Send me an e-mail whenever someone logs in via SSH

ssh

Solution 1:

Sshd itself won't do this for you, but you could probably accomplish what you want using the pam_exec module (assuming that you've got SSH using PAM). Something like this might work (in /etc/pam.d/sshd):

session optional pam_exec.so /path/to/your/script

You could also watch /var/log/secure (or your local equivalent) for messages sshd logs when someone logs in, and trigger and email based on that.

You could also probably hack something together using the ForceCommand option in sshd. You would have ForceCommand run a script that would send the email and then use the SSH_ORIGINAL_COMMAND environment variable to run the user's shell (or whatever other command they were attempting to run). I only mention this because it might work, not because I think it's a good idea.

Solution 2:

You could append this to the end of /etc/profile

/bin/bash -c 'HN=`/bin/hostname`; IP=`/bin/hostname -i`; /bin/bash -c "/bin/hostname -i; /bin/hostname; echo; /usr/bin/who --ips; echo; /usr/bin/who --all" | /usr/bin/mailx -s "LOGIN ALERT - $HN ($IP)" root'

This will email root with a list of logged in users everytime bash (the user's shell) is started.

Related

CPU load too high. How to investigate?
How to merge multiple ProxyPass directives in Apache?
MySQL InnoDB: how to switch to Barracuda format?
In Nginx, block user based on X header value
Why is psExec hanging indefinitely and giving no error?
Cisco QoS Guidance
Route specific HTTP requests through pfSense OpenVPN
SSD on Vmware ESXI 4 (TRIM? Good Idea?)
Linux policy routing - packets not coming back [closed]
Is it possible to view the contents of an underlying NFS mount without unmounting the NFS content?
Enabling http access on port 80 for centos 6.3 from console
monitor IO to tmpfs partition?