Linux Sshd Notification

For security reasons, I created a script to notify me when someone(ME) access my server.

I created slack notification script, I will not explain about how to create slackbot here. You can have a good time to configuring slack bot.


Append follow line to /etc/pam.d/sshd

session required /etc/pam.scripts/


Create /etc/pam.scripts/ file. and make the file executable chmod +x /etc/pam.scripts/



# Slack bot BOT_NAME's token

PAYLOAD=$(echo "
    \"channel\": \"$SLACK_CHANNEL\",
    \"text\": \"${PAM_USER} is trying to access ssh on ${HOSTNAME}\n
A SSH login was successful, so here are some information for security:\n
User:        $PAM_USER\n
User IP Host: $PAM_RHOST\n
Service:     $PAM_SERVICE\n
TTY:         $PAM_TTY\n
Date:        `date`\n
Server:      `uname -a`\"
" | tr '\n' ' ')

if [ "x${PAM_TYPE}" = "xopen_session" ]; then
	curl -H "Content-Type: application/json" -H "Authorization: Bearer ${SLACK_TOKEN}" -X POST $SLACK_URL -d"$PAYLOAD"

exit 0