Email notification about each SSH connection to Linux server

ssh security linux email

Since you clarified that you want an email for each successful authentication, pam_notify is a great candidate module for this.

Add it as a session required line at the end of your /etc/pam.d/sshd or equivalent file.


The best practice is don't unless you REALLY have to (the security of this machine is THAT critical).

If you REALLY have to, you don't want to muck about with shell .rc files that people can change - that's a half-baked solution.

The Right Way is probably to use the audit facilities built into Linux (see the man pages for auditd, and its configuration file auditd.conf), but I have very limited experience with the audit facilities in Linux (in particular I'm not sure the audit subsystem makes it easy to send emails -- I know you can on FreeBSD without too much trouble though).

The less-right-but-still-decent way would be to use a PAM module that always succeeds and kicks out an email saying who tried to log in.

The least-right-but-at-least-your-inbox-isnt-full way would be to batch up your auth.log file or equivalent and email it to someone every night. If all you need is a basic record this would be my choice: The volume of email generated from my other suggestions would be heinous on a system with lots of activity.

Related

How do I split a string against a character in BASH?
What is the difference between sauce and dressing? [closed]
What does "Sperit" means?
Archaic phrase similar to "not give a damn"
Brackets within brackets
Is there a word meaning “disposed to correct one’s own behaviour quickly”?
Idiom for scientific charts & graphs on a subject
Word-choice question: "His camera accompanied him everywhere/wherever he went in the world."
"to what extent" vs. "to what level" [duplicate]
Target or Subject of a Requirement or Criteria
On being golden
Is there a word to describe the kind of sentence where one uses one's own point to prove one's point?