Email notification when user logs on via ssh

F4lC0N · n00b Joined: 03 Jan 2004 Posts: 20

Ive searched and searched but cant find out how to get an email sent whenever some one logs on via ssh

so what i want is something that sends an email to say monitor@domain.com every time a user logs on.

can any one give me a few pointers or a solution ? im not a good programer so writing a script that goes threw the logs isnt an option.

echto · Tux's lil' helper Joined: 30 Jun 2002 Posts: 106

Quick and dirty.

tail -f /var/log/messages | grep sshd | grep opened | mail -s ssh your@emailaddr.com

Genone · Posted: Mon Jun 27, 2005 10:54 pm Post subject:

I'd just hack something into /etc/profile.

F4lC0N · n00b Joined: 03 Jan 2004 Posts: 20

Genone · Posted: Tue Jun 28, 2005 12:31 am Post subject:

When you're logged in with ssh it sets a few environment variables (SSH_CONNECTION, SSH_CLIENT and a few more), just test for those in a if statement in /etc/profile:

F4lC0N · n00b Joined: 03 Jan 2004 Posts: 20

that sounds pretty good

I take it theres an enviroment variable that i can insert into the email to say what the user name is ?

echto · Tux's lil' helper Joined: 30 Jun 2002 Posts: 106

F4lC0N · n00b Joined: 03 Jan 2004 Posts: 20

Thanks heres what ive got

if [ -n "$SSH_CONNECTION" ]; then
echo "WARNING: user $USER has loged on " |mail -s"WARNING: user $USER has loged on " user@domain.com
fi

works like a charm
sends and email with the users name in when the ssh in and doesnt send one if the sftp in

Thanks for your help

mach.82 · Posted: Mon Aug 08, 2005 10:51 pm Post subject:

I don't have the mail command in my Gentoo system as I am using postfix!
Also, I don't think ssmtp and postfix can co-exist in the same system.
Q: What else can I use instead of the mail command with Postfix?
Thanks.

zOOz · n00b Joined: 24 Sep 2003 Posts: 27 Location: Lithuania