I am using Ntfy for my SSH alert and watchtower update. It is pretty cool to have this feature, so I can know who is accessing my server without my authorization. And know my docker needs to be updated as well.

SSH Alert Example

Command this to open code,

nano /etc/pam.d/sshd

Please add this code to the bottom of the page.

session optional pam_exec.so /usr/local/bin/ntfy-ssh-login.sh

You should create a script file called /usr/local/bin/ntfy-ssh-login.sh

nano /usr/local/bin/ntfy-ssh-login.sh

Here code, make sure you change the server URL and username and password for nginx auth.

#!/bin/bash
# This is a PAM script hook that shows how to notify you when
# somebody logs into your server. Place at /usr/local/bin/ntfy-ssh-login.sh (with chmod +x!).

TOPIC_URL=yourntfydomain
NGINXUSER=yourusername
NGINXPASSWORD=yourpassword

if [ "${PAM_TYPE}" = "open_session" ]; then
  curl -u ${NGINXUSER}:${NGINXPASSWORD} -H tags:warning -H prio:high -d "SSH login to $(hostname): ${PAM_USER} from ${PAM_RHOST}" "${TOPIC_URL}"
fi

Then Now you save Ctrl +x then yes

Make sure you have chmod permissions. Here is the command.

chmod +x /usr/local/bin/ntfy-ssh-login.sh

Go try logging into another terminal and see if it notifications you, then try logging in again and see if it notifications you. :)

It works well. It shows the username and IP address, so the IT team can protect the account if they don't have permission to access our server.