Send a message on each SSH login
by clee | 2026-06-15 00:59 | linux, pam, post, ssh
First post on my new blog series
In this first post on my new blog series I am sharing a tiny security "trick" I use on my home servers: a little script that automatically fires off a ntfy message every time someone logs in via SSH. I run my own ntfy server, but feel free to swap it out for whatever messaging method you prefer. Setting up a ntfy server itself isn't covered here.
Maybe it's not the smartest idea to share this here, but anyway, here is how it works:
Feel free to use whatever editor you prefer!
- Create the following file as 'root':
sudo vi /usr/bin/ntfy-ssh-login.sh
- Add the following lines:
#!/bin/bash readonly SERVER="https://ntfy.example.com/alarm" readonly BEARER="Authorization: Bearer xxxxxxx" readonly HOSTNAME="`hostname`" readonly TITLE="X-Title: SSH-Login on ${HOSTNAME}" if [ "${PAM_TYPE}" = "open_session" ]; then curl \ -H "${BEARER}" \ -H "${TITLE}" \ -H prio:high \ -H tags:warning \ -d "SSH login: ${PAM_USER} from ${PAM_RHOST} on ${HOSTNAME}" \ "$SERVER" fi
'curl' needs to be installed to send messages to your ntfy server.
- Change the permissions of the file as 'root':
sudo chmod 750 /usr/bin/ntfy-ssh-login.sh
- Edit the following file as 'root':
sudo vi /etc/pam.d/sshd
- Add the following lines at the end of the file:
session optional pam_exec.so /usr/bin/ntfy-ssh-login.sh
- Reload the pam configuration as 'root':
sudo pam-auth-update --force --package
And that's it! You're all set to get notified on every SSH login. There are probably more secure ways out there, but it's a nifty first alert if someone enters your systems.