Difference between revisions of "SSH Email Alerts"

Latest revision as of 00:47, 3 November 2014

This guide shows a simple way to know when someone logged in as root or normal user using Secure Shell (SSH). It will send an email alert notification to the specified email address along with the IP address of last login.

PREREQUISITE: You must have configured your HDA to send emails. One way to do so is by following the Outgoing mail via Gmail guidance.

Method 1

As root user create /usr/bin/ssh_email_alert with the following text:

#!/bin/bash

tmptxt="/tmp/ssh_alert_email.txt"

ip="`who -m | cut -d'(' -f2 | cut -d')' -f1`"

echo "ALERT - SSH Shell Access"  > $tmptxt

echo "" >> $tmptxt
echo "SSH Login:" >> $tmptxt
echo "`who -m`" >> $tmptxt

echo "" >> $tmptxt
echo "IP:" >> $tmptxt
echo "$ip" >> $tmptxt

echo "" >> $tmptxt
echo "Access time:" >> $tmptxt
echo "`date`" >> $tmptxt

echo "" >> $tmptxt
echo "Current sudo:" >> $tmptxt
echo "`whoami`" >> $tmptxt

echo "" >> $tmptxt
echo "Home path:" >> $tmptxt
echo "`pwd`" >> $tmptxt

#cat $tmptxt
cat $tmptxt | mail -s "Alert: SSH Access from $ip" name@domain.com

rm -fr $tmptxt

NOTE: Ensure you replace name@domain.com with your email address.

Set execute permissions:

chmod 755 /usr/bin/ssh_email_alert

Edit /etc/profile and add this to the bottom of the file:

ssh_email_alert

Reference: Email Alert for SSH login

Method 2

As root user edit /etc/profile and add this to the bottom of the file:

if [ -n "$SSH_CLIENT" ]; then 
  TEXT="$(date): SSH login to ${USER}@$(hostname -f)" 
  TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"
  echo $TEXT|mail -s "SSH Login" name@domain.com
fi

NOTE: Ensure you replace name@domain.com with your email address.

You should not get an email anytime a user logs into your HDA via Secure Shell (SSH).

@@ Line 1: / Line 1: @@
-This guide shows a simple way to know when someone logged in as root or normal user.  It will send an email alert notification to the specified email address along with the IP address of last login.
+This guide shows a simple way to know when someone logged in as root or normal user using [[Key-Based SSH Logins|Secure Shell (SSH)]].  It will send an email alert notification to the specified email address along with the IP address of last login.
-* [[Open_Terminal|As root user]] create ''ssh_email_alert.sh'' with the following text:
+'''PREREQUISITE:'''  You must have configured your HDA to send emails.  One way to do so is by following the [[Outgoing_mail_via_gmail|Outgoing mail via Gmail]] guidance.
+== Method 1 ==
+* [[Open_Terminal|As root user]] create ''/usr/bin/ssh_email_alert'' with the following text:
 <pre>#!/bin/bash
@@ Line 13: / Line 16: @@
 echo "SSH Login:" >> $tmptxt
 echo "`who -m`" >> $tmptxt
 echo "" >> $tmptxt
@@ Line 26: / Line 28: @@
 echo "Current sudo:" >> $tmptxt
 echo "`whoami`" >> $tmptxt
 echo "" >> $tmptxt
@@ Line 40: / Line 41: @@
 * Set execute permissions:
-  chmod 755 /usr/bin/ssh_email_alert.sh
+  chmod 755 /usr/bin/ssh_email_alert
 * Edit ''/etc/profile'' and add this to the bottom of the file:
-  ssh_email_alert.sh
+  ssh_email_alert
+Reference:  [http://linux.alanstudio.hk/ssh_emailalert.htm Email Alert for SSH login]
+== Method 2 ==
+* [[Open_Terminal|As root user]] edit ''/etc/profile'' and add this to the bottom of the file:
+<pre>if [ -n "$SSH_CLIENT" ]; then
+  TEXT="$(date): SSH login to ${USER}@$(hostname -f)"
+  TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"
+  echo $TEXT|mail -s "SSH Login" name@domain.com
+fi</pre>
-You should not get an email anytime a user logs into your HDA via Secure Shell.
+:'''NOTE:'''  Ensure you replace name@domain.com with your email address.
-Reference:  [http://linux.alanstudio.hk/ssh_emailalert.htm Email Alert for SSH login]
+You should not get an email anytime a user logs into your HDA via [[Key-Based SSH Logins|Secure Shell (SSH)]].

Amahi Wiki

Links

Personal tools

Navigation

Tools

Difference between revisions of "SSH Email Alerts"

Latest revision as of 00:47, 3 November 2014

Method 1

Method 2