Scripts, Security

Email notification when someone logs in via SSH

by  •  • 11 Comments

Even if it is too late when someone else logs in as root on your server, it is good to know that NOW is the time to get working on your security.

To setup email notification, login to your server as root.
Edit .bashrc

add the following line at the end, changing “ServerName” to the hostname of your server and “email@thisaddress.com” to your own email address.

Save and exit.

Next time someone (hopefuly you) logs on as root, you will get an email about this.

This can be done for any user, you only have to make sure that the user can email out from your server.

11 comments for “Email notification when someone logs in via SSH

  1. johnlth93
    February 27, 2013 at 17:27

    mail -s “Alert: Root Access from who | cut -d"(" -f2 | cut -d")" -f1myemail@mydomain.com

    doesn’t seem to works
    it just stuck there when i call mail
    do i need additional setting for mail to work?

    Reply
    • lowendguide
      February 27, 2013 at 23:36

      You need an MTA to be able to send emails, If you look at the post about MINSTALL, you can easily install Exim and use that.

      Reply
    • n2j3
      March 30, 2013 at 17:04

      If you really want to save on resources, use the Dragonfly Mail Agent (dma). It will send messages without listening on port 25, ref. http://leaf.dragonflybsd.org/cgi/web-man?command=dma&section=8

      check steve81’s squeeze repo @ LET for a .deb

      Reply
      • lowendguide
        March 31, 2013 at 07:21

        Really nice, wasn’t aware of dma before.

        With that you could use an external relay like google mail or something similar.

        Good find 🙂

        Reply
  2. Pingback: Email on ssh login | 0ddn1x: tricks with *nix
  3. scorpio2k2
    March 4, 2013 at 04:43

    you shoult post your source next time

    http://www.debian-tutorials.com/set-e-mail-alert-on-root-ssh-login

    Reply
    • lowendguide
      March 4, 2013 at 20:58

      I would if I knew, the post was made from a thread on lowendtalk.com.

      I’ll leave your comment here with the link to the site for you to feel better.

      Reply
  4. blocker25
    August 28, 2013 at 10:24

    . . each of the email sent was treated as spam in gmail and thus block you from sending those spam alerts. . .

    Reply
    • lowendguide
      September 3, 2013 at 15:47

      The reason for being marked as spam could be one of many, using a domain not listing your VPS IP as allowed to send emails. No RDNS setup for the IP. short emails with links.
      Each case is different

      Reply
    • lowendguide
      October 8, 2013 at 15:23

      if you mark them as “NOT SPAM” (once) they will end up in your inbox instead.

      Reply
  5. Pingback: Sicherheitsmaßnahmen: WordPress & SSH | Wilfried Lucha

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.