Let’s say that you set up an instance with SSH access, and that you want to know whenever someone logs into it. Be it for security reasons, or perhaps because you’re a control freak who hates it when other people touch your stuff, or because you’re working for a Large Evil Corporation that enjoys tracking people’s every move. Whatever floats your boat.

You can use the following simple script. It will generate a notification containing all current environment variables, e.g. PAM_USER (the user who logged in), and the time of login.

The script makes use of Notify17, a personal notification tool, which lets you receive your own notifications on mobile (Android, iOS) and web. No more risk of losing important alerts in the e-mail clutter!

Note: the || true elements prevent breaking any existing script if the set -e flag is used, for example in case of network failure.

Set it up

To set up this script, all you need to do is:

  • Create a Notify17 account, it’s free!
  • Next, create a raw API key from the dashboard. Remember to label the key meaningfully, e.g. SSH notifications, so you don’t forget what it’s used for.
  • Replace the REPLACE_WITH_RAW_API_KEY text in the script (Above) with your raw API key, and save the script in your machine, e.g. in/opt/notify-ssh.sh.
  • Edit the /etc/pam.d/sshd file and append the following line at the end:
session [default=ignore] pam_exec.so /bin/bash /opt/notify-ssh.sh
  • Test it out by logging in with a new terminal. You should receive a notification in the Notify17 dashboard.
  • Optional but greatly suggested — download the app for Android or iOS to receive the notifications on mobile.

P.s. this example was run on Ubuntu, other OSs may require a different configuration.

Source:

https://medium.com/@cmaster11/how-to-get-notified-whenever-someone-logs-in-via-ssh-947a8f8d4f37

Leave a Reply

Your email address will not be published. Required fields are marked *