Crony Akatsuki

Hardening Level Pro: Notify on SSH Login

10-11-2023

| linux | ssh | ntfy | security

You ever anxious about somebody possibly gaining access to your machine? Fret not, you can just make it so that on any kind of login to your system directly you can get a notification on your phone.

For this you will need a way to receive the messaggess. I personally use a selfhosted ntfy.sh server.

The most important way of managing your linux vps or in general any machine for most of us is ssh. So why not just get a notification whenever somebody logins!? Even you!

To achieve this you will need to make a shell script and use a pam module, yes you will need to enable UsePAM in your sshd config, but don’t worry it’s secure.

/usr/bin/ntfy-ssh-login.sh

#!/bin/bash
if [ "${PAM_TYPE}" = "open_session" ]; then
  curl \
    -H prio:high \
    -H tags:warning \
    -d "SSH login: ${PAM_USER} from ${PAM_RHOST}" \
    ntfy.sh/{YourTopic}
fi

/etc/pam.d/sshd

# at the end of the file
session optional pam_exec.so /usr/bin/ntfy-ssh-login.sh

Also make sure that pam is realoaded using this command pam-auth-update --force --package.

You can modify the script to do email or anything else, but I prefer ntfy since the notification are instant.

Hope this was of help and let’s see you in another post.