Connections such as ssh localhost will show up in the history, while opening up a terminal window on the machine will not.
All of these features should make spotting "unwanted" connections much easier.
Let's connect to this computer, then disconnect again immediately:
$ ssh localhost
[localhost] Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-23-generic i686)
[localhost] $ exit
$ last-login
Last logged in 3 seconds ago from this computer
In this case, it looks like I forgot to log out of my SSH session at work:
$ last-login
Last logged in 3 hours ago from home
You are still logged in on the following machines:
* Logged in 2 hours ago from work on pts/17
Uh oh, I don't recognize that host name; looks like some "malicious user" logged into my server without my knowledge. Better change my password!
$ last-login
Last logged in 3 days ago from 172.56.2x.yz