Email notification about each SSH connection to Linux server

Since you clarified that you want an email for each successful authentication, pam_notify is a great candidate module for this.

Add it as a session required line at the end of your /etc/pam.d/sshd or equivalent file.


The best practice is don't unless you REALLY have to (the security of this machine is THAT critical).

If you REALLY have to, you don't want to muck about with shell .rc files that people can change - that's a half-baked solution.

The Right Way is probably to use the audit facilities built into Linux (see the man pages for auditd, and its configuration file auditd.conf), but I have very limited experience with the audit facilities in Linux (in particular I'm not sure the audit subsystem makes it easy to send emails -- I know you can on FreeBSD without too much trouble though).

The less-right-but-still-decent way would be to use a PAM module that always succeeds and kicks out an email saying who tried to log in.

The least-right-but-at-least-your-inbox-isnt-full way would be to batch up your auth.log file or equivalent and email it to someone every night. If all you need is a basic record this would be my choice: The volume of email generated from my other suggestions would be heinous on a system with lots of activity.