I am using Ntfy for my SSH alert and watchtower update. It is pretty cool to have this feature, so I can know who is accessing my server without my authorization. And know my docker needs to be updated as well.
SSH Alert Example
Command this to open code,
nano /etc/pam.d/sshdPlease add this code to the bottom of the page.
session optional pam_exec.so /usr/local/bin/ntfy-ssh-login.sh
You should create a script file called /usr/local/bin/ntfy-ssh-login.sh
nano /usr/local/bin/ntfy-ssh-login.sh
Here code, make sure you change the server URL and username and password for nginx auth.
#!/bin/bash
# This is a PAM script hook that shows how to notify you when
# somebody logs into your server. Place at /usr/local/bin/ntfy-ssh-login.sh (with chmod +x!).
TOPIC_URL=yourntfydomain
NGINXUSER=yourusername
NGINXPASSWORD=yourpassword
if [ "${PAM_TYPE}" = "open_session" ]; then
curl -u ${NGINXUSER}:${NGINXPASSWORD} -H tags:warning -H prio:high -d "SSH login to $(hostname): ${PAM_USER} from ${PAM_RHOST}" "${TOPIC_URL}"
fiThen Now you save Ctrl +x then yes
Make sure you have chmod permissions. Here is the command.
chmod +x /usr/local/bin/ntfy-ssh-login.sh
Go try logging into another terminal and see if it notifications you, then try logging in again and see if it notifications you. 🙂
It works well. It shows the username and IP address, so the IT team can protect the account if they don’t have permission to access our server.
Leave a Reply