Difference between revisions of "SSH Email Alerts"
From Amahi Wiki
Line 1: | Line 1: | ||
This guide shows a simple way to know when someone logged in as root or normal user using [[Key-Based SSH Logins|Secure Shell (SSH)]]. It will send an email alert notification to the specified email address along with the IP address of last login. | This guide shows a simple way to know when someone logged in as root or normal user using [[Key-Based SSH Logins|Secure Shell (SSH)]]. It will send an email alert notification to the specified email address along with the IP address of last login. | ||
− | |||
'''NOTE:''' You must have configured your HDA to send emails. One way to do so is by following the [[Outgoing_mail_via_gmail|Outgoing mail via Gmail]] guidance. | '''NOTE:''' You must have configured your HDA to send emails. One way to do so is by following the [[Outgoing_mail_via_gmail|Outgoing mail via Gmail]] guidance. |
Revision as of 15:02, 3 August 2014
This guide shows a simple way to know when someone logged in as root or normal user using Secure Shell (SSH). It will send an email alert notification to the specified email address along with the IP address of last login.
NOTE: You must have configured your HDA to send emails. One way to do so is by following the Outgoing mail via Gmail guidance.
- As root user create ssh_email_alert.sh with the following text:
#!/bin/bash tmptxt="/tmp/ssh_alert_email.txt" ip="`who -m | cut -d'(' -f2 | cut -d')' -f1`" echo "ALERT - SSH Shell Access" > $tmptxt echo "" >> $tmptxt echo "SSH Login:" >> $tmptxt echo "`who -m`" >> $tmptxt echo "" >> $tmptxt echo "IP:" >> $tmptxt echo "$ip" >> $tmptxt echo "" >> $tmptxt echo "Access time:" >> $tmptxt echo "`date`" >> $tmptxt echo "" >> $tmptxt echo "Current sudo:" >> $tmptxt echo "`whoami`" >> $tmptxt echo "" >> $tmptxt echo "Home path:" >> $tmptxt echo "`pwd`" >> $tmptxt #cat $tmptxt cat $tmptxt | mail -s "Alert: SSH Access from $ip" name@domain.com rm -fr $tmptxt
- NOTE: Ensure you replace name@domain.com with your email address.
- Set execute permissions:
chmod 755 /usr/bin/ssh_email_alert.sh
- Edit /etc/profile and add this to the bottom of the file:
ssh_email_alert.sh
You should not get an email anytime a user logs into your HDA via Secure Shell (SSH).
Reference: Email Alert for SSH login