Email notification when someone logs in via SSH
Written by @mikho, 3 May 2021
Article was migrated from WordPress to Vanilla in March 2022
Even if it is too late when someone else logs in as root on your server, it is good to know that NOW is the time to get working on your security.
To setup email notification, login to your server as root.
Edit .bashrc
editor .bashrc
add the following line at the end, changing “ServerName” to the hostname of your server and “[email protected]” to your own email address.
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" [email protected]
!NOTE! - Take notice of the ` in the code block. Sometimes when copying code from a webpage, these small characters will mess up when pasted.
Save and exit your .bashrc.
Next time someone, hopefully you, logs on as root, you will get an email about this.
This can be done for any user, you only have to make sure that the user can email out from your server.
Quick Tip: Use the guide here to install and configure a Low Resource SMTP Server.