- 41 Views
- 20/08/2024
How sending Telegram Notifications When a User SSHs into the Server Linux
To send Telegram notifications when a user logs in via SSH to a Linux server, you can create a script that monitors SSH logins and sends a message to your Telegram bot. Here's a step-by-step guide to achieving this:
Step 1: Create a Telegram Bot and Get API Token
1. **Create a Telegram Bot**:
- Open the Telegram app and search for **BotFather**.
- Type `/newbot` and follow the instructions to create a bot.
- Once the bot is created, you will receive an **API token** in the format `123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11`.
2. **Get Your Chat ID**:
- Send any message to your bot.
- Open the following URL in your browser: `https://api.telegram.org/bot<API_TOKEN>/getUpdates` (replace `<API_TOKEN>` with your actual bot token).
- You will see a JSON response containing your `chat_id`.
Step 2: Create a Bash Script to Send Notifications
Create a bash script that sends a message to Telegram whenever a user logs in via SSH.
#!/bin/bash
# Telegram Bot API details
API_TOKEN="YOUR_BOT_API_TOKEN"
CHAT_ID="YOUR_CHAT_ID"
# Get the username and IP address of the SSH user
USER_NAME=$(whoami)
CLIENT_IP_ADDRESS=$(echo $SSH_CONNECTION | awk '{print $1}')
# Get the server's IP address
SERVER_IP_ADDRESS=$(hostname -I | awk '{print $1}')
# Notification message
MESSAGE="User $USER_NAME has logged in to the server with IP $SERVER_IP_ADDRESS from client IP $CLIENT_IP_ADDRESS"
# Send the message to Telegram
curl -s -X POST "https://api.telegram.org/bot$API_TOKEN/sendMessage" \
-d chat_id="$CHAT_ID" \
-d text="$MESSAGE"
Replace `YOUR_BOT_API_TOKEN` and `YOUR_CHAT_ID` with your actual bot token and chat ID.
Step 3: Automate Script Execution Upon SSH Login
To make the script execute whenever someone logs in via SSH, you can use **PAM (Pluggable Authentication Modules)** or add it to your shell initialization files.
Option 1: Using PAM
1. Open the PAM SSH configuration file:
2. Add the following line to execute your script upon login:
3. Make the script executable:
4. Restart the SSH service to apply the changes:
Option 2: Using `.bashrc` or `.bash_profile`
1. Add the script to the user's `~/.bashrc` or `~/.bash_profile` to run the script each time the user logs in:
2. Append the following line to the file:
3. Save and exit the editor.
Step 4: Testing
After setting up the script, you can test it by logging in via SSH to your server. You should receive a Telegram notification with the login details, including the username, server IP, and client IP address.
Optional: Prevent Multiple Alerts
If you encounter multiple notifications (e.g., when opening multiple shells), you can implement a locking mechanism using a lock file:
#!/bin/bash
LOCK_FILE="/tmp/ssh_alert_$USER.lock"
if [ -f "$LOCK_FILE" ]; then
exit 0
fi
touch "$LOCK_FILE"
# Telegram Bot API details
API_TOKEN="YOUR_BOT_API_TOKEN"
CHAT_ID="YOUR_CHAT_ID"
USER_NAME=$(whoami)
CLIENT_IP_ADDRESS=$(echo $SSH_CONNECTION | awk '{print $1}')
SERVER_IP_ADDRESS=$(hostname -I | awk '{print $1}')
MESSAGE="User $USER_NAME has logged in to the server with IP $SERVER_IP_ADDRESS from client IP $CLIENT_IP_ADDRESS"
curl -s -X POST "https://api.telegram.org/bot$API_TOKEN/sendMessage" \
-d chat_id="$CHAT_ID" \
-d text="$MESSAGE"
rm -f "$LOCK_FILE"
Conclusion
Following these steps, you can set up a system to automatically send Telegram notifications every time someone logs into your server via SSH. This is a useful security measure to monitor access to your Linux server in real-time.