Re: [sshd] send a mail when a event login occur ?



hmurray@xxxxxxxxxxxxxxx (Hal Murray) (06-09-25 19:24:20):

Is there a way to configure the "sshd.conf" to send a
notification's mail when endeavor to login occur ?

Not AFAIK - but writing a PAM module wouldn't be too taxing.

You could also you a cron job to check the log file.

In any case, make sure you don't get mailbombed when the bad guys try
guessing passwords.

The actual problem with this "mail bombing" is that you would reveal all
user names by this method, unless you send signed/encrypted mails. If
you need to see that remotely, then you're better of tail-ing the log
file for your SSHd over an own SSH session, e.g.:

# tail -f /var/log/auth.log

However, somebody may still look over your shoulders in that case.


Regards,
E.S.
.