Login Get Started
Hostxpeed
Login Get Started →
Getting Started

How to View Login History

5 min read
21 views
Jun 10, 2026

Prerequisites

Before viewing login history, make sure you have:

  • SSH access to your VPS
  • Root or sudo privileges

Method 1: View Currently Logged-in Users

Connect to your VPS:

ssh hxroot@YOUR_SERVER_IP -p 22

Show who is logged in right now:

who

Example output:

hxroot   pts/0        2026-04-28 10:30 (192.168.1.100)
john     pts/1        2026-04-28 11:45 (203.0.113.50)
w

Shows more details including what commands they are running.

users

Just lists usernames.

Method 2: View Last Logins (last Command)

last -10

Shows last 10 logins including successful and system reboots.

Example output:

hxroot   pts/0        192.168.1.100    Mon Apr 28 10:30   still logged in
hxroot   pts/0        192.168.1.100    Sun Apr 27 15:22 - 17:45  (02:23)
reboot   system boot  4.15.0          Sun Apr 27 15:20   still running
john     pts/1        203.0.113.50     Sat Apr 26 09:15 - 12:30  (03:15)

Method 3: View Last Login per User

lastlog

Shows last login time for all users:

Username         Port     From             Latest
hxroot           pts/0    192.168.1.100    Mon Apr 28 10:30:15 +0000 2026
john             pts/1    203.0.113.50     Sat Apr 26 09:15:30 +0000 2026
nobody           **Never logged in**

Method 4: Check Failed Login Attempts

lastb -10

Shows last 10 failed login attempts:

root     ssh:notty    185.45.6.78      Mon Apr 28 05:23:15 2026 - 05:23:15  (00:00)
admin    ssh:notty    185.45.6.78      Mon Apr 28 05:23:12 2026 - 05:23:12  (00:00)

Method 5: View SSH Auth Logs

grep "Accepted" /var/log/auth.log | tail -20

For CentOS/RHEL:

grep "Accepted" /var/log/secure | tail -20

Show login times only:

grep "Accepted password" /var/log/auth.log | awk '{print $1,$2,$3,$9,$11}'

Method 6: View All Authentication Events

sudo journalctl -u ssh -n 50

Method 7: Check History of Reboots

last -x | grep reboot | head -10

Method 8: Export Login History to File

last > login_history.txt
lastb > failed_logins.txt

Monitor Login History in Real Time

tail -f /var/log/auth.log | grep "Accepted"

Press Ctrl+C to stop.

Check Logins for Specific Date

last | grep "Apr 27"

Security Audit Script

#!/bin/bash
echo "=== Current Logged-in Users ==="
who
echo ""
echo "=== Last 5 Successful Logins ==="
last -5
echo ""
echo "=== Last 5 Failed Logins ==="
lastb -5
echo ""
echo "=== Users Who Never Logged In ==="
lastlog | grep "Never"

⚠️ Unexplained login attempts from unknown IPs indicate a security breach. Check lastb for brute force attacks.

Clear Login History (If Needed)

For legitimate reasons (maintenance):

echo "" > /var/log/wtmp
echo "" > /var/log/btmp

✅ You can now view login history and identify any unauthorized access attempts on your Hostxpeed VPS.

Was this article helpful?