How to sending Telegram Notifications When a User SSH into the Server Linux

45 Views
20/08/2024

How to sending Telegram Notifications When a User SSH into the Server Linux

Learn how to set up real-time Telegram notifications for SSH logins on your Linux server using PAM and Bash scripts. Improve your VPS security instantly.

Step 1: Create a Telegram Bot and Get API Token

1. Create a Telegram Bot:
   - Open the Telegram app and search for BotFather.
   - Type `/newbot` and follow the instructions to create a bot.
   - Once the bot is created, you will receive an API token in the format `123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11`.

2. Get Your Chat ID:
   - Send any message to your bot.
   - Open the following URL in your browser: `https://api.telegram.org/bot/getUpdates` (replace `` with your actual bot token).
   - You will see a JSON response containing your `chat_id`.

Step 2: Create a Bash Script to Send Notifications

Create a bash script that sends a message to Telegram whenever a user logs in via SSH.

#!/bin/bash

# Telegram Bot API details
API_TOKEN="YOUR_BOT_API_TOKEN"
CHAT_ID="YOUR_CHAT_ID"

# Get the username and IP address of the SSH user
USER_NAME=$(whoami)
CLIENT_IP_ADDRESS=$(echo $SSH_CONNECTION | awk '{print $1}')

# Get the server's IP address
SERVER_IP_ADDRESS=$(hostname -I | awk '{print $1}')

# Notification message
MESSAGE="User $USER_NAME has logged in to the server with IP $SERVER_IP_ADDRESS from client IP $CLIENT_IP_ADDRESS"

# Send the message to Telegram
curl -s -X POST "https://api.telegram.org/bot$API_TOKEN/sendMessage" \
-d chat_id="$CHAT_ID" \
-d text="$MESSAGE"

Replace `YOUR_BOT_API_TOKEN` and `YOUR_CHAT_ID` with your actual bot token and chat ID.

Step 3: Automate Script Execution Upon SSH Login

To make the script execute whenever someone logs in via SSH, you can use PAM (Pluggable Authentication Modules) or add it to your shell initialization files.

Option 1: Using PAM

1. Open the PAM SSH configuration file:

sudo nano /etc/pam.d/sshd

2. Add the following line to execute your script upon login:

session optional pam_exec.so /path/to/your/script.sh

3. Make the script executable:

sudo chmod +x /path/to/your/script.sh

4. Restart the SSH service to apply the changes:

sudo systemctl restart sshd

Option 2: Using .bashrc or .bash_profile

1. Add the script to the user's `~/.bashrc` or `~/.bash_profile` to run the script each time the user logs in:

nano ~/.bashrc

2. Append the following line to the file:

/path/to/your/script.sh

3. Save and exit the editor.

Step 4: Testing

After setting up the script, you can test it by logging in via SSH to your server. You should receive a Telegram notification with the login details, including the username, server IP, and client IP address.

Optional: Prevent Multiple Alerts

If you encounter multiple notifications (e.g., when opening multiple shells), you can implement a locking mechanism using a lock file:

#!/bin/bash

LOCK_FILE="/tmp/ssh_alert_$USER.lock"

if [ -f "$LOCK_FILE" ]; then
exit 0
fi

touch "$LOCK_FILE"

# Telegram Bot API details
API_TOKEN="YOUR_BOT_API_TOKEN"
CHAT_ID="YOUR_CHAT_ID"

USER_NAME=$(whoami)
CLIENT_IP_ADDRESS=$(echo $SSH_CONNECTION | awk '{print $1}')
SERVER_IP_ADDRESS=$(hostname -I | awk '{print $1}')

MESSAGE="User $USER_NAME has logged in to the server with IP $SERVER_IP_ADDRESS from client IP $CLIENT_IP_ADDRESS"

curl -s -X POST "https://api.telegram.org/bot$API_TOKEN/sendMessage" \
-d chat_id="$CHAT_ID" \
-d text="$MESSAGE"

rm -f "$LOCK_FILE"

Conclusion

Following these steps, you can set up a system to automatically send Telegram notifications every time someone logs into your server via SSH. This is a useful security measure to monitor access to your Linux server in real-time.

Thanks for visit my website