Software & AppsOperating SystemLinux

How To Set Up Email Alerts for Successful SSH Logins on Ubuntu

Ubuntu 12

In this article, we’ll be discussing how to set up email alerts for successful SSH logins on an Ubuntu system. This can be an important security measure for servers, as it allows you to keep track of who is accessing your system and when.

Quick Answer

To set up email alerts for successful SSH logins on Ubuntu, you can use either the pam_exec module or the sshrc file. Both methods involve creating a script that sends an email notification when a successful SSH login occurs. The script is then configured to be executed either through PAM or the sshrc file. Testing the setup by logging in via SSH should result in receiving an email notification with the login details.

Prerequisites

Before we begin, ensure that you have:

  • An Ubuntu system
  • SSH installed and configured
  • Root or sudo access

Method 1: Using pam_exec

pam_exec is a pluggable authentication module (PAM) that can execute arbitrary commands during a PAM session. We can use this to trigger an email alert when a successful SSH login occurs.

Step 1: Create the Notification Script

First, create a script file (e.g., login-notify.sh) in your preferred directory. This script will send the email alert when executed.

Here’s a basic example of what the script could look like:

#!/bin/bash
sender="noreply@yourdomain.com"
recipient="your-email@domain.com"
subject="SSH Login Notification"
message="User $PAM_USER logged in on `hostname` at `date`"
echo "$message" | mail -s "$subject" -r "$sender" "$recipient"

In this script, we’re using the mail command to send an email. The -s option sets the subject of the email, and the -r option sets the sender.

Step 2: Configure the Script

Make the script executable and owned by root to prevent unauthorized modifications:

chmod +x login-notify.sh
sudo chown root:root login-notify.sh

Step 3: Modify the PAM Configuration

Next, add the following line to /etc/pam.d/sshd:

session optional pam_exec.so seteuid /path/to/login-notify.sh

This line tells PAM to execute our script whenever a new SSH session is started.

Step 4: Test the Setup

Finally, test the setup by logging in via SSH. You should receive an email notification with the details of the login.

Method 2: Using sshrc

Another method to set up email alerts for successful SSH logins is by using sshrc. This is a file that is executed whenever an SSH session is started.

Step 1: Modify the sshrc File

Open or create the /etc/ssh/sshrc file and add the following lines:

ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
logger -t sshd "$USER login from $ip"
echo "$USER login on `date` from $ip" | mail -s "SSH Login Alert" your-email@domain.com

In this code, we’re using the logger command to log the login details, and the mail command to send the email alert.

Step 2: Test the Setup

Test the setup by logging in via SSH. You should receive an email notification with the details of the login.

Conclusion

Setting up email alerts for successful SSH logins can enhance your server’s security by keeping you informed of all access. While we’ve covered two methods in this article, there are many other ways to achieve this, such as using log monitoring tools or custom scripts. Always ensure to protect any sensitive information and configure your system to prevent unauthorized access.

What is SSH?

SSH stands for Secure Shell and is a cryptographic network protocol that allows secure remote login and command execution over an unsecured network. It provides a secure way to access and manage remote systems.

Why is it important to set up email alerts for successful SSH logins?

Setting up email alerts for successful SSH logins allows you to monitor and keep track of who is accessing your system. This can be crucial for security purposes, as it helps you detect any unauthorized access and take appropriate action.

Can I use any email service provider to send the email alerts?

Yes, you can use any email service provider as long as you have the necessary SMTP (Simple Mail Transfer Protocol) server information to configure the email settings in your script or configuration file. Make sure to provide the correct SMTP server, port number, username, and password for successful email delivery.

How can I customize the email alert message?

You can customize the email alert message by modifying the script or configuration file that sends the email. You can change the subject, sender, recipient, and message content according to your preferences. Just make sure to follow the proper syntax and format required by the email command or library you are using.

Are there any security considerations when setting up email alerts for SSH logins?

Yes, there are a few security considerations to keep in mind. Firstly, ensure that the script or configuration file that sends the email does not contain any sensitive information, such as passwords or private keys. Secondly, protect the script or configuration file from unauthorized modifications by setting appropriate file permissions and ownership. Finally, consider encrypting the email communication using technologies like TLS (Transport Layer Security) to secure the transmission of the email alert.

Leave a Comment

Your email address will not be published. Required fields are marked *