Monitoring SSH logins to your Linux server is crucial for maintaining the security of your system. One way to stay informed about login activity is by setting up email alerts whenever someone logs in via SSH. In this step-by-step guide, we will show you how to configure your Linux server to send email notifications when an SSH login occurs.
Step 1: Install the mail utility
First, you need to install a mail utility that will allow your server to send emails. We’ll use “mailutils” for this purpose. To install mailutils on your Ubuntu or Debian-based system, run the following command:
sudo apt-get update sudo apt-get install -y mailutils
On CentOS, RHEL, or Fedora-based systems, use the following command:
sudo yum install -y mailx
Step 2: Configure the email script
Next, create a script that will send an email notification with the SSH login details. Create a new file called “ssh_login_notify.sh” in the “/usr/local/bin” directory:
sudo nano /usr/local/bin/ssh_login_notify.sh
Add the following lines to the script:
#!/bin/bash
# Change this to your email address
recipient="your-email@example.com"
subject="SSH Login Alert"
message="SSH login detected on $(hostname) at $(date) by user $(whoami) from $(echo $SSH_CONNECTION | awk '{print $1}')"
echo "$message" | mail -s "$subject" "$recipient"
Replace “your-email@example.com” with your email address. Save and exit the editor.
Make the script executable:
sudo chmod +x /usr/local/bin/ssh_login_notify.sh
Step 3: Configure SSH to run the script on login
Edit the SSH configuration file “/etc/ssh/sshd_config” to run the email script whenever someone logs in:
sudo nano /etc/ssh/sshd_config
Add the following line at the end of the file:
ForceCommand /usr/local/bin/ssh_login_notify.sh; $SSH_ORIGINAL_COMMAND
Save and exit the editor.
Restart the SSH service to apply the changes:
sudo systemctl restart sshd
Now, you will receive an email notification whenever someone logs in to your server via SSH.
Commands Mentioned:
- apt-get update – Update package repositories
- apt-get install – Install specified packages and their dependencies
- yum install – Install specified packages and their dependencies (CentOS/RHEL/Fedora)
- nano – Open the specified file in the nano text editor
- chmod – Change the permissions of a file
- systemctl restart – Restart a system service
Conclusion
In this guide, we’ve shown you how to set up email alerts for SSH logins on your Linux server. By configuring your server to send notifications, you can stay informed about SSH login activity and take appropriate action if you notice any unauthorized access.
Please note that while this method is useful for monitoring login activity, it’s crucial to maintain the overall security of your server by keeping your system up-to-date, using strong passwords, enabling key-based authentication, and setting up firewalls. Additionally, you can implement other security measures, such as using intrusion detection systems (IDS) and intrusion prevention systems (IPS), configuring two-factor authentication (2FA) for SSH logins, and regularly auditing your server’s security settings.
By combining these security practices with email alerts for SSH logins, you can proactively monitor and protect your Linux server from unauthorized access and potential security threats.
We hope this guide has helped you set up email alerts for SSH logins on your Linux server. If you have any questions, comments, or suggestions for improvement, please feel free to share your thoughts in the comments section below. Your feedback is invaluable to us, and it helps us create better and more informative content for our users.
