Create file login-notify.sh and put it under /etc/ssh
inside of the file put the following code :
#!/bin/sh
# Change these two lines:
sender="sender-address@example.com"
recepient="notify-address@example.org"
if [ "$PAM_TYPE" != "close_session" ]; then
host="`hostname`"
subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
# Message to send, e.g. the current environment variables.
message="`env`"
echo "$message" | mailx -r "$sender" -s "$subject" "$recepient" &
fi
make the code executable
chmod +x login-notify.sh
Add the following line under /etc/pam.d/sshd :
session optional pam_exec.so seteuid /path/to/login-notify.sh
session optional
or require
define if the hook script is sucessfull than the login will be possible