Image

Knowledge base → Sending a notification upon successful ssh login on Debian 12

[Virtual servers]
Date of publication: 05.10.2023

Every time a user logs into ssh, we will send an email notification. It will contain information, including the time and IP address from which the successful connection was made.

Such notifications allow you to control and see when and who worked with the server using ssh.

To send letters from the console using authorization, we need to install the necessary packages and configure them.

1. Installation:

apt install ssmpt
apt install mailutils

2. Setting up the ssmtp service, let's bring the file to this form:

nano /etc/ssmtp/ssmtp.conf

UseSTARTTLS=YES
root=email@domain.tld
mailhub=mail.domain.tld:587
AuthUser=email@domain.tld
AuthPass=P@ssw0rd
FromLineOverride=YES

3. Let's edit the file that is executed when users log in:

nano /home/user1/.bashrc

echo 'ALERT - user1 ssh access (server-name) on:' `date` `who` | mail -s "SSH Login" to@domain.tld
...
# ~/.bashrc: executed by bash(1) for non-login shells.

4. Now, every time user1 logs in, a notification will be sent:

ALERT - user1 ssh access (server-name) on: Thu Oct 5 14:41:21 UTC 2023 user1 pts/0 (xx.ip.xx.ip)

5. Permission settings Since the .bashrc file is located in the user’s folder, he is allowed to edit it by default; to deny it, let’s disable write rights for the root user:

chmod 444 /home/user1/.bashrc

Ready. Now this user, once logged in, will not be able to disable configured notifications.





No Comments Yet