How To Get Email Alerts for SSH Login on Linux Server

Monitoring SSH logins to your Linux server is crucial for maintaining the security of your system. One way to stay informed about login activity is by setting up email alerts whenever someone logs in via SSH. In this step-by-step guide, we will show you how to configure your Linux server to send email notifications when an SSH login occurs.

Step 1: Install the mail utility

First, you need to install a mail utility that will allow your server to send emails. We’ll use “mailutils” for this purpose. To install mailutils on your Ubuntu or Debian-based system, run the following command:

sudo apt-get update
sudo apt-get install -y mailutils

On CentOS, RHEL, or Fedora-based systems, use the following command:

sudo yum install -y mailx

Step 2: Configure the email script

Next, create a script that will send an email notification with the SSH login details. Create a new file called “ssh_login_notify.sh” in the “/usr/local/bin” directory:

sudo nano /usr/local/bin/ssh_login_notify.sh

Add the following lines to the script:

#!/bin/bash

# Change this to your email address
recipient="your-email@example.com"
subject="SSH Login Alert"
message="SSH login detected on $(hostname) at $(date) by user $(whoami) from $(echo $SSH_CONNECTION | awk '{print $1}')"

echo "$message" | mail -s "$subject" "$recipient"

Replace “your-email@example.com” with your email address. Save and exit the editor.

See also  How to Restrict Access to Specific Websites using Squid Proxy Server on CentOS 6.2

Make the script executable:

sudo chmod +x /usr/local/bin/ssh_login_notify.sh

Step 3: Configure SSH to run the script on login

Edit the SSH configuration file “/etc/ssh/sshd_config” to run the email script whenever someone logs in:

sudo nano /etc/ssh/sshd_config

Add the following line at the end of the file:

ForceCommand /usr/local/bin/ssh_login_notify.sh; $SSH_ORIGINAL_COMMAND

Save and exit the editor.

Restart the SSH service to apply the changes:

sudo systemctl restart sshd

Now, you will receive an email notification whenever someone logs in to your server via SSH.

See also  How to List User Groups on CentOS

Commands Mentioned:

  • apt-get update – Update package repositories
  • apt-get install – Install specified packages and their dependencies
  • yum install – Install specified packages and their dependencies (CentOS/RHEL/Fedora)
  • nano – Open the specified file in the nano text editor
  • chmod – Change the permissions of a file
  • systemctl restart – Restart a system service

Conclusion

In this guide, we’ve shown you how to set up email alerts for SSH logins on your Linux server. By configuring your server to send notifications, you can stay informed about SSH login activity and take appropriate action if you notice any unauthorized access.

Please note that while this method is useful for monitoring login activity, it’s crucial to maintain the overall security of your server by keeping your system up-to-date, using strong passwords, enabling key-based authentication, and setting up firewalls. Additionally, you can implement other security measures, such as using intrusion detection systems (IDS) and intrusion prevention systems (IPS), configuring two-factor authentication (2FA) for SSH logins, and regularly auditing your server’s security settings.

See also  How to Install Cola on Ubuntu

By combining these security practices with email alerts for SSH logins, you can proactively monitor and protect your Linux server from unauthorized access and potential security threats.

We hope this guide has helped you set up email alerts for SSH logins on your Linux server. If you have any questions, comments, or suggestions for improvement, please feel free to share your thoughts in the comments section below. Your feedback is invaluable to us, and it helps us create better and more informative content for our users.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *