In this article, we’ll be discussing how to set up email alerts for successful SSH logins on an Ubuntu system. This can be an important security measure for servers, as it allows you to keep track of who is accessing your system and when.
To set up email alerts for successful SSH logins on Ubuntu, you can use either the
pam_exec module or the
sshrc file. Both methods involve creating a script that sends an email notification when a successful SSH login occurs. The script is then configured to be executed either through PAM or the
sshrc file. Testing the setup by logging in via SSH should result in receiving an email notification with the login details.
Before we begin, ensure that you have:
- An Ubuntu system
- SSH installed and configured
- Root or sudo access
Method 1: Using
pam_exec is a pluggable authentication module (PAM) that can execute arbitrary commands during a PAM session. We can use this to trigger an email alert when a successful SSH login occurs.
Step 1: Create the Notification Script
First, create a script file (e.g.,
login-notify.sh) in your preferred directory. This script will send the email alert when executed.
Here’s a basic example of what the script could look like:
subject="SSH Login Notification"
message="User $PAM_USER logged in on `hostname` at `date`"
echo "$message" | mail -s "$subject" -r "$sender" "$recipient"
In this script, we’re using the
-s option sets the subject of the email, and the
-r option sets the sender.
Step 2: Configure the Script
Make the script executable and owned by root to prevent unauthorized modifications:
chmod +x login-notify.sh
sudo chown root:root login-notify.sh
Step 3: Modify the PAM Configuration
Next, add the following line to
session optional pam_exec.so seteuid /path/to/login-notify.sh
This line tells PAM to execute our script whenever a new SSH session is started.
Step 4: Test the Setup
Finally, test the setup by logging in via SSH. You should receive an email notification with the details of the login.
Method 2: Using
Another method to set up email alerts for successful SSH logins is by using
sshrc. This is a file that is executed whenever an SSH session is started.
Step 1: Modify the
Open or create the
/etc/ssh/sshrc file and add the following lines:
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
logger -t sshd "$USER login from $ip"
echo "$USER login on `date` from $ip" | mail -s "SSH Login Alert" firstname.lastname@example.org
In this code, we’re using the
logger command to log the login details, and the
Step 2: Test the Setup
Test the setup by logging in via SSH. You should receive an email notification with the details of the login.
Setting up email alerts for successful SSH logins can enhance your server’s security by keeping you informed of all access. While we’ve covered two methods in this article, there are many other ways to achieve this, such as using log monitoring tools or custom scripts. Always ensure to protect any sensitive information and configure your system to prevent unauthorized access.
SSH stands for Secure Shell and is a cryptographic network protocol that allows secure remote login and command execution over an unsecured network. It provides a secure way to access and manage remote systems.
Setting up email alerts for successful SSH logins allows you to monitor and keep track of who is accessing your system. This can be crucial for security purposes, as it helps you detect any unauthorized access and take appropriate action.
Yes, you can use any email service provider as long as you have the necessary SMTP (Simple Mail Transfer Protocol) server information to configure the email settings in your script or configuration file. Make sure to provide the correct SMTP server, port number, username, and password for successful email delivery.
You can customize the email alert message by modifying the script or configuration file that sends the email. You can change the subject, sender, recipient, and message content according to your preferences. Just make sure to follow the proper syntax and format required by the email command or library you are using.
Yes, there are a few security considerations to keep in mind. Firstly, ensure that the script or configuration file that sends the email does not contain any sensitive information, such as passwords or private keys. Secondly, protect the script or configuration file from unauthorized modifications by setting appropriate file permissions and ownership. Finally, consider encrypting the email communication using technologies like TLS (Transport Layer Security) to secure the transmission of the email alert.