Alert SSH Login - haiquang9994/dev_env GitHub Wiki

Add a script to /etc/ssh

sudo vim /etc/ssh/login_notify.sh

#!/usr/bin/env bash
# Content of /etc/ssh/login_notify.sh
TELEGRAM_TOKEN=""
CHAT_ID=""

if [ ${PAM_TYPE} = "open_session" ]; then
  MESSAGE="$PAM_USER@$PAM_RHOST: knock knock via $PAM_SERVICE"
  curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_TOKEN/sendMessage" -d chat_id="$CHAT_ID" -d text="$MESSAGE" > /dev/null 2>&1
fi

sudo chmod +x /etc/ssh/login_notify.sh

Test

PAM_TYPE="open_session" /etc/ssh/login_notify.sh

# Telegram > "@: knock knock via"

Modify PAM configuration to trigger the script

sudo vim /etc/pam.d/sshd

Add to the end:

# Login Telegram Notification
session optional pam_exec.so /etc/ssh/login_notify.sh