Let’s say that you set up an instance with SSH access, and that you want to know whenever someone logs into it. Be it for security reasons, or perhaps because you’re a control freak who hates it when other people touch your stuff, or because you’re working for a Large Evil Corporation that enjoys tracking people’s every move. Whatever floats your boat.
You can use the following simple script. It will generate a notification containing all current environment variables, e.g.
PAM_USER (the user who logged in), and the time of login.
The script makes use of Notify17, a personal notification tool, which lets you receive your own notifications on mobile (Android, iOS) and web. No more risk of losing important alerts in the e-mail clutter!
|| true elements prevent breaking any existing script if the
set -e flag is used, for example in case of network failure.
Set it up
To set up this script, all you need to do is:
- Create a Notify17 account, it’s free!
- Next, create a raw API key from the dashboard. Remember to label the key meaningfully, e.g.
SSH notifications, so you don’t forget what it’s used for.
- Replace the
REPLACE_WITH_RAW_API_KEYtext in the script (Above) with your raw API key, and save the script in your machine, e.g. in
- Edit the
/etc/pam.d/sshdfile and append the following line at the end:
session [default=ignore] pam_exec.so /bin/bash /opt/notify-ssh.sh
- Test it out by logging in with a new terminal. You should receive a notification in the Notify17 dashboard.
- Optional but greatly suggested — download the app for Android or iOS to receive the notifications on mobile.
P.s. this example was run on Ubuntu, other OSs may require a different configuration.