Verifying which IP addresses have logged in through SSH and blacklisting the sessions

The IP or the IP range you want to blacklist have already logged in through SSH. Blacklisting one or more IP addresses or domains prevents connection attempts by these sources in the future. If they are already logged into the appliance, then follow the steps to evict those sessions:

1. Use the command to find which all IP addresses have logged in through SSH:

   sudo netstat -natp | grep ssh | grep -v *|  awk '{print $5 "\t" $7}'
   kill -9 <pid-of-blacklisted-ssh-session>

2. Detect IP and PIDs of the SSH sessions by using the following command:

   ssmcadmin@ssmc:~$ sudo netstat -natp | grep ssh | grep -v *|  awk '{print $5 "\t" $7}'
   10.0.0.126:62417    18434/sshd:
   10.0.0.125:58279    2594/sshd:
   10.0.0.126:62408    18427/sshd:
   

3. Identify blocked IP addresses to evict. In this case, it is 10.0.0.126. Use their PIDs in the following kill command:

   ssmcadmin@ssmc:~$ sudo kill -9 18434 18427
   ssmcadmin@ssmc:~$