SSH login alerts

Create file login-notify.sh and put it under /etc/ssh
inside of the file put the following code :

#!/bin/sh
# Change these two lines:
sender="sender-address@example.com"
recepient="notify-address@example.org"
if [ "$PAM_TYPE" != "close_session" ]; then
host="`hostname`"
subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
# Message to send, e.g. the current environment variables.
message="`env`"
echo "$message" | mailx -r "$sender" -s "$subject" "$recepient" &
fi

make the code executable

chmod +x login-notify.sh

Add the following line under /etc/pam.d/sshd :

session optional pam_exec.so seteuid /path/to/login-notify.sh

session optional or require define if the hook script is sucessfull than the login will be possible

This entry was posted in Linux. Bookmark the permalink.

Leave a Reply