email a notice for each ssh login

This is a bash script that emails details ( user , tty , remote IP address , date and time ) of every successful SSH login when used as sshrc.

The script

#!/bin/bash
#g0 2013
#send an email with details of each ssh login
#http://alog.ipduh.com/2013/07/email-notice-for-each-ssh-login.html

###
#set MAILTO to the email address(es) receiving the SSH LOGIN notices
MAILTO="root@localhost"
#MAILTO="system-watch@example.net,systems@example.org"
###

DATE=`date`
EPOCH=`date +%s`
EPOCH_URI="http://ipduh.com/epoch/?${EPOCH}"
HOSTNAME=`hostname`

if [ -z "$SSH_CONNECTION" ] ; then
   IP=`echo $SSH_CLIENT |cut -f1 -d' '`
else
   IP=`echo $SSH_CONNECTION |cut -f1 -d' '`
fi

IP_URI="http://ipduh.com/apropos/?${IP}"
LOGIN='no_login'

if [ -z "$SSH_TTY" ] ; then
   LOGIN="Connect by $USER"
else
   LOGIN="Login by $USER on $SSH_TTY"
fi

mail -s "SSH LOGIN on ${HOSTNAME} from ${IP}" ${MAILTO} <<END
   ${LOGIN} 
   from ${IP} ( ${IP_URI} ) 
   at ${DATE} ( ${EPOCH_URI} ) 
END

#if X11 forwarding is in use --man sshd
if read proto cookie && [ -n "$DISPLAY" ]; then
   if [ `echo $DISPLAY |cut -c1-10` = 'localhost:' ]; then
          # X11UseLocalhost=yes
          echo add unix:`echo $DISPLAY |cut -c11-` $proto $cookie
   else
          # X11UseLocalhost=no
          echo add $DISPLAY $proto $cookie
   fi | xauth -q -
fi

        




     

To install

# wget kod.ipduh.com/lib/sshrc_email_notices
# mv sshrc_email_notices /etc/ssh/sshrc

Set MAILTO to the email address receiving the SSH LOGIN notifications

A user using ~/.ssh/rc may be able to avoid /etc/ssh/sshrc. However, the root can be the only one with write permission on the a user 's ~/.ssh/rc and ~/.ssh/rc may be

/bin/bash /etc/ssh/sshrc

URL:http://alog.ipduh.com/2013/07/email-notice-for-each-ssh-login.html