How can I configure my server to notify me whenever it is remotely accessed via ssh?

ssh ubuntu email

Solution 1:

pam_script will run any program you want when a user logs in.

Solution 2:

You should be able to do so with a rule in /etc/hosts.allow. Try something like:

sshd: ALL: (/usr/bin/echo "SSH connection from %h (%H)" | /usr/bin/mailx -s "SSH Alert" [email protected])

You can get more detail from a script run from /etc/profile.d, or included in /etc/profile. However, this will only work if the user logs in to an interactive session.

If you don't need immediate notification, the logcheck program can notify you hourly of any accesses in the last hour. You will need to add appropriate rules to the configuration.

EDIT: Ubuntu uses the incompatible hosts_options format to execute shell commands. The follow rule is what I implemented:

SSHD: ALL: spawn (/bin/echo "SSH connection to %H from %h[%a]" | \
     /usr/bin/mailx -s "SSH Alert" [email protected])

Notes: Backslash notation can be used to wrap lines as above. Substitution characters are documented in the hosts.allow man page.

Related

Strange processes on Server consume CPU
iptable rules not blocking
How to fix "ruby installation is missing psych (for YAML output)." on CentOS?
Leverage proxy caching with nginx by removing Set-Cookie header
Is there a way to tell a device name (computer name) which connects to the internet jack from a wall without accessing the switch to find out?
What's the minimum required Squid config to make a public proxy server?
Command to determine type of AIX hardware
Logstash binding to a port already in use
How to enable OPcache in Debian?
LSI MegaRAID Expected Chip Temperature?
Add authentication keys to dropbear ssh?
Static IP for cloudfront