ntfy-ssh-event
ntfy-ssh-event
(Notify on SSH event)
This little script is called by the PAM daemon whenever there is a successful event in SSH, it ignores my own personal events, because I log in and out frequently, and don't want to hear my phone that much, just get rid of the first check if that's an issue.
- ntfy-ssh-event.sh
#!/usr/bin/bash # /etc/pam-scripts/ntfy-ssh-event.sh # This works with PAM, and appended to the bottom of /etc/pam.d/sshd; # # This should send an alert whenever anyone logs in; # session optional pam_exec.so /etc/pam-scripts/ntfy-ssh-event.sh # No login alerts for me... [ ${PAM_USER} == "steve" ] && exit echo "SSH event: ${PAM_TYPE}, ${PAM_USER} from ${PAM_RHOST} on ${HOSTNAME} at $(date +'%Y-%m-%d+%H:%M:%S')" | mailx -s "SSH Alert" 5135551111@tmomail.net
What I get as a text message looks like;
SSH Alert / SSH event: open_session, steve from 192.168.1.14 on Nuc at 2026-04-22+11:00:23
This requires a mail demon like postfix (configured as a satellite) and mailutils.
ntfy-ssh-event.txt · Last modified: by steve