#!/bin/bash

echo -e "\n**Current SSH Connections:**\n"
echo -e "IP Address\t\tAuth Method\t\tCountry"

# Get all active SSH connection IPs
netstat -napt | grep "ESTABLISHED.*ssh" | awk '{print $5}' | cut -d':' -f1 | sort -u | while read -r ip; do
    # Check if the IP used a password
    if sudo grep -E "Accepted password|Accepted publickey|Accepted keyboard-interactive|Accepted gssapi" /var/log/auth.log* | grep -q "$ip"; then
        auth_method=$(sudo grep -E "Accepted password|Accepted publickey|Accepted keyboard-interactive|Accepted gssapi" /var/log/auth.log | grep "$ip" | awk '{print $9}')
    else
        auth_method="Unknown"
    fi

    # Get geolocation of the IP
    country=$(whois "$ip" | grep -i "country" | awk '{print $2}' | head -n 1)
    if [[ -z "$country" ]]; then
        country="Unknown"
    fi

    # Print results
    echo -e "$ip\t\t$auth_method\t\t$country"
done

echo -e "\n Done"