Unnecessary connections after being disconnected from a Linux SSH connection | by Teri Radichel | Cloud Security | January 2024


If you are logged out, run this command to ensure you only have the expected connections

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~

💻 Free content on Cybersecurity Jobs | ✉️ Register for Broadcast list

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ ~~~~~~

Just now my network crashed and I was disconnected from my AWS Linux EC2 instance. It happens. I’m still looking for a few things on my network.

But after logging out and back in, I noticed there were TWO connections on my Linux host. I’m the only one who needs to log in and my network is locked to only allow connections from my IP address.

Maybe when I was logged out my connection was still up for some strange reason. Anyway, I’m only waiting for one connection: mine.

So just to be safe, I shut down and restarted my EC2 instance to remove all existing connections. Then I logged back in and only saw my own connection.

If anyone else was connected from my network it would be a problem. Was this coming from my firewall? My UDM Pro? My laptop? Another computing device? Is there another way for someone to resume an existing session without even being on my network?

Things that make you go hmmmmmm.

In any case, if you want to check who is connected to your Linux instance, type this command:


If you want to learn more about the w command, use the man command to get more information:

man w

You can also use the who command to see who is logged in:


Follow for updates.

Teri Radichel | © 2nd sight laboratory 2023

The best way to support this blog is to subscribe to the broadcast list And type for the stories you love. If you are interested in IANS Decision Support Services so you can schedule security consulting calls with myself and other IANS faculty, please contact us on LinkedIn via the link

Leave a comment